Skip to content

Commit

Permalink
Fix Poly1305 bug in fast version and bring it back
Browse files Browse the repository at this point in the history 
See

floodyberry/poly1305-donna@0911057

for fix in original C version.

"The issue was not properly detecting if st->h was >= 2^130 - 5, coupled
with believing my own README and defining POLY1305_16BITS instead of
POLY1305_16BIT and not catching the failure. The chance of the bug
affecting anything in the real world is essentially zero luckily, but
it's good to have it fixed."

Thanks to @floodyberry for fixing it quickly.
  • Loading branch information
@dchest
dchest committed Mar 29, 2016
1 parent b3f66ca commit 6dcbcaf
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion nacl-fast.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -745,7 +745,7 @@ poly1305.prototype.finish = function(mac, macpos) {
}
g[9] -= (1 << 13);

mask = (g[9] >>> ((2 * 8) - 1)) - 1;
mask = (c ^ 1) - 1;
for (i = 0; i < 10; i++) g[i] &= mask;
mask = ~mask;
for (i = 0; i < 10; i++) this.h[i] = (this.h[i] & mask) | g[i];
Expand Down
Loading

0 comments on commit 6dcbcaf

Please sign in to comment.