JDK-8295068 : SSLEngine throws NPE parsing CertificateRequests
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 8,11,17,21,22
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2022-10-10
  • Updated: 2023-12-19
  • Resolved: 2023-07-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17 JDK 21 JDK 22
17.0.11Fixed 21.0.2Fixed 22 b06Fixed
Related Reports
Relates :  
JDK-8196584 - TLS 1.3 Implementation
Description
A fuzzed server hello message causes an NPE during handshake:

Exception in thread "main" java.lang.NullPointerException: Cannot read field "isAvailable" because "cct" is null
	at java.base/sun.security.ssl.CertificateRequest$ClientCertificateType.getKeyTypes(CertificateRequest.java:138)
	at java.base/sun.security.ssl.CertificateRequest$T12CertificateRequestMessage.getKeyTypes(CertificateRequest.java:518)
	at java.base/sun.security.ssl.CertificateRequest$T12CertificateRequestConsumer.choosePossession(CertificateRequest.java:756)
	at java.base/sun.security.ssl.CertificateRequest$T12CertificateRequestConsumer.consume(CertificateRequest.java:733)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1273)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205)
	at SSLEngineClientReadFile.runDelegatedTasks(SSLEngineClientReadFile.java:121)
	at SSLEngineClientReadFile.runDemo(SSLEngineClientReadFile.java:94)
	at SSLEngineClientReadFile.main(SSLEngineClientReadFile.java:45)
Comments
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/2046 Date: 2023-12-12 10:23:15 +0000
12-12-2023
[jdk17u-fix-request] Approval Request from Aleksey Shipilëv Clean backport to resolve a corner case in certificate handling. Applies cleanly. Testing passes.
12-12-2023
[jdk21u-fix-request] Approval Request from Aleksey Shipilëv Clean backport to handle the SSL corner case.
16-10-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk21u/pull/257 Date: 2023-10-16 19:03:54 +0000
16-10-2023
Seems to be this way since original TLS 1.3 implementation, JDK-8196584.
10-07-2023
Changeset: 5667afc3 Author: Kevin Driver <kdriver@openjdk.org> Committer: Xue-Lei Andrew Fan <xuelei@openjdk.org> Date: 2023-07-07 16:55:26 +0000 URL: https://git.openjdk.org/jdk/commit/5667afc36275b064c7700518f453fe8657e13636
07-07-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/14778 Date: 2023-07-05 20:25:26 +0000
05-07-2023