Integrated: 8366454: TLS1.3 server fails with bad_record_mac when receiving encrypted records with empty body

[Alice Pellegrini]

On Mon, 22 Sep 2025 20:20:19 GMT, Alice Pellegrini <duke at openjdk.org> wrote:

> According to RFC 8446 section 5.4, third paragraph 
>> Application Data records may contain a zero-length
>>    TLSInnerPlaintext.content if the sender desires.  This permits
>>    generation of plausibly sized cover traffic in contexts where the
>>    presence or absence of activity may be sensitive.  Implementations
>>    MUST NOT send Handshake and Alert records that have a zero-length
>>    TLSInnerPlaintext.content; if such a message is received, the
>>    receiving implementation MUST terminate the connection with an
>>    "unexpected_message" alert.
> 
> 
> The proposed change removes an off by 1 error in the SSLCipher implementation, forces the correct Alert message to be sent in response to zero-length Alert fragments, as well as updating some tests which detected the BadPaddingException but now detect a SSLProtocolException, which is thrown by `TransportContext.fatal`

This pull request has now been integrated.

Changeset: ba44656b
Author:    Alice Pellegrini <dev at alicepellegrini.me>
Committer: Daniel Jeliński <djelinski at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/ba44656b97b7103d96718452e300df8a6bd59c87
Stats:     24 lines in 4 files changed: 10 ins; 1 del; 13 mod

8366454: TLS1.3 server fails with bad_record_mac when receiving encrypted records with empty body

Co-authored-by: Daniel Jeliński <djelinski at openjdk.org>
Reviewed-by: djelinski

-------------

PR: https://git.openjdk.org/jdk/pull/27438