diff --git a/attic/crypto.pyx b/attic/crypto.pyx
index a087e8459..4e8e259a1 100644
--- a/attic/crypto.pyx
+++ b/attic/crypto.pyx
@@ -179,8 +179,7 @@ cdef class AES:
                 # Get tag (mac) - only GCM mode. for CTR, the returned mac is undefined
                 if not EVP_CIPHER_CTX_ctrl(&self.ctx, EVP_CTRL_GCM_GET_TAG, MAC_SIZE, mac):
                     raise Exception('EVP_CIPHER_CTX_ctrl GET TAG failed')
-            # hack: caller wants 32B tags (256b), so we give back that amount
-            return (mac[:MAC_SIZE] + b'\x00'*16), out[:ctl]
+            return (mac[:MAC_SIZE]), out[:ctl]
         finally:
             free(mac)
             free(out)
diff --git a/attic/key.py b/attic/key.py
index 591f4e9ec..723b321cd 100644
--- a/attic/key.py
+++ b/attic/key.py
@@ -112,7 +112,7 @@ class GHASH:
         # GMAC = aes-gcm with all data as AAD, no data as to-be-encrypted data
         mac_cipher.add(bytes(self.data))
         hash, _ = mac_cipher.compute_mac_and_encrypt(b'')
-        return hash
+        return hash + b'\0'*16  # XXX hashindex code wants 32 bytes (256 bit)
 
 
 class HMAC_SHA256(HMAC):
diff --git a/attic/testsuite/crypto.py b/attic/testsuite/crypto.py
index 8b523494e..bf3fe912a 100644
--- a/attic/testsuite/crypto.py
+++ b/attic/testsuite/crypto.py
@@ -48,7 +48,7 @@ class CryptoTestCase(AtticTestCase):
         # encrypt
         aes = AES(mode=AES_GCM_MODE, is_encrypt=True, key=key, iv=iv)
         mac, cdata = aes.compute_mac_and_encrypt(data)
-        self.assert_equal(hexlify(mac), b'c98aa10eb6b7031bcc2160878d9438fb00000000000000000000000000000000')
+        self.assert_equal(hexlify(mac), b'c98aa10eb6b7031bcc2160878d9438fb')
         self.assert_equal(hexlify(cdata), b'841bcce405df769d22ee9f7f012edf5dc7fb2594d924c7400ffd050f2741')
         # decrypt (correct mac/cdata)
         aes = AES(mode=AES_GCM_MODE, is_encrypt=False, key=key, iv=iv)