OpenJDK / jdk8u / jdk8u / jdk
changeset 11586:4c53be81bc7a
8143945: Better GCM validation
Reviewed-by: xuelei, mullan
| author | ascarpino |
|---|---|
| date | Mon, 21 Dec 2015 10:43:40 -0800 |
| parents | a6ddeee5055c |
| children | 552953ba78bf |
| files | src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java |
| diffstat | 1 files changed, 9 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java Mon Jan 04 11:09:00 2016 -0800 +++ b/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java Mon Dec 21 10:43:40 2015 -0800 @@ -519,11 +519,17 @@ byte[] sOut = new byte[s.length]; GCTR gctrForSToTag = new GCTR(embeddedCipher, this.preCounterBlock); gctrForSToTag.doFinal(s, 0, s.length, sOut, 0); + + // check entire authentication tag for time-consistency + int mismatch = 0; for (int i = 0; i < tagLenBytes; i++) { - if (tag[i] != sOut[i]) { - throw new AEADBadTagException("Tag mismatch!"); - } + mismatch |= tag[i] ^ sOut[i]; } + + if (mismatch != 0) { + throw new AEADBadTagException("Tag mismatch!"); + } + return len; }