On Thu, 17 Oct 2024 18:48:29 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
> SSLCipher has contentType.
Here is the idea in my mind. @artur-oracle Please check if I missed something.
Thank you!
@Override
public Plaintext decrypt(byte contentType, ByteBuffer bb,
byte[] sequence) throws GeneralSecurityException {
...
if (contentType == ContentType.CHANGE_CIPHER_SPEC.id) {
return new Plaintext(contentType,
ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
-1, -1L, bb.slice());
}
if (bb.remaining() <= tagSize) {
+ // is it an alert?
+ if (contentType is an alert) {
+ // this is bad record, may be caused by ..., treat
it as error alert.
+ return bad record alert plaintext
+ } else {
throw new BadPaddingException(
"Insufficient buffer remaining for AEAD cipher " +
"fragment (" + bb.remaining() + "). Needs to be " +
"more than tag size (" + tagSize + ")");
}
-------------
PR Comment: https://git.openjdk.org/jdk/pull/21043#issuecomment-2420456919
