JCE: fix deserialization bugs in WolfCryptPBEKey and WolfCryptRandom, remove unused field, make inner class static

Author: cconlon

src/main/java/com/wolfssl/provider/jce/WolfCryptDhParameterGenerator.java

@@ -51,21 +51,40 @@ public class WolfCryptDhParameterGenerator
     /* Exponent size in bits, 0 means not specified */
     private int exponentSize = 0;
 
-    /* SecureRandom for parameter generation */
-    private SecureRandom random = null;
 
     /**
      * Create new WolfCryptDhParameterGenerator object
      */
     public WolfCryptDhParameterGenerator() {
     }
 
+    /**
+     * Initialize with desired prime size.
+     *
+     * The SecureRandom parameter is intentionally ignored;
+     * wolfCrypt uses its own internal RNG for DH parameter
+     * generation to ensure FIPS-compliant randomness.
+     *
+     * @param size desired prime size in bits
+     * @param random caller-supplied randomness (ignored)
+     */
     @Override
     protected void engineInit(int size, SecureRandom random) {
         this.size = size;
-        this.random = random;
     }
 
+    /**
+     * Initialize from a DHGenParameterSpec.
+     *
+     * The SecureRandom parameter is intentionally ignored;
+     * wolfCrypt uses its own internal RNG for DH parameter
+     * generation to ensure FIPS-compliant randomness.
+     *
+     * @param genParamSpec DH generation parameters
+     * @param random caller-supplied randomness (ignored)
+     * @throws InvalidAlgorithmParameterException if
+     *         genParamSpec is null or not a DHGenParameterSpec
+     */
     @Override
     protected void engineInit(AlgorithmParameterSpec genParamSpec,
         SecureRandom random) throws InvalidAlgorithmParameterException {
@@ -84,7 +103,6 @@ protected void engineInit(AlgorithmParameterSpec genParamSpec,
         DHGenParameterSpec dhGenSpec = (DHGenParameterSpec)genParamSpec;
         this.size = dhGenSpec.getPrimeSize();
         this.exponentSize = dhGenSpec.getExponentSize();
-        this.random = random;
     }
 
     @Override

src/main/java/com/wolfssl/provider/jce/WolfCryptPBEKey.java

@@ -21,6 +21,8 @@
 
 package com.wolfssl.provider.jce;
 
+import java.io.IOException;
+import java.io.ObjectInputStream;
 import java.util.Arrays;
 import java.security.spec.InvalidKeySpecException;
 import javax.crypto.interfaces.PBEKey;
@@ -51,7 +53,7 @@ public class WolfCryptPBEKey implements PBEKey {
     private boolean destroyed = false;
 
     /** Lock around use of destroyed boolean */
-    private transient final Object destroyedLock = new Object();
+    private transient Object destroyedLock = new Object();
 
     /**
      * Create new WolfCryptPBEKey object.
@@ -284,5 +286,20 @@ public synchronized boolean equals(Object obj) {
             return true;
         }
     }
+
+    /**
+     * Restore transient fields on deserialization.
+     *
+     * @param in ObjectInputStream to read from
+     *
+     * @throws IOException on error reading stream
+     * @throws ClassNotFoundException if class not found
+     */
+    private void readObject(ObjectInputStream in)
+        throws IOException, ClassNotFoundException {
+
+        in.defaultReadObject();
+        this.destroyedLock = new Object();
+    }
 }
 

src/main/java/com/wolfssl/provider/jce/WolfCryptRandom.java

@@ -158,7 +158,7 @@ private synchronized void writeObject(ObjectOutputStream out)
      * @throws IOException on error reading from ObjectInputStream
      * @throws ClassNotFoundException if object class not found
      */
-    private synchronized void readObject(ObjectInputStream in)
+    private void readObject(ObjectInputStream in)
         throws IOException, ClassNotFoundException {
 
         in.defaultReadObject();