From c802ea7ebd2dc0c8e1f83cb6d314f9df6dbab4eb Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 17 Jun 2021 08:08:43 -0700
Subject: [PATCH] Fix for unaligned authentication tag sizes when the STM32
 Cube HAL supports it with `CRYP_HEADERWIDTHUNIT_BYTE`.

---
 wolfcrypt/src/aes.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index b3100a7b0..cf3aecbd5 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -7014,7 +7014,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz
     hcryp.Init.Algorithm = CRYP_AES_GCM;
     #ifdef CRYP_HEADERWIDTHUNIT_BYTE
     /* V2 with CRYP_HEADERWIDTHUNIT_BYTE uses byte size for header */
-    hcryp.Init.HeaderSize = authPadSz;
+    hcryp.Init.HeaderSize = authInSz;
     #else
     hcryp.Init.HeaderSize = authPadSz/sizeof(word32);
     #endif
@@ -7527,7 +7527,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
     hcryp.Init.Algorithm = CRYP_AES_GCM;
     #ifdef CRYP_HEADERWIDTHUNIT_BYTE
     /* V2 with CRYP_HEADERWIDTHUNIT_BYTE uses byte size for header */
-    hcryp.Init.HeaderSize = authPadSz;
+    hcryp.Init.HeaderSize = authInSz;
     #else
     hcryp.Init.HeaderSize = authPadSz/sizeof(word32);
     #endif