Loading...

XML

Word

Printable

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8277710	17.0.3-oracle	Sean Coffey	P2	Resolved	Fixed	b01
JDK-8275814	17.0.2	Sean Coffey	P2	Closed	Fixed	b06
JDK-8275813	11.0.15-oracle	Sean Coffey	P2	Closed	Fixed	b01
JDK-8278550	11.0.15	Zhengyu Gu	P2	Resolved	Fixed	b01
JDK-8275812	8u331	Sean Coffey	P2	Closed	Fixed	b01

Here is the original bug report: https://mail.openjdk.java.net/pipermail/security-dev/2021-October/027805.html.
-------------
During routine examination of thread dumps I noticed a stack trace you
may find interesting. Relevant part:

java.lang.Thread.State: RUNNABLE
...
at java.lang.IllegalStateException.<init>(java.base@11.0.11/Unknown Source)
at javax.crypto.Cipher.checkCipherState(java.base@11.0.11/Unknown Source)
at javax.crypto.Cipher.doFinal(java.base@11.0.11/Unknown Source)
at sun.security.ssl.SSLCipher$T12GcmReadCipherGenerator$GcmReadCipher.dispose(java.base@11.0.11/Unknown
Source)
at sun.security.ssl.InputRecord.changeReadCiphers(java.base@11.0.11/Unknown
Source)
at sun.security.ssl.ChangeCipherSpec$T10ChangeCipherSpecConsumer.consume(java.base@11.0.11/Unknown
Source)
...

All handshakes that negotiate GCM ciphers throw and catch an
exception, because the newly created cipher is disposed before use.

I believe this is caused by this line of code:
https://github.com/openjdk/jdk/blob/739769c8fc4b496f08a92225a12d07414537b6c0/src/java.base/share/classes/sun/security/ssl/InputRecord.java#L125

I think it should read as follows:
this.readCipher.dispose();

backported by

JDK-8277710 Incorrect instance to dispose

JDK-8278550 Incorrect instance to dispose

JDK-8275812 Incorrect instance to dispose

JDK-8275813 Incorrect instance to dispose

JDK-8275814 Incorrect instance to dispose

links to

Commit openjdk/jdk11u-dev/9bc99d87

Commit openjdk/jdk17u/dc7216ac

Commit openjdk/jdk/cddc6ce4

Review openjdk/jdk8u-dev/38

Review openjdk/jdk11u-dev/709

Review openjdk/jdk17u/297

Review openjdk/jdk/6084

(7 links to)