From a5ea347381991c7c4c0ca9701428e53677c65f8a Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sun, 11 Dec 2022 23:47:46 +0100
Subject: [PATCH] Sync the AESNI aes_gcm_decrypt_generic() impl with the ARM
 one

---
 .../crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c     | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c b/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c
index 907480a3..7faf0be0 100644
--- a/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c
+++ b/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c
@@ -603,7 +603,7 @@ aes_gcm_decrypt_generic(const State *st, GHash *sth, unsigned char mac[ABYTES],
 
     /* 2*PARALLEL_BLOCKS aggregation */
 
-    for (; i + 2 * PARALLEL_BLOCKS * 16 <= src_len; i += 2 * PARALLEL_BLOCKS * 16) {
+    while (i + 2 * PARALLEL_BLOCKS * 16 <= src_len) {
         counter = incr_counters(rev_counters, counter, PARALLEL_BLOCKS);
 
         u = gh_update0(sth, src + i, st->hx[2 * PARALLEL_BLOCKS - 1 - 0]);
@@ -615,13 +615,14 @@ aes_gcm_decrypt_generic(const State *st, GHash *sth, unsigned char mac[ABYTES],
 
         counter = incr_counters(rev_counters, counter, PARALLEL_BLOCKS);
 
+        i += PARALLEL_BLOCKS * 16;
         for (j = 0; j < PARALLEL_BLOCKS; j += 1) {
             gh_update(&u, src + i + j * 16, st->hx[PARALLEL_BLOCKS - 1 - j]);
         }
         sth->acc = gcm_reduce(u);
 
-        encrypt_xor_wide(st, dst + i + PARALLEL_BLOCKS * 16, src + i + PARALLEL_BLOCKS * 16,
-                         rev_counters);
+        encrypt_xor_wide(st, dst + i, src + i, rev_counters);
+        i += PARALLEL_BLOCKS * 16;
     }
 
     /* PARALLEL_BLOCKS aggregation */