# HG changeset patch
# User jnimeh
# Date 1554323711 25200
# Node ID 18130ed28231cee6e12f27011e26598ff551aadf
# Parent  ce3598fceb879eb6661f7c75d77ada5f3ed65545
8221345: Better Poly1305 support
Reviewed-by: apetcher, mschoene, rhalade

diff -r ce3598fceb87 -r 18130ed28231 src/java.base/share/classes/com/sun/crypto/provider/ChaCha20Cipher.java
--- a/src/java.base/share/classes/com/sun/crypto/provider/ChaCha20Cipher.java	Thu Mar 28 14:18:57 2019 -0700
+++ b/src/java.base/share/classes/com/sun/crypto/provider/ChaCha20Cipher.java	Wed Apr 03 13:35:11 2019 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1363,8 +1363,11 @@
             // Calculate and compare the tag.  Only do the decryption
             // if and only if the tag matches.
             authFinalizeData(ctPlusTag, 0, ctLen, tag, 0);
-            if (Arrays.compare(ctPlusTag, ctLen, ctPlusTagLen,
-                    tag, 0, tag.length) != 0) {
+            long tagCompare = ((long)asLongView.get(ctPlusTag, ctLen) ^
+                    (long)asLongView.get(tag, 0)) |
+                    ((long)asLongView.get(ctPlusTag, ctLen + Long.BYTES) ^
+                    (long)asLongView.get(tag, Long.BYTES));
+            if (tagCompare != 0) {
                 throw new AEADBadTagException("Tag mismatch");
             }
             chaCha20Transform(ctPlusTag, 0, ctLen, out, outOff);