RFR: 8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Tue Apr 27 16:16:36 UTC 2021
On Fri, 23 Apr 2021 20:51:19 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
> Hello All,
>
> Could you please review the fix for the JDK-8241248?
> The issue happens during the TLSv1.3 handshake without server stateless session resumption in case of server receives several parallel requests with the same pre_shared_key.
> The main idea of the fix is to remove resuming session from the session cache in the early stage.
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8241248
> Webrev: http://cr.openjdk.java.net/~abakhtin/8241248/webrev.v0/
>
> The test from the bug report using OpenSSL is passed ( -Djdk.tls.server.enableSessionTicketExtension=false )
> javax/net/ssl and sun/security/ssl jtreg tests passed
>
> Regards
> Alexey
src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java line 377:
> 375: // If we are keeping state, see if the identity is in the cache
> 376: if (requestedId.identity.length == SessionId.MAX_LENGTH) {
> 377: synchronized (sessionCache) {
Did you have a test if there is a performance regression by introducing the synchronization here?
-------------
PR: https://git.openjdk.java.net/jdk/pull/3664
More information about the security-dev
mailing list