From 1d724b5e82ba36fb50fd24db3cd664da570daf84 Mon Sep 17 00:00:00 2001
From: Zhang Jinde <zjd5536@163.com>
Date: Thu, 24 Sep 2020 14:48:28 +0800
Subject: CRYPTO_gcm128_decrypt: fix mac or tag calculation

The incorrect code is in #ifdef branch that is normally
not compiled in.

Signed-off-by: Zhang Jinde <zjd5536@163.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12968)
---
 crypto/modes/gcm128.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'crypto/modes')

diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 4f52073d7f..a6147e41a1 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1359,8 +1359,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                 else
                     ctx->Yi.d[3] = ctr;
                 for (i = 0; i < 16 / sizeof(size_t); ++i) {
-                    size_t c = in[i];
-                    out[i] = c ^ ctx->EKi.t[i];
+                    size_t c = in_t[i];
+                    out_t[i] = c ^ ctx->EKi.t[i];
                     ctx->Xi.t[i] ^= c;
                 }
                 GCM_MUL(ctx);
-- 
cgit v1.2.3