8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.j…

…ava:93) Backport-of: 1603ca23422b03157afb2bd1050524465474b60e
openjdk · May 11, 2021 · 2486d30 · 2486d30 · openjdk-notifier · May 11, 2021
1 parent fb51322
commit 2486d30
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 5 deletions.
diff --git a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java
@@ -372,9 +372,11 @@ public void consume(ConnectionContext context,
                 SSLSessionImpl s = null;
 
                 for (PskIdentity requestedId : pskSpec.identities) {
-                    // If we are keeping state, see if the identity is in the cache
+                    // If we are keeping state, see if the identity is in the
+                    // cache. Note that for TLS 1.3, we would also clean
+                    // up the cached session if it is not rejoinable.
                     if (requestedId.identity.length == SessionId.MAX_LENGTH) {
-                        s = sessionCache.get(requestedId.identity);
+                        s = sessionCache.pull(requestedId.identity);
                     }
                     // See if the identity is a stateless ticket
                     if (s == null &&

diff --git a/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java
@@ -175,6 +175,15 @@ SSLSessionImpl get(byte[] id) {
         return (SSLSessionImpl)getSession(id);
     }
 
+    // package-private method, find and remove session from cache
+    // return found session
+    SSLSessionImpl pull(byte[] id) {
+        if (id != null) {
+            return sessionCache.pull(new SessionId(id));
+        }
+        return null;
+    }
+
     // package-private method, used ONLY by ClientHandshaker
     SSLSessionImpl get(String hostname, int port) {
         /*

diff --git a/src/java.base/share/classes/sun/security/ssl/ServerHello.java b/src/java.base/share/classes/sun/security/ssl/ServerHello.java
@@ -560,9 +560,6 @@ public byte[] produce(ConnectionContext context,
 
                 setUpPskKD(shc,
                         shc.resumingSession.consumePreSharedKey());
-
-                // The session can't be resumed again---remove it from cache
-                sessionCache.remove(shc.resumingSession.getSessionId());
             }
 
             // update the responders

diff --git a/src/java.base/share/classes/sun/security/util/Cache.java b/src/java.base/share/classes/sun/security/util/Cache.java
@@ -100,6 +100,11 @@ protected Cache() {
      */
     public abstract void remove(Object key);
 
+    /**
+     * Pull an entry from the cache.
+     */
+    public abstract V pull(Object key);
+
     /**
      * Set the maximum size.
      */
@@ -224,6 +229,10 @@ public void remove(Object key) {
         // empty
     }
 
+    public V pull(Object key) {
+        return null;
+    }
+
     public void setCapacity(int size) {
         // empty
     }
@@ -402,6 +411,26 @@ public synchronized void remove(Object key) {
         }
     }
 
+    public synchronized V pull(Object key) {
+        emptyQueue();
+        CacheEntry<K,V> entry = cacheMap.remove(key);
+        if (entry == null) {
+            return null;
+        }
+
+        long time = (lifetime == 0) ? 0 : System.currentTimeMillis();
+        if (entry.isValid(time)) {
+            V value = entry.getValue();
+            entry.invalidate();
+            return value;
+        } else {
+            if (DEBUG) {
+                System.out.println("Ignoring expired entry");
+            }
+            return null;
+        }
+    }
+
     public synchronized void setCapacity(int size) {
         expungeExpiredEntries();
         if (size > 0 && cacheMap.size() > size) {