From fca8adc54976fe82dffcbe5abb18c8912eedf41e Mon Sep 17 00:00:00 2001
From: Jeffrey Walton <noloader@gmail.com>
Date: Wed, 13 Sep 2017 08:41:39 -0400
Subject: Fix CMAC 256-bit polynomial Also see GH #423

---
 cmac.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'cmac.cpp')

diff --git a/cmac.cpp b/cmac.cpp
index 1b56662d..ed56b10b 100644
--- a/cmac.cpp
+++ b/cmac.cpp
@@ -32,9 +32,9 @@ static void MulU(byte *k, unsigned int length)
 			break;
 		case 32:
 			// https://crypto.stackexchange.com/q/9815/10496
-			// Polynomial x^256 + x^10 + x^5 + x + 1
+			// Polynomial x^256 + x^10 + x^5 + x^2 + 1
 			k[30] ^= 4;
-			k[31] ^= 0x23;
+			k[31] ^= 0x25;
 			break;
 		case 64:
 			// https://crypto.stackexchange.com/q/9815/10496
-- 
cgit v1.2.1