> According to RFC 8446 section 5.4, third paragraph >> Application Data records may contain a zero-length >> TLSInnerPlaintext.content if the sender desires. This permits >> generation of plausibly sized cover traffic in contexts where the >> presence or absence of activity may be sensitive. Implementations >> MUST NOT send Handshake and Alert records that have a zero-length >> TLSInnerPlaintext.content; if such a message is received, the >> receiving implementation MUST terminate the connection with an >> "unexpected_message" alert. > > > The proposed change removes an off by 1 error in the SSLCipher > implementation, forces the correct Alert message to be sent in response to > zero-length Alert fragments, as well as updating some tests which detected > the BadPaddingException but now detect a SSLProtocolException, which is > thrown by `TransportContext.fatal`
Alice Pellegrini has updated the pull request incrementally with one additional commit since the last revision: Update copyright, apply suggestions from review, more consistent style for for loop between the two ciphers Co-authored-by: Daniel Jelinski <[email protected]> ------------- Changes: - all: https://git.openjdk.org/jdk/pull/27438/files - new: https://git.openjdk.org/jdk/pull/27438/files/6a99f91a..a76fa9c3 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=27438&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=27438&range=00-01 Stats: 7 lines in 3 files changed: 0 ins; 1 del; 6 mod Patch: https://git.openjdk.org/jdk/pull/27438.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27438/head:pull/27438 PR: https://git.openjdk.org/jdk/pull/27438
