gcm128.c: fix AAD-only case with AAD length not divisible by 16.

PR: 2859 Submitted by: John Foley (backport from HEAD)
author: Dr. Stephen Henson <steve@openssl.org> 2012-10-14 12:29:25 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-10-14 12:29:25 +0000
commit: 799602e489b92fdc0bdf4bc8f0920ef3707bf6f3 (patch)
tree: 177a6e4dff09626578c015f5d4bf6cac39daea2d
parent: 82607b291f2e1ebf31fde8956b9d6cfbee060d30 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 8dfeae5ed5..a52ffb1d22 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1403,7 +1403,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
 	void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])	= ctx->gmult;
 #endif
 
-	if (ctx->mres)
+	if (ctx->mres || ctx->ares)
 		GCM_MUL(ctx,Xi);
 
 	if (is_endian.little) {
author	Dr. Stephen Henson <steve@openssl.org>	2012-10-14 12:29:25 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-10-14 12:29:25 +0000
commit	799602e489b92fdc0bdf4bc8f0920ef3707bf6f3 (patch)
tree	177a6e4dff09626578c015f5d4bf6cac39daea2d
parent	82607b291f2e1ebf31fde8956b9d6cfbee060d30 (diff)