OpenJDK / amber / amber
changeset 59255:3333517d634e
8235311: Tag mismatch may alert bad_record_mac
Reviewed-by: mullan
| author | xuelei |
|---|---|
| date | Tue, 10 Dec 2019 07:07:49 -0800 |
| parents | 819be120e63d |
| children | 44aa31d0dea3 |
| files | src/java.base/share/classes/sun/security/ssl/SSLTransport.java |
| diffstat | 1 files changed, 6 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/ssl/SSLTransport.java Tue Dec 10 15:00:01 2019 +0000 +++ b/src/java.base/share/classes/sun/security/ssl/SSLTransport.java Tue Dec 10 07:07:49 2019 -0800 @@ -28,6 +28,7 @@ import java.io.EOFException; import java.io.IOException; import java.nio.ByteBuffer; +import javax.crypto.AEADBadTagException; import javax.crypto.BadPaddingException; import javax.net.ssl.SSLHandshakeException; @@ -116,6 +117,8 @@ } throw context.fatal(Alert.UNEXPECTED_MESSAGE, unsoe); + } catch (AEADBadTagException bte) { + throw context.fatal(Alert.BAD_RECORD_MAC, bte); } catch (BadPaddingException bpe) { /* * The basic SSLv3 record protection involves (optional) @@ -123,9 +126,9 @@ * data origin authentication. We do them both here, and * throw a fatal alert if the integrity check fails. */ - Alert alert = (context.handshakeContext != null) ? - Alert.HANDSHAKE_FAILURE : - Alert.BAD_RECORD_MAC; + Alert alert = (context.handshakeContext != null) ? + Alert.HANDSHAKE_FAILURE : + Alert.BAD_RECORD_MAC; throw context.fatal(alert, bpe); } catch (SSLHandshakeException she) { // may be record sequence number overflow