From ce4bd09860ce903f6f96add344bb617adeeda1b7 Mon Sep 17 00:00:00 2001
From: Douglas Stebila <dstebila@uwaterloo.ca>
Date: Thu, 26 Mar 2020 21:11:07 -0400
Subject: [PATCH] Use the right AES CTX

---
 crypto_kem/kyber1024-90s/clean/aes256ctr.c | 2 +-
 crypto_kem/kyber512-90s/clean/aes256ctr.c  | 2 +-
 crypto_kem/kyber768-90s/clean/aes256ctr.c  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto_kem/kyber1024-90s/clean/aes256ctr.c b/crypto_kem/kyber1024-90s/clean/aes256ctr.c
index 2e0143a3..2d4592e5 100644
--- a/crypto_kem/kyber1024-90s/clean/aes256ctr.c
+++ b/crypto_kem/kyber1024-90s/clean/aes256ctr.c
@@ -70,7 +70,7 @@ void PQCLEAN_KYBER102490S_CLEAN_aes256_prf(uint8_t *output, size_t outlen, const
 *              - uint8_t y:           second additional byte to "absorb"
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_aes256xof_absorb(aes256xof_ctx *s, const uint8_t *key, uint8_t x, uint8_t y) {
-    aes256_ctr_keyexp(&s->sk_exp, key);
+    aes256_ecb_keyexp(&s->sk_exp, key);
     for (int i = 2; i < 12; i++) {
         s->iv[i] = 0;
     }
diff --git a/crypto_kem/kyber512-90s/clean/aes256ctr.c b/crypto_kem/kyber512-90s/clean/aes256ctr.c
index e306ccb4..d15194b3 100644
--- a/crypto_kem/kyber512-90s/clean/aes256ctr.c
+++ b/crypto_kem/kyber512-90s/clean/aes256ctr.c
@@ -70,7 +70,7 @@ void PQCLEAN_KYBER51290S_CLEAN_aes256_prf(uint8_t *output, size_t outlen, const
 *              - uint8_t y:           second additional byte to "absorb"
 **************************************************/
 void PQCLEAN_KYBER51290S_CLEAN_aes256xof_absorb(aes256xof_ctx *s, const uint8_t *key, uint8_t x, uint8_t y) {
-    aes256_ctr_keyexp(&s->sk_exp, key);
+    aes256_ecb_keyexp(&s->sk_exp, key);
     for (int i = 2; i < 12; i++) {
         s->iv[i] = 0;
     }
diff --git a/crypto_kem/kyber768-90s/clean/aes256ctr.c b/crypto_kem/kyber768-90s/clean/aes256ctr.c
index f49e20f9..3deae94c 100644
--- a/crypto_kem/kyber768-90s/clean/aes256ctr.c
+++ b/crypto_kem/kyber768-90s/clean/aes256ctr.c
@@ -70,7 +70,7 @@ void PQCLEAN_KYBER76890S_CLEAN_aes256_prf(uint8_t *output, size_t outlen, const
 *              - uint8_t y:           second additional byte to "absorb"
 **************************************************/
 void PQCLEAN_KYBER76890S_CLEAN_aes256xof_absorb(aes256xof_ctx *s, const uint8_t *key, uint8_t x, uint8_t y) {
-    aes256_ctr_keyexp(&s->sk_exp, key);
+    aes256_ecb_keyexp(&s->sk_exp, key);
     for (int i = 2; i < 12; i++) {
         s->iv[i] = 0;
     }