packages/openjdk-1.8.0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix-CVE-2023-21930.patch

Browse Source
This commit is contained in:
justinwm 2023-06-13 10:38:57 +08:00
parent b5e5997bf5
commit 5e90df0048
2 changed files with 131 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
Fix-CVE-2023-21930.patch Normal file
View File

@ -0,0 +1,125 @@
From d12de47b54eee411e7f41b2066fea15b1b93c51e Mon Sep 17 00:00:00 2001
From: justinwm <mwenaa@hust.edu.cn>
Date: Tue, 13 Jun 2023 10:34:31 +0800
Subject: fix-CVE-2023-21930
---
.../share/classes/sun/security/ssl/KeyUpdate.java | 6 ++++--
.../classes/sun/security/ssl/SSLEngineImpl.java | 8 ++++----
.../classes/sun/security/ssl/SSLSocketImpl.java | 8 ++++----
.../classes/sun/security/ssl/TransportContext.java | 13 ++++++++++---
4 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/openjdk/jdk/src/share/classes/sun/security/ssl/KeyUpdate.java b/openjdk/jdk/src/share/classes/sun/security/ssl/KeyUpdate.java
index 1306344..9e921e6 100644
--- a/openjdk/jdk/src/share/classes/sun/security/ssl/KeyUpdate.java
+++ b/openjdk/jdk/src/share/classes/sun/security/ssl/KeyUpdate.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -169,7 +169,9 @@ final class KeyUpdate {
public byte[] produce(ConnectionContext context) throws IOException {
PostHandshakeContext hc = (PostHandshakeContext)context;
return handshakeProducer.produce(context,
- new KeyUpdateMessage(hc, KeyUpdateRequest.REQUESTED));
+ new KeyUpdateMessage(hc, hc.conContext.isInboundClosed() ?
+ KeyUpdateRequest.NOTREQUESTED :
+ KeyUpdateRequest.REQUESTED));
}
}
diff --git a/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java b/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
index ef64c7b..05ffb8a 100644
--- a/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
+++ b/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -325,11 +325,11 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
*/
private HandshakeStatus tryKeyUpdate(
HandshakeStatus currentHandshakeStatus) throws IOException {
- // Don't bother to kickstart if handshaking is in progress, or if the
- // connection is not duplex-open.
+ // Don't bother to kickstart if handshaking is in progress, or if
+ // the write side of the connection is not open. We allow a half-
+ // duplex write-only connection for key updates.
if ((conContext.handshakeContext == null) &&
!conContext.isOutboundClosed() &&
- !conContext.isInboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.finest("trigger key update");
diff --git a/openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java b/openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java
index ab93e30..b2ded0e 100644
--- a/openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java
+++ b/openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1428,11 +1428,11 @@ public final class SSLSocketImpl
* wrapped.
*/
private void tryKeyUpdate() throws IOException {
- // Don't bother to kickstart if handshaking is in progress, or if the
- // connection is not duplex-open.
+ // Don't bother to kickstart if handshaking is in progress, or if
+ // the write side of the connection is not open. We allow a half-
+ // duplex write-only connection for key updates.
if ((conContext.handshakeContext == null) &&
!conContext.isOutboundClosed() &&
- !conContext.isInboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.finest("trigger key update");
diff --git a/openjdk/jdk/src/share/classes/sun/security/ssl/TransportContext.java b/openjdk/jdk/src/share/classes/sun/security/ssl/TransportContext.java
index 416113e..9427ed7 100644
--- a/openjdk/jdk/src/share/classes/sun/security/ssl/TransportContext.java
+++ b/openjdk/jdk/src/share/classes/sun/security/ssl/TransportContext.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -200,7 +200,14 @@ class TransportContext implements ConnectionContext {
throw new IllegalStateException("Client/Server mode not yet set.");
}
- if (outputRecord.isClosed() || inputRecord.isClosed() || isBroken) {
+ // The threshold for allowing the method to continue processing
+ // depends on whether we are doing a key update or kickstarting
+ // a handshake. In the former case, we only require the write-side
+ // to be open where a handshake would require a full duplex connection.
+ boolean isNotUsable = outputRecord.writeCipher.atKeyLimit() ?
+ (outputRecord.isClosed() || isBroken) :
+ (outputRecord.isClosed() || inputRecord.isClosed() || isBroken);
+ if (isNotUsable) {
if (closeReason != null) {
throw new SSLException(
"Cannot kickstart, the connection is broken or closed",
@@ -227,7 +234,7 @@ class TransportContext implements ConnectionContext {
//
// Need no kickstart message on server side unless the connection
// has been established.
- if(isNegotiated || sslConfig.isClientMode) {
+ if (isNegotiated || sslConfig.isClientMode) {
handshakeContext.kickstart();
}
}
--
2.39.2 (Apple Git-143)

7
openjdk-1.8.0.spec
View File

@ -916,7 +916,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver}
Release: 5
Release: 6
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@ -1181,6 +1181,7 @@ Patch292: fix-the-length-value-of-ciBlock-in-ciMethodBlocks.cp.patch
Patch293: 8140594-Various-minor-code-improvements-compiler.patch
Patch294: Fix-the-crash-that-occurs-when-the-process-exits-due.patch
Patch295: Fix-AsyncGCLog-s-content-consistent-bug.patch
Patch296: Fix-CVE-2023-21930.patch
#############################################
@ -1703,6 +1704,7 @@ pushd %{top_level_dir_name}
%patch293 -p1
%patch294 -p1
%patch295 -p1
%patch296 -p1
popd
# System library fixes
@ -2327,6 +2329,9 @@ cjc.mainProgram(arg)
%endif
%changelog
* Tue Jun 13 2023 justinwm <mwenaa@hust.edu.cn> - 1:1.8.0.352-b08.6
- add Fix-CVE-2023-21930.patch
* Wed Jan 11 2023 eapen<zhangyipeng7@huawei.com> - 1:1.8.0.352-b08.5
- add 8296480-Fix-the-problem-that-the-TestPolicy.java-cas.patch
- add 8296485-BuildEEBasicConstraints.java-test-fails-with.patch