Mercurial > hg > release > icedtea8-forest-3.0 > jdk

changeset 11731:4c53be81bc7a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8143945: Better GCM validation Reviewed-by: xuelei, mullan
author ascarpino
date Mon, 21 Dec 2015 10:43:40 -0800
parents a6ddeee5055c
children 552953ba78bf
files src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
diffstat 1 files changed, 9 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java	Mon Jan 04 11:09:00 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java	Mon Dec 21 10:43:40 2015 -0800
@@ -519,11 +519,17 @@
         byte[] sOut = new byte[s.length];
         GCTR gctrForSToTag = new GCTR(embeddedCipher, this.preCounterBlock);
         gctrForSToTag.doFinal(s, 0, s.length, sOut, 0);
+
+        // check entire authentication tag for time-consistency
+        int mismatch = 0;
         for (int i = 0; i < tagLenBytes; i++) {
-            if (tag[i] != sOut[i]) {
-                throw new AEADBadTagException("Tag mismatch!");
-            }
+            mismatch |= tag[i] ^ sOut[i];
         }
+
+        if (mismatch != 0) {
+            throw new AEADBadTagException("Tag mismatch!");
+        }
+
         return len;
     }