RFR: 8350830: Values converted incorrectly when reading TLS session tickets

[Nibedita Jena]

Session resumption without server side state was added under [JDK-8211018](https://bugs.openjdk.org/browse/JDK-8211018).
While it is TLSv1.2 session resumption, the client hello message is being parsed in SSLSessionImpl for each extensions.

Customer has reported handshake failure and is reproducible locally with exception NegativeArraySizeExceptions when there is ServerNameIndication with size > 127.
According to RFC 3546, the host_name limit allowed is 255.
With a sample testcase when the host_name length is > 127, exception is thrown:
javax.net.ssl|DEBUG|71|Thread-1|2025-04-06 17:13:07.278 UTC|ClientHello.java:825|Negotiated protocol version: TLSv1.2
javax.net.ssl|WARNING|71|Thread-1|2025-04-06 17:13:07.281 UTC|SSLSocketImpl.java:1672|handling exception (
"throwable" : {
  java.lang.NegativeArraySizeException: -1
        at java.base/sun.security.ssl.SSLSessionImpl.<init>(SSLSessionImpl.java:399)
        at java.base/sun.security.ssl.SessionTicketExtension$T12CHSessionTicketConsumer.consume(SessionTicketExtension.java:468)

e.g.
int l = buf.get();
b = new byte[l];  <-------------------- NegativeArraySizeException thrown here when > 127

For TLSv1.3, its not an issue until length > 255.

According to RFC 5077, PSK identity length allowed is <0..2^16-1> and so its value conversion being taken care of under this change.
Master secret is allowed for 48 bytes - master_secret[48], shouldnt be an issue.

-------------

Commit messages:
 - 8350830: Values converted incorrectly when reading TLS session tickets

Changes: https://git.openjdk.org/jdk/pull/24535/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=24535&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8350830
  Stats: 398 lines in 3 files changed: 395 ins; 0 del; 3 mod
  Patch: https://git.openjdk.org/jdk/pull/24535.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/24535/head:pull/24535

PR: https://git.openjdk.org/jdk/pull/24535