Fix SSLEngine bug with multiple heap buffer inputs.

When the SSLEngine overload that accepts an array of ByteBuffers is
called with heap buffers for both the source and destination, those
heap buffers are converted to direct buffers for passing to JNI by way
of copying them to a single temporary direct buffer.  A bug in the
reading of the encrypted data out of BoringSSL resulted in the data
being placed at the wrong offset of the temporary buffer, meaning that
the output data was prefixed in the worst case by the plaintext.

Bug: 73251618
Test: cts -m CtsLibcoreTestCases -t
Change-Id: I9b1a167f9a5ccd36d6da5cd1a14a80fb3cc73a1f
(cherry picked from commit 4a85e8dc865973bb4d0f960b63f67a75f3f8229f)
diff --git a/common/src/main/java/org/conscrypt/ b/common/src/main/java/org/conscrypt/
index 6e1a929..f725e36 100644
--- a/common/src/main/java/org/conscrypt/
+++ b/common/src/main/java/org/conscrypt/
@@ -1228,7 +1228,7 @@
                 } else {
                     // The heap method will update the position on the dst buffer automatically.
-                    bytesRead = readEncryptedDataHeap(dst, pos, len);
+                    bytesRead = readEncryptedDataHeap(dst, len);
@@ -1242,7 +1242,7 @@
         return networkBio.readDirectByteBuffer(directByteBufferAddress(dst, pos), len);
-    private int readEncryptedDataHeap(ByteBuffer dst, int pos, int len) throws IOException {
+    private int readEncryptedDataHeap(ByteBuffer dst, int len) throws IOException {
         AllocatedBuffer allocatedBuffer = null;
         try {
             final ByteBuffer buffer;
@@ -1257,7 +1257,7 @@
             int bytesToRead = min(len, buffer.remaining());
-            int bytesRead = readEncryptedDataDirect(buffer, pos, bytesToRead);
+            int bytesRead = readEncryptedDataDirect(buffer, 0, bytesToRead);
             if (bytesRead > 0) {