Skip to content
This repository has been archived by the owner on Sep 29, 2021. It is now read-only.

Commit

Permalink
8221345: Better Poly1305 support
Browse files Browse the repository at this point in the history
Reviewed-by: apetcher, mschoene, rhalade
  • Loading branch information
jnimeh committed Apr 3, 2019
1 parent c414215 commit a175714
Showing 1 changed file with 6 additions and 3 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -1363,8 +1363,11 @@ public int doFinal(byte[] in, int inOff, int inLen, byte[] out,
// Calculate and compare the tag. Only do the decryption
// if and only if the tag matches.
authFinalizeData(ctPlusTag, 0, ctLen, tag, 0);
if (Arrays.compare(ctPlusTag, ctLen, ctPlusTagLen,
tag, 0, tag.length) != 0) {
long tagCompare = ((long)asLongView.get(ctPlusTag, ctLen) ^
(long)asLongView.get(tag, 0)) |
((long)asLongView.get(ctPlusTag, ctLen + Long.BYTES) ^
(long)asLongView.get(tag, Long.BYTES));
if (tagCompare != 0) {
throw new AEADBadTagException("Tag mismatch");
}
chaCha20Transform(ctPlusTag, 0, ctLen, out, outOff);
Expand Down

0 comments on commit a175714

Please sign in to comment.