Fix-CVE-2023-21930.patch

Fix-CVE-2023-21930.patch

@@ -0,0 +1,125 @@
+From d12de47b54eee411e7f41b2066fea15b1b93c51e Mon Sep 17 00:00:00 2001
+From: justinwm <mwenaa@hust.edu.cn>
+Date: Tue, 13 Jun 2023 10:34:31 +0800
+Subject: fix-CVE-2023-21930
+
+---
+ .../share/classes/sun/security/ssl/KeyUpdate.java   |  6 ++++--
+ .../classes/sun/security/ssl/SSLEngineImpl.java     |  8 ++++----
+ .../classes/sun/security/ssl/SSLSocketImpl.java     |  8 ++++----
+ .../classes/sun/security/ssl/TransportContext.java  | 13 ++++++++++---
+ 4 files changed, 22 insertions(+), 13 deletions(-)
+
+diff --git a/openjdk/jdk/src/share/classes/sun/security/ssl/KeyUpdate.java b/openjdk/jdk/src/share/classes/sun/security/ssl/KeyUpdate.java
+index 1306344..9e921e6 100644
+--- a/openjdk/jdk/src/share/classes/sun/security/ssl/KeyUpdate.java
++++ b/openjdk/jdk/src/share/classes/sun/security/ssl/KeyUpdate.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -169,7 +169,9 @@ final class KeyUpdate {
+         public byte[] produce(ConnectionContext context) throws IOException {
+             PostHandshakeContext hc = (PostHandshakeContext)context;
+             return handshakeProducer.produce(context,
+-                    new KeyUpdateMessage(hc, KeyUpdateRequest.REQUESTED));
++                    new KeyUpdateMessage(hc, hc.conContext.isInboundClosed() ?
++                            KeyUpdateRequest.NOTREQUESTED :
++                            KeyUpdateRequest.REQUESTED));
+         }
+     }
+ 
+diff --git a/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java b/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
+index ef64c7b..05ffb8a 100644
+--- a/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
++++ b/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -325,11 +325,11 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
+      */
+     private HandshakeStatus tryKeyUpdate(
+             HandshakeStatus currentHandshakeStatus) throws IOException {
+-        // Don't bother to kickstart if handshaking is in progress, or if the
+-        // connection is not duplex-open.
++        // Don't bother to kickstart if handshaking is in progress, or if
++        // the write side of the connection is not open.  We allow a half-
++        // duplex write-only connection for key updates.
+         if ((conContext.handshakeContext == null) &&
+                 !conContext.isOutboundClosed() &&
+-                !conContext.isInboundClosed() &&
+                 !conContext.isBroken) {
+             if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+                 SSLLogger.finest("trigger key update");
+diff --git a/openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java b/openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java
+index ab93e30..b2ded0e 100644
+--- a/openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java
++++ b/openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -1428,11 +1428,11 @@ public final class SSLSocketImpl
+      * wrapped.
+      */
+     private void tryKeyUpdate() throws IOException {
+-        // Don't bother to kickstart if handshaking is in progress, or if the
+-        // connection is not duplex-open.
++        // Don't bother to kickstart if handshaking is in progress, or if
++        // the write side of the connection is not open.  We allow a half-
++        // duplex write-only connection for key updates.
+         if ((conContext.handshakeContext == null) &&
+                 !conContext.isOutboundClosed() &&
+-                !conContext.isInboundClosed() &&
+                 !conContext.isBroken) {
+             if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+                 SSLLogger.finest("trigger key update");
+diff --git a/openjdk/jdk/src/share/classes/sun/security/ssl/TransportContext.java b/openjdk/jdk/src/share/classes/sun/security/ssl/TransportContext.java
+index 416113e..9427ed7 100644
+--- a/openjdk/jdk/src/share/classes/sun/security/ssl/TransportContext.java
++++ b/openjdk/jdk/src/share/classes/sun/security/ssl/TransportContext.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -200,7 +200,14 @@ class TransportContext implements ConnectionContext {
+             throw new IllegalStateException("Client/Server mode not yet set.");
+         }
+ 
+-        if (outputRecord.isClosed() || inputRecord.isClosed() || isBroken) {
++        // The threshold for allowing the method to continue processing
++        // depends on whether we are doing a key update or kickstarting
++        // a handshake.  In the former case, we only require the write-side
++        // to be open where a handshake would require a full duplex connection.
++        boolean isNotUsable = outputRecord.writeCipher.atKeyLimit() ?
++            (outputRecord.isClosed() || isBroken) :
++            (outputRecord.isClosed() || inputRecord.isClosed() || isBroken);
++        if (isNotUsable) {
+             if (closeReason != null) {
+                 throw new SSLException(
+                         "Cannot kickstart, the connection is broken or closed",
+@@ -227,7 +234,7 @@ class TransportContext implements ConnectionContext {
+         //
+         // Need no kickstart message on server side unless the connection
+         // has been established.
+-        if(isNegotiated || sslConfig.isClientMode) {
++        if (isNegotiated || sslConfig.isClientMode) {
+            handshakeContext.kickstart();
+         }
+     }
+-- 
+2.39.2 (Apple Git-143)
+

openjdk-1.8.0.spec

@@ -916,7 +916,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r
 
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}.%{buildver}
-Release: 5
+Release: 6
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@@ -1181,6 +1181,7 @@ Patch292: fix-the-length-value-of-ciBlock-in-ciMethodBlocks.cp.patch
 Patch293: 8140594-Various-minor-code-improvements-compiler.patch
 Patch294: Fix-the-crash-that-occurs-when-the-process-exits-due.patch
 Patch295: Fix-AsyncGCLog-s-content-consistent-bug.patch
+Patch296: Fix-CVE-2023-21930.patch
 
 
 #############################################
@@ -1703,6 +1704,7 @@ pushd %{top_level_dir_name}
 %patch293 -p1
 %patch294 -p1
 %patch295 -p1
+%patch296 -p1
 popd
 
 # System library fixes
@@ -2327,6 +2329,9 @@ cjc.mainProgram(arg)
 %endif
 
 %changelog
+* Tue Jun 13 2023 justinwm <mwenaa@hust.edu.cn> - 1:1.8.0.352-b08.6
+- add Fix-CVE-2023-21930.patch
+
 * Wed Jan 11 2023 eapen<zhangyipeng7@huawei.com> - 1:1.8.0.352-b08.5
 - add 8296480-Fix-the-problem-that-the-TestPolicy.java-cas.patch
 - add 8296485-BuildEEBasicConstraints.java-test-fails-with.patch