RFR: 8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93) [v2]

Alexey Bakhtin abakhtin at openjdk.java.net
Fri Apr 30 16:04:24 UTC 2021

> Hello All,
> Could you please review the fix for the JDK-8241248?
> The issue happens during the TLSv1.3 handshake without server stateless session resumption in case of server receives several parallel requests with the same pre_shared_key.
> The main idea of the fix is to remove resuming session from the session cache in the early stage.
> JBS: https://bugs.openjdk.java.net/browse/JDK-8241248
> Webrev 8u: http://cr.openjdk.java.net/~abakhtin/8241248/webrev.v0/
> The test from the bug report using OpenSSL is passed ( -Djdk.tls.server.enableSessionTicketExtension=false )
> javax/net/ssl and sun/security/ssl jtreg tests passed
> Regards
> Alexey

Alexey Bakhtin has updated the pull request incrementally with one additional commit since the last revision:

  Use ReentrantLock for session cache synchronization


  - all: https://git.openjdk.java.net/jdk/pull/3664/files
  - new: https://git.openjdk.java.net/jdk/pull/3664/files/c3afeb18..aac8eee7

 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=3664&range=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=3664&range=00-01

  Stats: 230 lines in 3 files changed: 125 ins; 96 del; 9 mod
  Patch: https://git.openjdk.java.net/jdk/pull/3664.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/3664/head:pull/3664

PR: https://git.openjdk.java.net/jdk/pull/3664

More information about the security-dev mailing list