Fenrir fixes

[JeremiahM37]

● Fixes F-1729, 1730, 1732, 1733, 1734, 1735, 1736, 1737, 1738, 1739, 1740, 1741, 1742, 1743,1744, 1745, 1746, 1747, 1750, 1752, 1753.

• Allocate missing jbyteArray in x509_getDer before SetByteArrayRegion
• Fix resizeCache putAll direction to preserve existing sessions
• Add bounds check for serial number copy against ASN1_INTEGER buffer capacity
• Fix JVM thread leak in session-level NativeSSLVerifyCallback
• Fix JVM thread leak in context-level NativeVerifyCallback
• Guard ReleaseByteArrayElements null in CRL set_lastUpdate and set_nextUpdate
• Guard ReleaseByteArrayElements null in CRL add_revoked serial
• Guard ReleaseByteArrayElements null in CRL add_revoked_cert
• Guard ReleaseByteArrayElements null in CertRequest add1_attr_by_NID
• Guard ReleaseByteArrayElements null in CertRequest X509_REQ_sign
• Guard ReleaseByteArrayElements null in CertRequest set_pubkey_native_open
• Guard ReleaseByteArrayElements null in X509 set_issuer_name_from_der
• Guard ReleaseByteArrayElements null in X509 set_pubkey_native_open and X509_sign
• Guard ReleaseByteArrayElements null in X509 set_serialNumber
• Guard ReleaseByteArrayElements null in X509 set_subject_key_id
• Guard ReleaseByteArrayElements null in X509 set_authority_key_id
• Guard ReleaseByteArrayElements null in X509 CRL_set_dist_points
• Guard ReleaseByteArrayElements null in X509 load_certificate_buffer
• Guard ReleaseByteArrayElements null in X509Name add_entry_by_txt
• Guard CertManagerLoadCABuffer null use before wolfSSL_CertManagerLoadCABuffer call

[Copilot]

Pull request overview

This PR addresses multiple robustness and correctness fixes in the wolfJSSE Java provider and its JNI wrappers, primarily around session cache handling and safer JNI resource/thread management.

Changes:

• Fix session cache resizing to preserve existing cached sessions.
• Harden multiple JNI entrypoints by guarding ReleaseByteArrayElements calls when GetByteArrayElements returns NULL.
• Fix JVM thread leaks in native verify callbacks by detaching threads that were temporarily attached, and add additional bounds/resource safety fixes (e.g., serial number buffer bounds, allocate output array before SetByteArrayRegion).

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java	Fixes resizeCache copy direction so existing sessions aren’t lost during resize.
native/com_wolfssl_WolfSSLX509Name.c	Adds NULL-guard for releasing byte array elements (but still needs NULL-guard for releasing string chars).
native/com_wolfssl_WolfSSLSession.c	Detaches JNI-attached threads in session-level verify callback to prevent thread leaks.
native/com_wolfssl_WolfSSLCRL.c	Adds NULL-guards before ReleaseByteArrayElements in several CRL-related JNI methods.
native/com_wolfssl_WolfSSLContext.c	Detaches JNI-attached threads in context-level verify callback to prevent thread leaks.
native/com_wolfssl_WolfSSLCertRequest.c	Adds NULL-guards before ReleaseByteArrayElements in several CSR JNI methods.
native/com_wolfssl_WolfSSLCertManager.c	Guards against NULL GetByteArrayElements result before calling wolfSSL_CertManagerLoadCABuffer.
native/com_wolfssl_WolfSSLCertificate.c	Adds bounds check for ASN1_INTEGER serial copy and NULL-guards for releasing byte arrays in multiple X509-related JNI methods.
native/com_wolfssl_WolfSSL.c	Allocates the output jbyteArray in x509_getDer before setting contents (but needs additional safety fixes).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[cconlon]

@JeremiahM37 Take a look over Copilot feedback above, and please rebase on master, thanks!

[JeremiahM37]

Added a unit test for testResizeCachePreservesEntries I forgot to commit.

[JeremiahM37]

Jenkins retest this please