RFR: 8366454: TLS1.3 server fails with bad_record_mac when receiving encrypted records with empty body [v2]

[duke]

On Wed, 24 Sep 2025 14:55:57 GMT, Alice Pellegrini <duke at openjdk.org> wrote:

>> According to RFC 8446 section 5.4, third paragraph 
>>> Application Data records may contain a zero-length
>>>    TLSInnerPlaintext.content if the sender desires.  This permits
>>>    generation of plausibly sized cover traffic in contexts where the
>>>    presence or absence of activity may be sensitive.  Implementations
>>>    MUST NOT send Handshake and Alert records that have a zero-length
>>>    TLSInnerPlaintext.content; if such a message is received, the
>>>    receiving implementation MUST terminate the connection with an
>>>    "unexpected_message" alert.
>> 
>> 
>> The proposed change removes an off by 1 error in the SSLCipher implementation, forces the correct Alert message to be sent in response to zero-length Alert fragments, as well as updating some tests which detected the BadPaddingException but now detect a SSLProtocolException, which is thrown by `TransportContext.fatal`
>
> Alice Pellegrini has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update copyright, apply suggestions from review, more consistent style for for loop between the two ciphers
>   
>   Co-authored-by: Daniel Jelinski <daniel.jelinski at oracle.com>

@friedbyalice 
Your change (at version a76fa9c3fc50b92947659c638bbfb7437ac5c6b0) is now ready to be sponsored by a Committer.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/27438#issuecomment-3329457790