CRYPTO_gcm128_decrypt: fix mac or tag calculation

The incorrect code is in #ifdef branch that is normally not compiled in. Signed-off-by: Zhang Jinde <zjd5536@163.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#12968)
open-quantum-safe · Feb 19, 2021 · 1d724b5 · 1d724b5
1 parent 3352dc1
commit 1d724b5
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
@@ -1359,8 +1359,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                 else
                     ctx->Yi.d[3] = ctr;
                 for (i = 0; i < 16 / sizeof(size_t); ++i) {
-                    size_t c = in[i];
-                    out[i] = c ^ ctx->EKi.t[i];
+                    size_t c = in_t[i];
+                    out_t[i] = c ^ ctx->EKi.t[i];
                     ctx->Xi.t[i] ^= c;
                 }
                 GCM_MUL(ctx);