Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8143945: Better GCM validation
authorascarpino
Mon, 21 Dec 2015 10:43:40 -0800
changeset 37579 839fba6035e9
parent 37578 561997281f4a
child 37580 46b10ab97043
8143945: Better GCM validation Reviewed-by: xuelei, mullan
jdk/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java	Tue Oct 20 12:08:44 2015 +0300
+++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java	Mon Dec 21 10:43:40 2015 -0800
@@ -512,11 +512,17 @@
         byte[] sOut = new byte[s.length];
         GCTR gctrForSToTag = new GCTR(embeddedCipher, this.preCounterBlock);
         gctrForSToTag.doFinal(s, 0, s.length, sOut, 0);
+
+        // check entire authentication tag for time-consistency
+        int mismatch = 0;
         for (int i = 0; i < tagLenBytes; i++) {
-            if (tag[i] != sOut[i]) {
-                throw new AEADBadTagException("Tag mismatch!");
-            }
+            mismatch |= tag[i] ^ sOut[i];
         }
+
+        if (mismatch != 0) {
+            throw new AEADBadTagException("Tag mismatch!");
+        }
+
         return len;
     }
jdk-sandbox