diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-05-12 03:18:28 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-12 03:18:28 -0700 |
commit | 171dd10125a4b4195409f05ea45fb505021f2ce8 (patch) | |
tree | ed42ff382b3373909e58f36bb2604456093c3bcd /vendor/golang.org/x/crypto/poly1305/poly1305.go | |
parent | 2ad59d311b8c573186574cec6d4dc57bff0c3a53 (diff) | |
parent | 164768c3b9d05c2410f4f672a80c631d21b8cd02 (diff) | |
download | podman-171dd10125a4b4195409f05ea45fb505021f2ce8.tar.gz podman-171dd10125a4b4195409f05ea45fb505021f2ce8.tar.bz2 podman-171dd10125a4b4195409f05ea45fb505021f2ce8.zip |
Merge pull request #6172 from containers/dependabot/go_modules/github.com/containers/image/v5-5.4.4
Bump github.com/containers/image/v5 from 5.4.3 to 5.4.4
Diffstat (limited to 'vendor/golang.org/x/crypto/poly1305/poly1305.go')
-rw-r--r-- | vendor/golang.org/x/crypto/poly1305/poly1305.go | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/vendor/golang.org/x/crypto/poly1305/poly1305.go b/vendor/golang.org/x/crypto/poly1305/poly1305.go index 066159b79..3c75c2a67 100644 --- a/vendor/golang.org/x/crypto/poly1305/poly1305.go +++ b/vendor/golang.org/x/crypto/poly1305/poly1305.go @@ -46,10 +46,9 @@ func Verify(mac *[16]byte, m []byte, key *[32]byte) bool { // two different messages with the same key allows an attacker // to forge messages at will. func New(key *[32]byte) *MAC { - return &MAC{ - mac: newMAC(key), - finalized: false, - } + m := &MAC{} + initialize(key, &m.macState) + return m } // MAC is an io.Writer computing an authentication tag @@ -58,7 +57,7 @@ func New(key *[32]byte) *MAC { // MAC cannot be used like common hash.Hash implementations, // because using a poly1305 key twice breaks its security. // Therefore writing data to a running MAC after calling -// Sum causes it to panic. +// Sum or Verify causes it to panic. type MAC struct { mac // platform-dependent implementation @@ -71,10 +70,10 @@ func (h *MAC) Size() int { return TagSize } // Write adds more data to the running message authentication code. // It never returns an error. // -// It must not be called after the first call of Sum. +// It must not be called after the first call of Sum or Verify. func (h *MAC) Write(p []byte) (n int, err error) { if h.finalized { - panic("poly1305: write to MAC after Sum") + panic("poly1305: write to MAC after Sum or Verify") } return h.mac.Write(p) } @@ -87,3 +86,12 @@ func (h *MAC) Sum(b []byte) []byte { h.finalized = true return append(b, mac[:]...) } + +// Verify returns whether the authenticator of all data written to +// the message authentication code matches the expected value. +func (h *MAC) Verify(expected []byte) bool { + var mac [TagSize]byte + h.mac.Sum(&mac) + h.finalized = true + return subtle.ConstantTimeCompare(expected, mac[:]) == 1 +} |