RFR: 8366454: TLS1.3 server fails with bad_record_mac when receiving encrypted records with empty body [v2]
Alice Pellegrini
duke at openjdk.org
Wed Sep 24 14:55:57 UTC 2025
> According to RFC 8446 section 5.4, third paragraph
>> Application Data records may contain a zero-length
>> TLSInnerPlaintext.content if the sender desires. This permits
>> generation of plausibly sized cover traffic in contexts where the
>> presence or absence of activity may be sensitive. Implementations
>> MUST NOT send Handshake and Alert records that have a zero-length
>> TLSInnerPlaintext.content; if such a message is received, the
>> receiving implementation MUST terminate the connection with an
>> "unexpected_message" alert.
>
>
> The proposed change removes an off by 1 error in the SSLCipher implementation, forces the correct Alert message to be sent in response to zero-length Alert fragments, as well as updating some tests which detected the BadPaddingException but now detect a SSLProtocolException, which is thrown by `TransportContext.fatal`
Alice Pellegrini has updated the pull request incrementally with one additional commit since the last revision:
Update copyright, apply suggestions from review, more consistent style for for loop between the two ciphers
Co-authored-by: Daniel Jelinski <daniel.jelinski at oracle.com>
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/27438/files
- new: https://git.openjdk.org/jdk/pull/27438/files/6a99f91a..a76fa9c3
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=27438&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=27438&range=00-01
Stats: 7 lines in 3 files changed: 0 ins; 1 del; 6 mod
Patch: https://git.openjdk.org/jdk/pull/27438.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27438/head:pull/27438
PR: https://git.openjdk.org/jdk/pull/27438
More information about the security-dev
mailing list