RFR[13] JDK-8215524: Finished message validation failure should be decrypt_error alert

Xuelei Fan xuelei.fan at oracle.com
Mon Feb 25 15:01:55 UTC 2019


Looks fine to me.

Thanks,
Xuelei

On 2/25/2019 4:01 AM, sha.jiang at oracle.com wrote:
> Hi,
> When Finished message is validated failed, illegal_parameter is raised 
> currently. But per RFC 8446 section 6.2, this error should alert 
> decrypt_error.
> And according to the same section, if the length of verify_data in 
> Finished is incorrect, it should alert decode_error rather than 
> illegal_parameter.
> 
> This fix is verified by fuzzing testing, but it's hard to add a new 
> regression test.
> 
> Webrev: http://cr.openjdk.java.net/~jjiang/8215524/webrev.00/
> Issue: https://bugs.openjdk.java.net/browse/JDK-8215524
> 
> Best regards,
> John Jiang
> 


More information about the security-dev mailing list