cleanup: Use 32 bits instead of 40 bits to perform AND operation in aes implementation.

Fixes https://github.com/openssl/openssl/issues/29963

Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 11 07:29:17 2026
(Merged from https://github.com/openssl/openssl/pull/29964)

diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c
index 1d2832758827fbd99e8b132a73900e492ee5d359..7d90f0b4ed2cb468bb1c6c97ec52168f87518c4f 100644 (file)
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@@ -190,7 +190,7 @@ static void SubWord(u32 *w)
     a2 = a3;
     a2 ^= (a3 & 0x0C0C0C0Cu) >> 2;
     a4 = a3 & a2;
-    a4 ^= (a4 & 0x0A0A0A0A0Au) >> 1;
+    a4 ^= (a4 & 0x0A0A0A0Au) >> 1;
     a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0Au;
     a5 = a4 & 0x08080808u;
     a5 |= a5 >> 1;