Mercurial > hg > icedtea8-forest > jdk
changeset 14955:37cc96fde911 jdk8u292-b04
8235311: Tag mismatch may alert bad_record_mac
Reviewed-by: mullan
author | xuelei |
---|---|
date | Tue, 10 Dec 2019 07:07:49 -0800 |
parents | d98935705de6 |
children | 1fd7ad9f2255 |
files | src/share/classes/sun/security/ssl/SSLTransport.java |
diffstat | 1 files changed, 6 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/SSLTransport.java Mon Feb 22 06:50:04 2021 +0000 +++ b/src/share/classes/sun/security/ssl/SSLTransport.java Tue Dec 10 07:07:49 2019 -0800 @@ -28,6 +28,7 @@ import java.io.EOFException; import java.io.IOException; import java.nio.ByteBuffer; +import javax.crypto.AEADBadTagException; import javax.crypto.BadPaddingException; import javax.net.ssl.SSLHandshakeException; @@ -114,6 +115,8 @@ } throw context.fatal(Alert.UNEXPECTED_MESSAGE, unsoe); + } catch (AEADBadTagException bte) { + throw context.fatal(Alert.BAD_RECORD_MAC, bte); } catch (BadPaddingException bpe) { /* * The basic SSLv3 record protection involves (optional) @@ -121,9 +124,9 @@ * data origin authentication. We do them both here, and * throw a fatal alert if the integrity check fails. */ - Alert alert = (context.handshakeContext != null) ? - Alert.HANDSHAKE_FAILURE : - Alert.BAD_RECORD_MAC; + Alert alert = (context.handshakeContext != null) ? + Alert.HANDSHAKE_FAILURE : + Alert.BAD_RECORD_MAC; throw context.fatal(alert, bpe); } catch (SSLHandshakeException she) { // may be record sequence number overflow