jdk-sandbox: comparison jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java

equal deleted inserted replaced

-:469ad49d6185
+:aad71cf676d7
 /*
-* Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * encryption for privacy, and an integrity check ensuring
 * data origin authentication.  We do them both here, and
 * throw a fatal alert if the integrity check fails.
 */
 try {
-r.decrypt(readCipher);
+r.decrypt(readMAC, readCipher);
 } catch (BadPaddingException e) {
-// RFC 2246 states that decryption_failed should be used
-// for this purpose. However, that allows certain attacks,
-// so we just send bad record MAC. We also need to make
-// sure to always check the MAC to avoid a timing attack
-// for the same issue. See paper by Vaudenay et al.
-r.checkMAC(readMAC);
-// use the same alert types as for MAC failure below
 byte alertType = (r.contentType() == Record.ct_handshake)
 ? Alerts.alert_handshake_failure
 : Alerts.alert_bad_record_mac;
-fatal(alertType, "Invalid padding", e);
+fatal(alertType, e.getMessage(), e);
 }
-if (!r.checkMAC(readMAC)) {
-if (r.contentType() == Record.ct_handshake) {
-fatal(Alerts.alert_handshake_failure,
-"bad handshake record MAC");
-} else {
-fatal(Alerts.alert_bad_record_mac, "bad record MAC");
-}
-}
 // if (!r.decompress(c))
 //     fatal(Alerts.alert_decompression_failure,
 //         "decompression failure");

changeset 16126	aad71cf676d7
parent 16067	36055e4b5305
parent 16113	946ec9b22004
child 16913	a6f4d1626ad9