From ab300310a0a95cb62f5586ddb2400dcd424b1812 Mon Sep 17 00:00:00 2001
From: Jens Steube <jens.steube@gmail.com>
Date: Thu, 17 Mar 2022 09:02:11 +0100
Subject: [PATCH] Improve support for enc_len and aad_len in AES_GCM_GHASH to
 actually allow 32 bit value (before was only 29 bit)

---
 OpenCL/inc_cipher_aes-gcm.cl | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/OpenCL/inc_cipher_aes-gcm.cl b/OpenCL/inc_cipher_aes-gcm.cl
index 6054b7b86..388356a48 100644
--- a/OpenCL/inc_cipher_aes-gcm.cl
+++ b/OpenCL/inc_cipher_aes-gcm.cl
@@ -273,10 +273,11 @@ DECLSPEC void AES_GCM_GHASH (PRIVATE_AS const u32 *subkey, PRIVATE_AS const u32
 
   u32 len_buf[4];
 
-  len_buf[0] = 0;
-  len_buf[1] = aad_len * 8;
-  len_buf[2] = 0;
-  len_buf[3] = enc_len * 8;
+  // still not fully correct if len > 32 bit
+  len_buf[0] = aad_len >> 29;
+  len_buf[1] = aad_len <<  3;
+  len_buf[2] = enc_len >> 29;
+  len_buf[3] = enc_len <<  3;
 
   AES_GCM_ghash (subkey, len_buf, 16, out);
 }
@@ -294,10 +295,11 @@ DECLSPEC void AES_GCM_GHASH_GLOBAL (PRIVATE_AS const u32 *subkey, PRIVATE_AS con
 
   u32 len_buf[4];
 
-  len_buf[0] = 0;
-  len_buf[1] = aad_len * 8;
-  len_buf[2] = 0;
-  len_buf[3] = enc_len * 8;
+  // still not fully correct if len > 32 bit
+  len_buf[0] = aad_len >> 29;
+  len_buf[1] = aad_len <<  3;
+  len_buf[2] = enc_len >> 29;
+  len_buf[3] = enc_len <<  3;
 
   AES_GCM_ghash (subkey, len_buf, 16, out);
 }