archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8214688: TLS 1.3 session resumption with hello retry request failed with "illegal_parameter"

Browse source 
Reviewed-by: jnimeh
This commit is contained in:
Adam Petcher 2018-12-11 11:01:02 -05:00
parent 3c12c4b0f3
commit e922ef3636
2 changed files with 10 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java
View file

@ -656,7 +656,11 @@ final class PreSharedKeyExtension {
return null;
}
SecretKey psk = pskOpt.get();
Optional<byte[]> pskIdOpt = chc.resumingSession.consumePskIdentity();
// The PSK ID can only be used in one connections, but this method
// may be called twice in a connection if the server sends HRR.
// ID is saved in the context so it can be used in the second call.
Optional<byte[]> pskIdOpt = Optional.ofNullable(chc.pskIdentity)
.or(chc.resumingSession::consumePskIdentity);
if (!pskIdOpt.isPresent()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
@ -664,7 +668,7 @@ final class PreSharedKeyExtension {
}
return null;
}
byte[] pskId = pskIdOpt.get();
chc.pskIdentity = pskIdOpt.get();
//The session cannot be used again. Remove it from the cache.
SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
@ -681,7 +685,7 @@ final class PreSharedKeyExtension {
chc.resumingSession.getTicketCreationTime());
int obfuscatedAge =
ageMillis + chc.resumingSession.getTicketAgeAdd();
identities.add(new PskIdentity(pskId, obfuscatedAge));
identities.add(new PskIdentity(chc.pskIdentity, obfuscatedAge));
SecretKey binderKey = deriveBinderKey(psk, chc.resumingSession);
ClientHelloMessage clientHello = (ClientHelloMessage)message;