From da61debf8a8b0f0ec805ee23b8c5be3bc4838a03 Mon Sep 17 00:00:00 2001
From: Brian Smith <brian@briansmith.org>
Date: Tue, 11 Jun 2024 11:55:09 -0700
Subject: [PATCH] aes_gcm: Use `encrypt_iv_xor_block` for tag.

---
 src/aead/aes_gcm.rs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/aead/aes_gcm.rs b/src/aead/aes_gcm.rs
index 1ca44d908a..ebc1c4bd89 100644
--- a/src/aead/aes_gcm.rs
+++ b/src/aead/aes_gcm.rs
@@ -17,7 +17,7 @@ use super::{
     gcm, shift, Aad, Nonce, Tag,
 };
 use crate::{
-    constant_time, cpu, error,
+    cpu, error,
     polyfill::{slice, sliceutil::overwrite_at_start, usize_from_u64_saturated},
 };
 use core::ops::RangeFrom;
@@ -297,8 +297,7 @@ pub(super) fn open(
 fn finish(aes_key: &aes::Key, gcm_ctx: gcm::Context, tag_iv: aes::Iv) -> Tag {
     // Finalize the tag and return it.
     gcm_ctx.pre_finish(|pre_tag, cpu_features| {
-        let encrypted_iv = aes_key.encrypt_block(tag_iv.into_block_less_safe(), cpu_features);
-        Tag(constant_time::xor_16(pre_tag, encrypted_iv))
+        Tag(aes_key.encrypt_iv_xor_block(tag_iv, pre_tag, cpu_features))
     })
 }