8215524: Finished message validation failure should be decrypt_error alert

Reviewed-by: xuelei
2019-02-26 07:26:29 +08:00 · 2019-02-26 07:26:29 +08:00 · e4fd3054fc
commit e4fd3054fc
parent 1610706716
1 changed files with 2 additions and 2 deletions
--- a/src/java.base/share/classes/sun/security/ssl/Finished.java
+++ b/src/java.base/share/classes/sun/security/ssl/Finished.java
@ -102,7 +102,7 @@ final class Finished {
            }

            if (m.remaining() != verifyDataLen) {
-                throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
+                throw context.conContext.fatal(Alert.DECODE_ERROR,
                    "Inappropriate finished message: need " + verifyDataLen +
                    " but remaining " + m.remaining() + " bytes verify_data");
            }
@ -120,7 +120,7 @@ final class Finished {
                        "Failed to generate verify_data", ioe);
            }
            if (!MessageDigest.isEqual(myVerifyData, verifyData)) {
-                throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
+                throw context.conContext.fatal(Alert.DECRYPT_ERROR,
                        "The Finished message cannot be verified.");
            }
        }