TKSS-926: Backport JDK-8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server

kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SSLCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1900,10 +1900,20 @@ public Plaintext decrypt(byte contentType, ByteBuffer bb,
                 }
 
                 if (bb.remaining() <= tagSize) {
-                    throw new BadPaddingException(
-                        "Insufficient buffer remaining for AEAD cipher " +
-                        "fragment (" + bb.remaining() + "). Needs to be " +
-                        "more than tag size (" + tagSize + ")");
+                    // Check for unexpected plaintext alert.
+                    if (contentType == ContentType.ALERT.id
+                            && bb.remaining() == 2) {
+                        throw new GeneralSecurityException(String.format(
+                                "Unexpected plaintext alert received: " +
+                                "Level: %s; Alert: %s",
+                                Alert.Level.nameOf(bb.get(bb.position())),
+                                Alert.nameOf(bb.get(bb.position() + 1))));
+                    } else {
+                        throw new BadPaddingException(
+                                "Insufficient buffer remaining for AEAD cipher " +
+                                "fragment (" + bb.remaining() + "). Needs to be " +
+                                "more than tag size (" + tagSize + ")");
+                    }
                 }
 
                 byte[] sn = sequence;