Skip to content
Permalink
Browse files

8235311: Tag mismatch may alert bad_record_mac

Reviewed-by: mullan
  • Loading branch information
XueleiFan committed Dec 10, 2019
1 parent 02039fd commit 3ba75a656a5c51f92e1544a0e797bf84042d5dfa
Showing with 6 additions and 3 deletions.
  1. +6 −3 src/java.base/share/classes/sun/security/ssl/SSLTransport.java
@@ -28,6 +28,7 @@
import java.io.EOFException;
import java.io.IOException;
import java.nio.ByteBuffer;
import javax.crypto.AEADBadTagException;
import javax.crypto.BadPaddingException;
import javax.net.ssl.SSLHandshakeException;

@@ -116,16 +117,18 @@ static Plaintext decode(TransportContext context,
}

throw context.fatal(Alert.UNEXPECTED_MESSAGE, unsoe);
} catch (AEADBadTagException bte) {
throw context.fatal(Alert.BAD_RECORD_MAC, bte);
} catch (BadPaddingException bpe) {
/*
* The basic SSLv3 record protection involves (optional)
* encryption for privacy, and an integrity check ensuring
* data origin authentication. We do them both here, and
* throw a fatal alert if the integrity check fails.
*/
Alert alert = (context.handshakeContext != null) ?
Alert.HANDSHAKE_FAILURE :
Alert.BAD_RECORD_MAC;
Alert alert = (context.handshakeContext != null) ?
Alert.HANDSHAKE_FAILURE :
Alert.BAD_RECORD_MAC;
throw context.fatal(alert, bpe);
} catch (SSLHandshakeException she) {
// may be record sequence number overflow

0 comments on commit 3ba75a6

Please sign in to comment.
You can’t perform that action at this time.