-
Bug
-
Resolution: Duplicate
-
P2
-
None
-
7
-
x86
-
linux
FULL PRODUCT VERSION :
1.7
A DESCRIPTION OF THE PROBLEM :
class:
sun.security.ssl.CiphereBox.java
method (line 446):
int decrypt(ByteBuffer bb) throws BadPaddingException
line 498:
System.arraycopy(buf, pos + blockSize,
buf, pos, limit - pos - blockSize);
has to be:
System.arraycopy(buf, pos + blockSize,
buf, pos, limit - pos - blockSize + 5);
when read MAC is compared(e.g. HmacSHA1), last 5 bytes are wrong and it causing MAC verification error with bad record MAC record message
REGRESSION. Last worked in version 7
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
use any NIO implementation with TLS 1.1 or TLS 1.2 (SSLEngine.unwrap method)
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
to be fixed as described
ACTUAL -
can not use java 7 wit nio for TLS 1.1/1.2
ERROR MESSAGES/STACK TRACES THAT OCCUR :
bad record mac
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
patch jsse.jar with
sun.security.ssl.CiphereBox chnage
1.7
A DESCRIPTION OF THE PROBLEM :
class:
sun.security.ssl.CiphereBox.java
method (line 446):
int decrypt(ByteBuffer bb) throws BadPaddingException
line 498:
System.arraycopy(buf, pos + blockSize,
buf, pos, limit - pos - blockSize);
has to be:
System.arraycopy(buf, pos + blockSize,
buf, pos, limit - pos - blockSize + 5);
when read MAC is compared(e.g. HmacSHA1), last 5 bytes are wrong and it causing MAC verification error with bad record MAC record message
REGRESSION. Last worked in version 7
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
use any NIO implementation with TLS 1.1 or TLS 1.2 (SSLEngine.unwrap method)
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
to be fixed as described
ACTUAL -
can not use java 7 wit nio for TLS 1.1/1.2
ERROR MESSAGES/STACK TRACES THAT OCCUR :
bad record mac
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
patch jsse.jar with
sun.security.ssl.CiphereBox chnage
- duplicates
-
-
- Closed
-