gcm128.c: fix AAD-only case with AAD length not divisible by 16.

PR: 2859
Submitted by: John Foley

diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 025c7f889750914ff97385368a00fba5740c4c5d..f8dd497f872534de719734b80de2fe1256d52837 100644 (file)
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1401,7 +1401,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
        void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])    = ctx->gmult;
 #endif
 
-       if (ctx->mres)
+       if (ctx->mres || ctx->ares)
                GCM_MUL(ctx,Xi);
 
        if (is_endian.little) {