8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)

Reviewed-by: jnimeh, xuelei

src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java

@@ -372,9 +372,11 @@ final class PreSharedKeyExtension {
                 SSLSessionImpl s = null;
 
                 for (PskIdentity requestedId : pskSpec.identities) {
-                    // If we are keeping state, see if the identity is in the cache
+                    // If we are keeping state, see if the identity is in the
+                    // cache. Note that for TLS 1.3, we would also clean
+                    // up the cached session if it is not rejoinable.
                     if (requestedId.identity.length == SessionId.MAX_LENGTH) {
-                        s = sessionCache.get(requestedId.identity);
+                        s = sessionCache.pull(requestedId.identity);
                     }
                     // See if the identity is a stateless ticket
                     if (s == null &&

src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java

@@ -175,6 +175,15 @@ final class SSLSessionContextImpl implements SSLSessionContext {
         return (SSLSessionImpl)getSession(id);
     }
 
+    // package-private method, find and remove session from cache
+    // return found session
+    SSLSessionImpl pull(byte[] id) {
+        if (id != null) {
+            return sessionCache.pull(new SessionId(id));
+        }
+        return null;
+    }
+
     // package-private method, used ONLY by ClientHandshaker
     SSLSessionImpl get(String hostname, int port) {
         /*

src/java.base/share/classes/sun/security/ssl/ServerHello.java

@@ -560,9 +560,6 @@ final class ServerHello {
 
                 setUpPskKD(shc,
                         shc.resumingSession.consumePreSharedKey());
-
-                // The session can't be resumed again---remove it from cache
-                sessionCache.remove(shc.resumingSession.getSessionId());
             }
 
             // update the responders

src/java.base/share/classes/sun/security/util/Cache.java

@@ -100,6 +100,11 @@ public abstract class Cache<K,V> {
      */
     public abstract void remove(Object key);
 
+    /**
+     * Pull an entry from the cache.
+     */
+    public abstract V pull(Object key);
+
     /**
      * Set the maximum size.
      */
@@ -224,6 +229,10 @@ class NullCache<K,V> extends Cache<K,V> {
         // empty
     }
 
+    public V pull(Object key) {
+        return null;
+    }
+
     public void setCapacity(int size) {
         // empty
     }
@@ -412,6 +421,26 @@ class MemoryCache<K,V> extends Cache<K,V> {
         }
     }
 
+    public synchronized V pull(Object key) {
+        emptyQueue();
+        CacheEntry<K,V> entry = cacheMap.remove(key);
+        if (entry == null) {
+            return null;
+        }
+
+        long time = (lifetime == 0) ? 0 : System.currentTimeMillis();
+        if (entry.isValid(time)) {
+            V value = entry.getValue();
+            entry.invalidate();
+            return value;
+        } else {
+            if (DEBUG) {
+                System.out.println("Ignoring expired entry");
+            }
+            return null;
+        }
+    }
+
     public synchronized void setCapacity(int size) {
         expungeExpiredEntries();
         if (size > 0 && cacheMap.size() > size) {