Initial:

Fenced access to native references.
Updated DisposalDaemon
Updated README

Speculative fix on DefaultBufferedBlockCipher

Author: mwcw

README.md

@@ -228,10 +228,30 @@ a segfault.
 
 ### Properties
 
-| Property                               | Values                      | Description                                                                  |
-|----------------------------------------|-----------------------------|------------------------------------------------------------------------------|
-| org.bouncycastle.native.cpu_variant    | avx, vaes, vaesf or neon-le | Specify a variant to use  see "Selecting a specific variant" for warnings.   |
-| org.bouncycastle.packet_cipher_enabled | true or false               | False by default, enable or disable use of packet ciphers where appropriate. |
+| Property                                | Values                      | Description                                                                                          |
+|-----------------------------------------|-----------------------------|------------------------------------------------------------------------------------------------------|
+| org.bouncycastle.native.cpu_variant     | avx, vaes, vaesf or neon-le | Specify a variant to use  see "Selecting a specific variant" for warnings.                           |
+| org.bouncycastle.packet_cipher_enabled  | true or false               | False by default, enable or disable use of packet ciphers where appropriate.                         |
+| org.bouncycastle.native.cleanup_delay   | 1000ms / 1                  | Delays freeing of native allocations by the given time in milliseconds or seconds, the default is 0. |
+
+
+### Disposal Daemon / Freeing native allocations
+The library tacks classes and when they become available for garbage collection, and we free any underlying native allocations.
+
+Overly aggressive garbage collectors may signal that a class is available for collection while another thread is accessing
+that class. On busy multicore machines this may occur during the last call to that class causing use after free situation.
+
+To deal with this we have employed either the reachability fence, applicable on java 9 and above or synchronized blocks for
+java 8.
+
+If this proves to be unreliable users can also set a cleanup delay via the ```org.bouncycastle.native.cleanup_delay``` property.
+For example:
+
+```-Dorg.bouncycastle.native.cleanup_delay=10ms``` would set a delay of 10 milliseconds, and
+```-Dorg.bouncycastle.native.cleanup_delay=1``` would set a delay of 1 second.
+
+The default cleanup delay is zero and native allocations will be cleaned up immediately upon notification that the relevant
+class is available to GC.
 
 
 # Things to watch out for

core/build.gradle

@@ -6,8 +6,22 @@ plugins {
 
 jar.archiveBaseName = "bccore-lts$vm_range"
 
+
+sourceSets {
+    java9 {
+        java {
+            srcDirs = ['src/main/java9']
+        }
+    }
+}
+
+
 dependencies {
   testImplementation 'com.fasterxml.jackson.core:jackson-databind:2.13.3'
+
+    java9Implementation files([sourceSets.main.output.classesDirs]) {
+        builtBy compileJava
+    }
 }
 
 test {
@@ -68,6 +82,15 @@ artifacts {
 }
 
 
+compileJava9Java {
+    javaCompiler = javaToolchains.compilerFor {
+        languageVersion = JavaLanguageVersion.of(11)
+    }
+    options.release = 9
+    options.sourcepath = files(['src/main/java', 'src/main/java9'])
+}
+
+
 task cleanNative(type: Delete) {
     delete("$projectDir/src/main/resources/native/");
     delete("$projectDir/src/main/resources/META-INF/DRIVERS");

core/src/main/java/org/bouncycastle/crypto/DefaultBufferedBlockCipher.java

@@ -243,12 +243,12 @@ public int processBytes(
                 len -= gapLen;
             }
 
-            if (in == out && Arrays.segmentsOverlap(inOff, len, outOff, length))
-            {
-                in = new byte[len];
-                System.arraycopy(out, inOff, in, 0, len);
-                inOff = 0;
-            }
+//            if (in == out && Arrays.segmentsOverlap(inOff, len, outOff, length))
+//            {
+//                in = new byte[len];
+//                System.arraycopy(out, inOff, in, 0, len);
+//                inOff = 0;
+//            }
 
             // if bufOff non-zero buffer must now be full
             if (bufOff != 0)

core/src/main/java/org/bouncycastle/crypto/digests/SHA224NativeDigest.java

@@ -47,8 +47,11 @@ class SHA224NativeDigest
 
     SHA224NativeDigest restoreState(byte[] state, int offset)
     {
-        restoreFullState(nativeRef.getReference(), state, offset);
-        return this;
+        synchronized (this)
+        {
+            restoreFullState(nativeRef.getReference(), state, offset);
+            return this;
+        }
     }
 
     //
@@ -64,43 +67,60 @@ public String getAlgorithmName()
     @Override
     public int getDigestSize()
     {
-        return getDigestSize(nativeRef.getReference());
+        synchronized (this)
+        {
+            return getDigestSize(nativeRef.getReference());
+        }
     }
 
 
     @Override
     public void update(byte in)
     {
-
-        update(nativeRef.getReference(), in);
+        synchronized (this)
+        {
+            update(nativeRef.getReference(), in);
+        }
     }
 
 
     @Override
     public void update(byte[] input, int inOff, int len)
     {
-        update(nativeRef.getReference(), input, inOff, len);
+        synchronized (this)
+        {
+            update(nativeRef.getReference(), input, inOff, len);
+        }
     }
 
 
     @Override
     public int doFinal(byte[] output, int outOff)
     {
-        return doFinal(nativeRef.getReference(), output, outOff);
+        synchronized (this)
+        {
+            return doFinal(nativeRef.getReference(), output, outOff);
+        }
     }
 
 
     @Override
     public void reset()
     {
-        reset(nativeRef.getReference());
+        synchronized (this)
+        {
+            reset(nativeRef.getReference());
+        }
     }
 
