Mercurial > hg > icedtea8-forest > jdk

changeset 14955:37cc96fde911 jdk8u292-b04

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8235311: Tag mismatch may alert bad_record_mac Reviewed-by: mullan
author xuelei
date Tue, 10 Dec 2019 07:07:49 -0800
parents d98935705de6
children 1fd7ad9f2255
files src/share/classes/sun/security/ssl/SSLTransport.java
diffstat 1 files changed, 6 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/SSLTransport.java	Mon Feb 22 06:50:04 2021 +0000
+++ b/src/share/classes/sun/security/ssl/SSLTransport.java	Tue Dec 10 07:07:49 2019 -0800
@@ -28,6 +28,7 @@
 import java.io.EOFException;
 import java.io.IOException;
 import java.nio.ByteBuffer;
+import javax.crypto.AEADBadTagException;
 import javax.crypto.BadPaddingException;
 import javax.net.ssl.SSLHandshakeException;
 
@@ -114,6 +115,8 @@
             }
 
             throw context.fatal(Alert.UNEXPECTED_MESSAGE, unsoe);
+        } catch (AEADBadTagException bte) {
+            throw context.fatal(Alert.BAD_RECORD_MAC, bte);
         } catch (BadPaddingException bpe) {
             /*
              * The basic SSLv3 record protection involves (optional)
@@ -121,9 +124,9 @@
              * data origin authentication.  We do them both here, and
              * throw a fatal alert if the integrity check fails.
              */
-            Alert alert = (context.handshakeContext != null) ?
-                    Alert.HANDSHAKE_FAILURE :
-                    Alert.BAD_RECORD_MAC;
+             Alert alert = (context.handshakeContext != null) ?
+                     Alert.HANDSHAKE_FAILURE :
+                     Alert.BAD_RECORD_MAC;
             throw context.fatal(alert, bpe);
         } catch (SSLHandshakeException she) {
             // may be record sequence number overflow