packages/openjdk-1.8.0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openjdk-1.8.0/Fix-CVE-2023-21930.patch
justinwm 5e90df0048 Fix-CVE-2023-21930.patch
2023-06-13 10:38:57 +08:00

126 lines
6.4 KiB
Diff
Raw Blame History

From d12de47b54eee411e7f41b2066fea15b1b93c51e Mon Sep 17 00:00:00 2001
From: justinwm <mwenaa@hust.edu.cn>
Date: Tue, 13 Jun 2023 10:34:31 +0800
Subject: fix-CVE-2023-21930
---
.../share/classes/sun/security/ssl/KeyUpdate.java | 6 ++++--
.../classes/sun/security/ssl/SSLEngineImpl.java | 8 ++++----
.../classes/sun/security/ssl/SSLSocketImpl.java | 8 ++++----
.../classes/sun/security/ssl/TransportContext.java | 13 ++++++++++---
4 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/openjdk/jdk/src/share/classes/sun/security/ssl/KeyUpdate.java b/openjdk/jdk/src/share/classes/sun/security/ssl/KeyUpdate.java
index 1306344..9e921e6 100644
--- a/openjdk/jdk/src/share/classes/sun/security/ssl/KeyUpdate.java
+++ b/openjdk/jdk/src/share/classes/sun/security/ssl/KeyUpdate.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -169,7 +169,9 @@ final class KeyUpdate {
public byte[] produce(ConnectionContext context) throws IOException {
PostHandshakeContext hc = (PostHandshakeContext)context;
return handshakeProducer.produce(context,
- new KeyUpdateMessage(hc, KeyUpdateRequest.REQUESTED));
+ new KeyUpdateMessage(hc, hc.conContext.isInboundClosed() ?
+ KeyUpdateRequest.NOTREQUESTED :
+ KeyUpdateRequest.REQUESTED));
}
}
diff --git a/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java b/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
index ef64c7b..05ffb8a 100644
--- a/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
+++ b/openjdk/jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -325,11 +325,11 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
*/
private HandshakeStatus tryKeyUpdate(
HandshakeStatus currentHandshakeStatus) throws IOException {
- // Don't bother to kickstart if handshaking is in progress, or if the
- // connection is not duplex-open.
+ // Don't bother to kickstart if handshaking is in progress, or if
+ // the write side of the connection is not open. We allow a half-
+ // duplex write-only connection for key updates.
if ((conContext.handshakeContext == null) &&
!conContext.isOutboundClosed() &&
- !conContext.isInboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.finest("trigger key update");
diff --git a/openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java b/openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java
index ab93e30..b2ded0e 100644
--- a/openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java
+++ b/openjdk/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1428,11 +1428,11 @@ public final class SSLSocketImpl
* wrapped.
*/
private void tryKeyUpdate() throws IOException {
- // Don't bother to kickstart if handshaking is in progress, or if the
- // connection is not duplex-open.
+ // Don't bother to kickstart if handshaking is in progress, or if
+ // the write side of the connection is not open. We allow a half-
+ // duplex write-only connection for key updates.
if ((conContext.handshakeContext == null) &&
!conContext.isOutboundClosed() &&
- !conContext.isInboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.finest("trigger key update");
diff --git a/openjdk/jdk/src/share/classes/sun/security/ssl/TransportContext.java b/openjdk/jdk/src/share/classes/sun/security/ssl/TransportContext.java
index 416113e..9427ed7 100644
--- a/openjdk/jdk/src/share/classes/sun/security/ssl/TransportContext.java
+++ b/openjdk/jdk/src/share/classes/sun/security/ssl/TransportContext.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -200,7 +200,14 @@ class TransportContext implements ConnectionContext {
throw new IllegalStateException("Client/Server mode not yet set.");
}
- if (outputRecord.isClosed() || inputRecord.isClosed() || isBroken) {
+ // The threshold for allowing the method to continue processing
+ // depends on whether we are doing a key update or kickstarting
+ // a handshake. In the former case, we only require the write-side
+ // to be open where a handshake would require a full duplex connection.
+ boolean isNotUsable = outputRecord.writeCipher.atKeyLimit() ?
+ (outputRecord.isClosed() || isBroken) :
+ (outputRecord.isClosed() || inputRecord.isClosed() || isBroken);
+ if (isNotUsable) {
if (closeReason != null) {
throw new SSLException(
"Cannot kickstart, the connection is broken or closed",
@@ -227,7 +234,7 @@ class TransportContext implements ConnectionContext {
//
// Need no kickstart message on server side unless the connection
// has been established.
- if(isNegotiated || sslConfig.isClientMode) {
+ if (isNegotiated || sslConfig.isClientMode) {
handshakeContext.kickstart();
}
}
--
2.39.2 (Apple Git-143)
Reference in New Issue View Git Blame Copy Permalink