Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8235311

Tag mismatch may alert bad_record_mac

    Details

      Backports

        Description

        javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.711 CST|SSLSocketOutputRecord.java:72|WRITE: TLS13 alert(handshake_failure), length = 2
        javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.712 CST|SSLCipher.java:2063|Plaintext before ENCRYPTION (
          0000: 02 28 15 00 00 00 00 00 00 00 00 00 00 00 00 00 .(..............
          0010: 00 00 00 ...
        )
        javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.714 CST|SSLSocketOutputRecord.java:86|Raw write (
          0000: 17 03 03 00 23 E7 C1 17 7A E1 60 D5 F1 FA 55 B4 ....#...z.`...U.
          0010: DD 99 5B 6D CB DB 27 01 EB 73 FC 03 9B C9 10 4E ..[m..'..s.....N
          0020: 5E 87 62 D8 DB F5 68 7B ^.b...h.
        )
        javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.715 CST|SSLSocketImpl.java:1699|close the underlying socket
        javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.715 CST|SSLSocketImpl.java:1718|close the SSL connection (initiative)
        javax.net.ssl.SSLHandshakeException: Tag mismatch!
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:129)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
        at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:878)
        at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:969)
        at java.base/java.io.InputStream.read(InputStream.java:218)
        at SimpleTLS.readIn(SimpleTLS.java:40)
        at SimpleTLS.main(SimpleTLS.java:27)
        Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
        at java.base/com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:623)
        at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1118)
        at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1055)
        at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:943)
        at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491)
        at java.base/javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:794)
        at java.base/javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
        at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2499)
        at java.base/sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1930)
        at java.base/sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(SSLSocketInputRecord.java:262)
        at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:190)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
        ... 8 more

        Per RFC8446 section 6.2, the alert would be fatal bad_record_mac rather than handshake_failure.
        bad_record_mac: This alert is returned if a record is received which cannot be deprotected. Because AEAD algorithms combine decryption and verification, and also to avoid side-channel attacks, this alert is used for all deprotection failures. This alert should never be observed in communication between proper implementations, except when messages were corrupted in the network.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  xuelei Xue-Lei Fan
                  Reporter:
                  jjiang John Jiang
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: