gcm128.c: fix AAD-only case with AAD length not divisible by 16.

author Dr. Stephen Henson <steve@openssl.org>

Sun, 14 Oct 2012 12:29:25 +0000 (12:29 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Sun, 14 Oct 2012 12:29:25 +0000 (12:29 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sun, 14 Oct 2012 12:29:25 +0000 (12:29 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Sun, 14 Oct 2012 12:29:25 +0000 (12:29 +0000)
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c

index 8dfeae5ed50dd7f3e910ef42aa0786d375cdc5be..a52ffb1d22bd88855ab728d68ea0f9d7c194f2bd 100644 (file)
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1403,7 +1403,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
         void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])    = ctx->gmult;
  #endif
  
-       if (ctx->mres)
+       if (ctx->mres || ctx->ares)
                 GCM_MUL(ctx,Xi);
  
         if (is_endian.little) {
author	Dr. Stephen Henson <steve@openssl.org>
	Sun, 14 Oct 2012 12:29:25 +0000 (12:29 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Sun, 14 Oct 2012 12:29:25 +0000 (12:29 +0000)