unwrap() header peek in SSLEngine to fix BUFFER_UNDERFLOW#352
unwrap() header peek in SSLEngine to fix BUFFER_UNDERFLOW#352cconlon merged 2 commits intowolfSSL:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR adjusts SSLEngine.unwrap() handshake behavior to better comply with the JSSE spec on BUFFER_UNDERFLOW, and updates a regression test to match the expected bytesConsumed() semantics.
Changes:
- Added a client-mode pre-check for partial TLS records during handshake to return
BUFFER_UNDERFLOWwithbytesConsumed() == 0. - Guarded post-handshake/close-status logic to avoid running when the handshake underflow pre-check triggers.
- Updated the handshake regression test to only fail when
BUFFER_UNDERFLOWis returned withbytesConsumed() > 0.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java | Adds client-side TLS record header pre-check to drive spec-compliant BUFFER_UNDERFLOW behavior during handshake. |
| src/test/com/wolfssl/provider/jsse/test/WolfSSLEngineTest.java | Adjusts regression test assertions to align with JSSE “no data consumed on underflow” requirement. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rlm2002
force-pushed
the
sunJSSE_ServerName
branch
2 times, most recently
from
e593e63 to
34e923d
Compare
|
retest this please Jenkins |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rlm2002
force-pushed
the
sunJSSE_ServerName
branch
2 times, most recently
from
0e2f0aa to
ed375eb
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rlm2002
changed the title
rlm2002
force-pushed
the
sunJSSE_ServerName
branch
2 times, most recently
from
1aecfdd to
fc57f89
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rlm2002
force-pushed
the
sunJSSE_ServerName
branch
3 times, most recently
from
71fa967 to
23072bc
Compare
skipping TLS record peek if continuing with the same TLS record. Update bufferUnderflow guards. move/add TLS record header constants to WolfSSL check header bytes for plausible record header before peeking for bufferUnderflow
…n additional continuation bytes testing add partial header unwrap test and oversized record test
rlm2002
force-pushed
the
sunJSSE_ServerName
branch
from
23072bc to
099a55a
Compare
Adds a pre-check in unwrap() that inspects the TLS record header before calling into wolfSSL, returning BUFFER_UNDERFLOW when the buffer holds a partial record.
Also adds on to the
testHandshakeUnwrapConsumedNotBufferUnderflowregression test.