Return correct value from SSLSession.getPacketSize() when using nativ…

bom/pom.xml

@@ -65,7 +65,7 @@
 
   <properties>
     <!-- Keep in sync with ../pom.xml -->
-    <tcnative.version>2.0.54.Final</tcnative.version>
+    <tcnative.version>2.0.55.Final</tcnative.version>
   </properties>
 
   <build>

handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java

@@ -2627,7 +2627,7 @@ public int getPeerPort() {
 
         @Override
         public int getPacketBufferSize() {
-            return maxEncryptedPacketLength();
+            return SSL.SSL_MAX_ENCRYPTED_LENGTH;
         }
 
         @Override

handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java

@@ -1677,6 +1677,9 @@ protected void handshake(BufferType type, boolean delegate, SSLEngine clientEngi
 
                 if (isHandshakeFinished(clientResult)) {
                     clientHandshakeFinished = true;
+                } else {
+                    clientAppReadBuffer = increaseAppReadBufferIfNeeded(
+                            clientEngine, clientResult, type, clientAppReadBuffer);
                 }
             } else {
                 assertEquals(0, sTOc.remaining());
@@ -1691,6 +1694,9 @@ protected void handshake(BufferType type, boolean delegate, SSLEngine clientEngi
 
                 if (isHandshakeFinished(serverResult)) {
                     serverHandshakeFinished = true;
+                } else {
+                    serverAppReadBuffer = increaseAppReadBufferIfNeeded(
+                            serverEngine, serverResult, type, serverAppReadBuffer);
                 }
             } else {
                 assertFalse(cTOs.hasRemaining());
@@ -1708,6 +1714,20 @@ protected void handshake(BufferType type, boolean delegate, SSLEngine clientEngi
                 cTOsHasRemaining || sTOcHasRemaining);
     }
 
+    private ByteBuffer increaseAppReadBufferIfNeeded(SSLEngine engine, SSLEngineResult result,
+                                                     BufferType type, ByteBuffer dstBuffer) {
+        if (result.getStatus() == Status.BUFFER_OVERFLOW) {
+            // We need to increase the destination buffer
+            int appSize = engine.getSession().getApplicationBufferSize();
+            assertNotEquals(appSize, dstBuffer.capacity());
+            dstBuffer.flip();
+            ByteBuffer tmpBuffer = allocateBuffer(type, appSize + dstBuffer.remaining());
+            tmpBuffer.put(dstBuffer);
+            return tmpBuffer;
+        }
+        return dstBuffer;
+    }
+
     private static boolean isHandshakeFinished(SSLEngineResult result) {
         return result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED;
     }
@@ -4243,6 +4263,40 @@ public void testInvalidSNIIsIgnoredAndNotThrow(SSLEngineTestParam param) throws
         }
     }
 
+    @MethodSource("newTestParams")
+    @ParameterizedTest
+    public void testBufferUnderflowPacketSizeDependency(SSLEngineTestParam param) throws Exception {
+        SelfSignedCertificate ssc = new SelfSignedCertificate();
+        clientSslCtx = wrapContext(param, SslContextBuilder.forClient()
+                .keyManager(ssc.certificate(), ssc.privateKey())
+                .trustManager((TrustManagerFactory) null)
+                .sslProvider(sslClientProvider())
+                .sslContextProvider(clientSslContextProvider())
+                .protocols(param.protocols())
+                .ciphers(param.ciphers())
+                .build());
+        serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+                .sslProvider(sslServerProvider())
+                .sslContextProvider(serverSslContextProvider())
+                .protocols(param.protocols())
+                .ciphers(param.ciphers())
+                .clientAuth(ClientAuth.REQUIRE)
+                .build());
+        SSLEngine clientEngine = null;
+        SSLEngine serverEngine = null;
+        try {
+            clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
+            serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
+
+            handshake(param.type(), param.delegate(), clientEngine, serverEngine);
+        } catch (SSLHandshakeException expected) {
+            // Expected
+        } finally {
+            cleanupClientSslEngine(clientEngine);
+            cleanupServerSslEngine(serverEngine);
+        }
+    }
+
     protected SSLEngine wrapEngine(SSLEngine engine) {
         return engine;
     }

pom.xml

@@ -598,7 +598,7 @@
     <os.detection.classifierWithLikes>fedora,suse,arch</os.detection.classifierWithLikes>
     <tcnative.artifactId>netty-tcnative</tcnative.artifactId>
     <!-- Keep in sync with bom/pom.xml -->
-    <tcnative.version>2.0.54.Final</tcnative.version>
+    <tcnative.version>2.0.55.Final</tcnative.version>
     <tcnative.classifier>${os.detected.classifier}</tcnative.classifier>
     <conscrypt.groupId>org.conscrypt</conscrypt.groupId>
     <conscrypt.artifactId>conscrypt-openjdk-uber</conscrypt.artifactId>