Fenrir fixes

[cconlon]

Fixes 16 issues identified by Fenrir:

• Fix JNI type mismatch where unsigned int was cast to (jlong*) for SetLongArrayRegion
• Add missing return statements after throwWolfSSLJNIException calls
• Fix missing wc_FreeRsaKey in doVerify/doDec, missing wc_FreeRng in doSign/doEnc, missing wc_ecc_free/wc_FreeRng in ECC doVerify/doSign
• Add bounds check for offset/length in native byte array read/write
• Add FD_SETSIZE bounds check in socketSelect before FD_SET calls
• Fix 21 ThrowNew calls across 4 files that passed jcl (declaring class) instead of a Throwable exception class
• Fix null jstring use in CertManagerLoadCA when Java passes null for certFile or certPath
• Fix SHA224 typo in signature type strings (SHA244 -> SHA224)
• Remove static qualifier from g_cachedSSLObj in 18 native callbacks
• Zeroize private key byte arrays after use in loadKeyAndCertChain
• Reset pollRx/pollTx flags at start of each I/O loop iteration to prevent stale state
• Add null guards for ReleaseStringUTFChars on mdName in X509 sign functions
• Add null check for fieldStr/entryArr in X509_NAME_add_entry_by_txt

[Copilot]

Pull request overview

Addresses multiple Fenrir-reported issues across JNI and JSSE, focusing on correctness, resource cleanup, and safer parameter handling, and adds regression tests for key fixes.

Changes:

• Harden JNI parameter handling (null guards, bounds checks, FD_SETSIZE checks) and correct exception throwing patterns.
• Fix native resource management (freeing RNG/keys) and reset I/O polling flags to avoid stale state.
• Improve JSSE private key handling by zeroizing sensitive key material; add tests for read/write bounds and CertManagerLoadCA null path.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
src/test/com/wolfssl/test/WolfSSLSessionTest.java	Adds regression test for native byte[] read/write bounds validation.
src/test/com/wolfssl/test/WolfSSLCertManagerTest.java	Adds regression test for CertManagerLoadCA with null path.
src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java	Zeroizes private key byte arrays after loading into native SSL.
native/com_wolfssl_WolfSSLX509Name.c	Adds null guards for X509_NAME_add_entry_by_txt inputs.
native/com_wolfssl_WolfSSLSession.c	Adds missing returns after exceptions, FD_SETSIZE checks, resets poll flags, and byte[] bounds checks; fixes ThrowNew misuse.
native/com_wolfssl_WolfSSLContext.c	Fixes JNI type mismatch for SetLongArrayRegion; removes static cached session object pointer.
native/com_wolfssl_WolfSSLCertificate.c	Fixes ThrowNew misuse, adds null guards, corrects SHA224 signature strings.
native/com_wolfssl_WolfSSLCertRequest.c	Fixes ThrowNew misuse; guards ReleaseStringUTFChars with NULL.
native/com_wolfssl_WolfSSLCertManager.c	Handles null jstring parameters for CertManagerLoadCA.
native/com_wolfssl_WolfSSLCRL.c	Fixes ThrowNew misuse for CRL byte-array creation failures.
native/com_wolfssl_WolfCryptRSA.c	Ensures RNG is freed; avoids early returns that bypass cleanup.
native/com_wolfssl_WolfCryptECC.c	Ensures RNG is freed; avoids unsafe Set*ArrayRegion usage on error; fixes SetLongArrayRegion type usage.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.