 
     @Override
     public int getByteLength()
     {
-        return getByteLength(nativeRef.getReference());
+        synchronized (this)
+        {
+            return getByteLength(nativeRef.getReference());
+        }
     }
 
 
@@ -113,23 +133,32 @@ public Memoable copy()
     @Override
     public void reset(Memoable other)
     {
-        SHA224NativeDigest dig = (SHA224NativeDigest) other;
-        restoreFullState(nativeRef.getReference(), dig.getEncodedState(), 0);
+        synchronized (this)
+        {
+            SHA224NativeDigest dig = (SHA224NativeDigest) other;
+            restoreFullState(nativeRef.getReference(), dig.getEncodedState(), 0);
+        }
     }
 
 
     public byte[] getEncodedState()
     {
-        int l = encodeFullState(nativeRef.getReference(), null, 0);
-        byte[] state = new byte[l];
-        encodeFullState(nativeRef.getReference(), state, 0);
-        return state;
+        synchronized (this)
+        {
+            int l = encodeFullState(nativeRef.getReference(), null, 0);
+            byte[] state = new byte[l];
+            encodeFullState(nativeRef.getReference(), state, 0);
+            return state;
+        }
     }
 
 
     void restoreFullState(byte[] encoded, int offset)
     {
-        restoreFullState(nativeRef.getReference(), encoded, offset);
+        synchronized (this)
+        {
+            restoreFullState(nativeRef.getReference(), encoded, offset);
+        }
     }
 
 
@@ -187,7 +216,7 @@ private static class DigestRefWrapper
 
         public DigestRefWrapper(long reference)
         {
-            super(reference,"SHA224");
+            super(reference, "SHA224");
         }
 
         @Override

core/src/main/java/org/bouncycastle/crypto/digests/SHA256NativeDigest.java

@@ -16,7 +16,7 @@ class SHA256NativeDigest
 {
     private final CryptoServicePurpose purpose;
 
-    protected DigestRefWrapper nativeRef = null;
+    private DigestRefWrapper nativeRef = null;
 
     SHA256NativeDigest(CryptoServicePurpose purpose)
     {
@@ -47,8 +47,11 @@ class SHA256NativeDigest
 
     SHA256NativeDigest restoreState(byte[] state, int offset)
     {
-        restoreFullState(nativeRef.getReference(), state, offset);
-        return this;
+        synchronized (this)
+        {
+            restoreFullState(nativeRef.getReference(), state, offset);
+            return this;
+        }
     }
 
     //
@@ -64,78 +67,104 @@ public String getAlgorithmName()
     @Override
     public int getDigestSize()
     {
-        return getDigestSize(nativeRef.getReference());
+        synchronized (this)
+        {
+            return getDigestSize(nativeRef.getReference());
+        }
     }
 
 
     @Override
     public void update(byte in)
     {
-
-        update(nativeRef.getReference(), in);
+        synchronized (this)
+        {
+            update(nativeRef.getReference(), in);
+        }
     }
 
 
     @Override
     public void update(byte[] input, int inOff, int len)
     {
-        update(nativeRef.getReference(), input, inOff, len);
+        synchronized (this)
+        {
+            update(nativeRef.getReference(), input, inOff, len);
+        }
     }
 
 
     @Override
     public int doFinal(byte[] output, int outOff)
     {
-        return doFinal(nativeRef.getReference(), output, outOff);
+        synchronized (this)
+        {
+            return doFinal(nativeRef.getReference(), output, outOff);
+        }
     }
 
 
     @Override
     public void reset()
     {
-        reset(nativeRef.getReference());
+        synchronized (this)
+        {
+            reset(nativeRef.getReference());
+        }
     }
 
 
     @Override
     public int getByteLength()
     {
-        return getByteLength(nativeRef.getReference());
+        synchronized (this)
+        {
+            return getByteLength(nativeRef.getReference());
+        }
     }
 
 
     @Override
     public Memoable copy()
     {
-        return new SHA256NativeDigest(this);
+        synchronized (this)
+        {
+            return new SHA256NativeDigest(this);
+        }
     }
 
     @Override
     public void reset(Memoable other)
     {
-        SHA256NativeDigest dig = (SHA256NativeDigest) other;
-        restoreFullState(nativeRef.getReference(), dig.getEncodedState(), 0);
+        synchronized (this)
+        {
+            SHA256NativeDigest dig = (SHA256NativeDigest) other;
+            restoreFullState(nativeRef.getReference(), dig.getEncodedState(), 0);
+        }
     }
 
 
     public byte[] getEncodedState()
     {
-        int l = encodeFullState(nativeRef.getReference(), null, 0);
-        byte[] state = new byte[l];
-        encodeFullState(nativeRef.getReference(), state, 0);
-        return state;
+        synchronized (this)
+        {
+            int l = encodeFullState(nativeRef.getReference(), null, 0);
+            byte[] state = new byte[l];
+            encodeFullState(nativeRef.getReference(), state, 0);
+            return state;
+        }
     }
 
 
-
-
     void restoreFullState(byte[] encoded, int offset)
     {
-        restoreFullState(nativeRef.getReference(), encoded, offset);
+        synchronized (this)
+        {
+            restoreFullState(nativeRef.getReference(), encoded, offset);
+        }
     }
 
 
-
     @Override
     public String toString()
     {
@@ -190,7 +219,7 @@ private static class DigestRefWrapper
 
         public DigestRefWrapper(long reference)
         {
-            super(reference,"SHA256");
+            super(reference, "SHA256");
         }
 
         @Override