From f2e122f90dbd4c7aec1aa70b37a0912971c13057 Mon Sep 17 00:00:00 2001
From: Sun Yimin <emmansun@users.noreply.github.com>
Date: Fri, 13 Sep 2024 15:06:08 +0800
Subject: [PATCH] sm4: ppc64x, gcm fix bug #249

---
 sm4/gcm_ppc64x.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sm4/gcm_ppc64x.go b/sm4/gcm_ppc64x.go
index 52aa0dd..a2a27e2 100644
--- a/sm4/gcm_ppc64x.go
+++ b/sm4/gcm_ppc64x.go
@@ -169,7 +169,7 @@ func (g *gcmAsm) paddedGHASH(hash *[16]byte, data []byte) {
 // auth calculates GHASH(ciphertext, additionalData), masks the result with
 // tagMask and writes the result to out.
 func (g *gcmAsm) auth(out, ciphertext, aad []byte, tagMask *[gcmTagSize]byte) {
-	var hash [16]byte
+	var hash [gcmTagSize]byte
 	g.paddedGHASH(&hash, aad)
 	g.paddedGHASH(&hash, ciphertext)
 	lens := gcmLengths(uint64(len(aad))*8, uint64(len(ciphertext))*8)
@@ -199,7 +199,9 @@ func (g *gcmAsm) Seal(dst, nonce, plaintext, data []byte) []byte {
 	gcmInc32(&counter)
 
 	g.counterCrypt(out, plaintext, &counter)
-	g.auth(out[len(plaintext):], out[:len(plaintext)], data, &tagMask)
+	var tag [gcmTagSize]byte
+	g.auth(tag[:], out[:len(plaintext)], data, &tagMask)
+	copy(out[len(plaintext):], tag[:])
 
 	return ret
 }