# HG changeset patch
# User xuelei
# Date 1575990469 28800
# Node ID 37cc96fde9118f2422db288dcecc4b3f51c1dacf
# Parent  d98935705de67676ae2c200c68dab40df2423158
8235311: Tag mismatch may alert bad_record_mac
Reviewed-by: mullan

diff -r d98935705de6 -r 37cc96fde911 src/share/classes/sun/security/ssl/SSLTransport.java
--- a/src/share/classes/sun/security/ssl/SSLTransport.java	Mon Feb 22 06:50:04 2021 +0000
+++ b/src/share/classes/sun/security/ssl/SSLTransport.java	Tue Dec 10 07:07:49 2019 -0800
@@ -28,6 +28,7 @@
 import java.io.EOFException;
 import java.io.IOException;
 import java.nio.ByteBuffer;
+import javax.crypto.AEADBadTagException;
 import javax.crypto.BadPaddingException;
 import javax.net.ssl.SSLHandshakeException;
 
@@ -114,6 +115,8 @@
             }
 
             throw context.fatal(Alert.UNEXPECTED_MESSAGE, unsoe);
+        } catch (AEADBadTagException bte) {
+            throw context.fatal(Alert.BAD_RECORD_MAC, bte);
         } catch (BadPaddingException bpe) {
             /*
              * The basic SSLv3 record protection involves (optional)
@@ -121,9 +124,9 @@
              * data origin authentication.  We do them both here, and
              * throw a fatal alert if the integrity check fails.
              */
-            Alert alert = (context.handshakeContext != null) ?
-                    Alert.HANDSHAKE_FAILURE :
-                    Alert.BAD_RECORD_MAC;
+             Alert alert = (context.handshakeContext != null) ?
+                     Alert.HANDSHAKE_FAILURE :
+                     Alert.BAD_RECORD_MAC;
             throw context.fatal(alert, bpe);
         } catch (SSLHandshakeException she) {
             // may be record sequence number overflow