rijndael-s390x: fix checksum calculation in OCB decryption

* cipher/rijndael-s390x.c (aes_s390x_ocb_dec): Calculate checksum after decryption instead of inlining. -- OCB decryption was missing checksum inlining in 64 block loop. GnuPG-bug-id: T5356 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
author: Jussi Kivilinna <jussi.kivilinna@iki.fi> 2021-03-25 19:52:23 +0200
committer: Jussi Kivilinna <jussi.kivilinna@iki.fi> 2021-03-25 20:04:18 +0200
commit: 68bb0ddc5504c9c0f3f52259a4085bb2fc1a02ad (patch)
tree: bb51e4021cacc8307337391f9ec6b677ea3a242f
parent: 21c273cecfd58408b8d3287f5bc8c246c3010313 (diff)
download: libgcrypt-68bb0ddc5504c9c0f3f52259a4085bb2fc1a02ad.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/cipher/rijndael-s390x.c b/cipher/rijndael-s390x.c
index aea65c5a..c3da9fb2 100644
--- a/cipher/rijndael-s390x.c
+++ b/cipher/rijndael-s390x.c
@@ -777,9 +777,7 @@ aes_s390x_ocb_dec (gcry_cipher_hd_t c, void *outbuf_arg,
       OCB_INPUT_4((n) + 12);
 
 #define OCB_OUTPUT(n) \
-      cipher_block_xor_1 (&blocks[n], outbuf + (n) * BLOCKSIZE, BLOCKSIZE); \
-      cipher_block_xor_1 (c->u_ctr.ctr, &blocks[n], BLOCKSIZE); \
-      cipher_block_cpy (outbuf + (n) * BLOCKSIZE, &blocks[n], BLOCKSIZE);
+      cipher_block_xor_1 (outbuf + (n) * BLOCKSIZE, &blocks[n], BLOCKSIZE);
 
 #define OCB_OUTPUT_4(n) \
       OCB_OUTPUT((n) + 0); OCB_OUTPUT((n) + 1); OCB_OUTPUT((n) + 2); \
@@ -895,6 +893,8 @@ aes_s390x_ocb_dec (gcry_cipher_hd_t c, void *outbuf_arg,
   if (max_blocks_used)
     wipememory (&blocks, max_blocks_used * BLOCKSIZE);
 
+  aes_s390x_ocb_checksum (c->u_ctr.ctr, outbuf_arg, nblocks_arg);
+
   return 0;
 }
author	Jussi Kivilinna <jussi.kivilinna@iki.fi>	2021-03-25 19:52:23 +0200
committer	Jussi Kivilinna <jussi.kivilinna@iki.fi>	2021-03-25 20:04:18 +0200
commit	68bb0ddc5504c9c0f3f52259a4085bb2fc1a02ad (patch)
tree	bb51e4021cacc8307337391f9ec6b677ea3a242f
parent	21c273cecfd58408b8d3287f5bc8c246c3010313 (diff)
download	libgcrypt-68bb0ddc5504c9c0f3f52259a4085bb2fc1a02ad.tar.gz