diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2020-04-05 13:36:50 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2020-04-05 13:36:50 +0700 |
| commit | 817238601b751c2c48f960c1e6867ca2556c7a83 (patch) | |
| tree | 8e2883c4f9361c5d29c0986147ef76ce94eceef9 /crypto/src | |
| parent | Spelling in exception message (diff) | |
| download | BouncyCastle.NET-ed25519-817238601b751c2c48f960c1e6867ca2556c7a83.tar.xz | |
Fix bad MAC padding length calculation
- affected files with data or AAD length >~2GB - see also https://github.com/bcgit/bc-java/issues/673 - also allow null output buffer
Diffstat (limited to 'crypto/src')
| -rw-r--r-- | crypto/src/crypto/modes/ChaCha20Poly1305.cs | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/crypto/src/crypto/modes/ChaCha20Poly1305.cs b/crypto/src/crypto/modes/ChaCha20Poly1305.cs index 9cc62174c..6ca32d9c6 100644 --- a/crypto/src/crypto/modes/ChaCha20Poly1305.cs +++ b/crypto/src/crypto/modes/ChaCha20Poly1305.cs @@ -251,8 +251,14 @@ namespace Org.BouncyCastle.Crypto.Modes { if (null == inBytes) throw new ArgumentNullException("inBytes"); + /* + * Following bc-java, we allow null when no output is expected (e.g. based on a + * GetUpdateOutputSize call). + */ if (null == outBytes) - throw new ArgumentNullException("outBytes"); + { + //throw new ArgumentNullException("outBytes"); + } if (inOff < 0) throw new ArgumentException("cannot be negative", "inOff"); if (len < 0) @@ -487,7 +493,7 @@ namespace Org.BouncyCastle.Crypto.Modes private void PadMac(ulong count) { - int partial = (int)count % MacSize; + int partial = (int)count & (MacSize - 1); if (0 != partial) { mPoly1305.BlockUpdate(Zeroes, 0, MacSize - partial); |