Fix GCM counter increment

GCM is defined as having a 32-bit counter, but CTR_BE incremented the
counter across the entire block. This caused incorrect results if
a very large message (2**39 bits) was processed, or if the GHASH
derived nonce ended up having a counter field near to 2**32

Thanks to Juraj Somorovsky for the bug report and repro.

0 files changed, 0 insertions, 0 deletions