RFR[13] JDK-8215524: Finished message validation failure should be decrypt_error alert
Xuelei Fan
xuelei.fan at oracle.com
Mon Feb 25 15:01:55 UTC 2019
Looks fine to me.
Thanks,
Xuelei
On 2/25/2019 4:01 AM, sha.jiang at oracle.com wrote:
> Hi,
> When Finished message is validated failed, illegal_parameter is raised
> currently. But per RFC 8446 section 6.2, this error should alert
> decrypt_error.
> And according to the same section, if the length of verify_data in
> Finished is incorrect, it should alert decode_error rather than
> illegal_parameter.
>
> This fix is verified by fuzzing testing, but it's hard to add a new
> regression test.
>
> Webrev: http://cr.openjdk.java.net/~jjiang/8215524/webrev.00/
> Issue: https://bugs.openjdk.java.net/browse/JDK-8215524
>
> Best regards,
> John Jiang
>
More information about the security-dev
mailing list