1 /* |
1 /* |
2 * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
984 * encryption for privacy, and an integrity check ensuring |
984 * encryption for privacy, and an integrity check ensuring |
985 * data origin authentication. We do them both here, and |
985 * data origin authentication. We do them both here, and |
986 * throw a fatal alert if the integrity check fails. |
986 * throw a fatal alert if the integrity check fails. |
987 */ |
987 */ |
988 try { |
988 try { |
989 r.decrypt(readCipher); |
989 r.decrypt(readMAC, readCipher); |
990 } catch (BadPaddingException e) { |
990 } catch (BadPaddingException e) { |
991 // RFC 2246 states that decryption_failed should be used |
|
992 // for this purpose. However, that allows certain attacks, |
|
993 // so we just send bad record MAC. We also need to make |
|
994 // sure to always check the MAC to avoid a timing attack |
|
995 // for the same issue. See paper by Vaudenay et al. |
|
996 r.checkMAC(readMAC); |
|
997 // use the same alert types as for MAC failure below |
|
998 byte alertType = (r.contentType() == Record.ct_handshake) |
991 byte alertType = (r.contentType() == Record.ct_handshake) |
999 ? Alerts.alert_handshake_failure |
992 ? Alerts.alert_handshake_failure |
1000 : Alerts.alert_bad_record_mac; |
993 : Alerts.alert_bad_record_mac; |
1001 fatal(alertType, "Invalid padding", e); |
994 fatal(alertType, e.getMessage(), e); |
1002 } |
995 } |
1003 if (!r.checkMAC(readMAC)) { |
|
1004 if (r.contentType() == Record.ct_handshake) { |
|
1005 fatal(Alerts.alert_handshake_failure, |
|
1006 "bad handshake record MAC"); |
|
1007 } else { |
|
1008 fatal(Alerts.alert_bad_record_mac, "bad record MAC"); |
|
1009 } |
|
1010 } |
|
1011 |
|
1012 |
996 |
1013 // if (!r.decompress(c)) |
997 // if (!r.decompress(c)) |
1014 // fatal(Alerts.alert_decompression_failure, |
998 // fatal(Alerts.alert_decompression_failure, |
1015 // "decompression failure"); |
999 // "decompression failure"); |
1016 |
1000 |