Remove synchronization on some WolfSSLKeyStore (WKS) methods#165
Merged
rlm2002 merged 2 commits intowolfSSL:masterfrom Nov 10, 2025
Merged
Remove synchronization on some WolfSSLKeyStore (WKS) methods#165rlm2002 merged 2 commits intowolfSSL:masterfrom
rlm2002 merged 2 commits intowolfSSL:masterfrom
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR removes the synchronized keyword from 10 read-only methods in the WolfSSLKeyStore class to improve concurrency performance. Since the underlying entries field is a ConcurrentHashMap, these methods can safely be accessed concurrently without explicit synchronization.
- Removed
synchronizedfrom all getter methods that only read from theConcurrentHashMap - Methods that modify state remain synchronized to ensure proper coordination of writes
- Enables better concurrent read performance for multi-threaded applications
Comments suppressed due to low confidence (1)
src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java:1282
- The removal of
synchronizedfromengineGetCertificateAliaslacks test coverage for concurrent access patterns. The existing threaded test (testStoreToByteArrayThreaded) creates separate KeyStore instances per thread, so it doesn't verify behavior when multiple threads simultaneously read from and write to the same KeyStore instance. Consider adding a test that verifiesengineGetCertificateAliasreturns correct results when called concurrently withengineSetKeyEntryorengineSetCertificateEntryon the same KeyStore instance.
public String engineGetCertificateAlias(Certificate cert) {
Certificate tmp = null;
if (cert == null) {
return null;
}
for (Map.Entry<String, Object> entry : entries.entrySet()) {
if (entry.getValue() instanceof WKSCertificate) {
tmp = ((WKSCertificate)entry.getValue()).cert;
}
else if ((entry.getValue() instanceof WKSPrivateKey) &&
(((WKSPrivateKey)entry.getValue()).chain != null)) {
tmp = ((WKSPrivateKey)entry.getValue()).chain[0];
}
if ((tmp != null) && tmp.equals(cert)) {
return entry.getKey();
}
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
cconlon
force-pushed
the
wksSynchronization
branch
from
fc4b643 to
589cf30
Compare
rlm2002
approved these changes
Nov 10, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR removes
synchronizedfrom some of theWolfSSLKeyStoremethods that do not need the full method to be synchronized.ConcurrentHashMapis already used internally to store entries, which is thread safe.Write/set methods maintain synchronization, and
SecureRandomis already protected byrandLock.One JUnit test is added here, to test concurrent access to
engineGetCertificateAlias().ZD 20754