gcm128.c: fix AAD-only case with AAD length not divisible by 16 [from HEAD].

author Andy Polyakov <appro@openssl.org>

Mon, 13 Aug 2012 15:31:10 +0000 (15:31 +0000)

committer Andy Polyakov <appro@openssl.org>

Mon, 13 Aug 2012 15:31:10 +0000 (15:31 +0000)
author Andy Polyakov <appro@openssl.org>
Mon, 13 Aug 2012 15:31:10 +0000 (15:31 +0000)
committer Andy Polyakov <appro@openssl.org>
Mon, 13 Aug 2012 15:31:10 +0000 (15:31 +0000)
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c

index ec6c1b30b2c9a0f5bc21a7a30060f1a7342ed58c..0e6ff8b0a155e0070d1afaaee767461da72f6ff2 100644 (file)
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1398,7 +1398,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
         void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])    = ctx->gmult;
  #endif
  
-       if (ctx->mres)
+       if (ctx->mres || ctx->ares)
                 GCM_MUL(ctx,Xi);
  
         if (is_endian.little) {
author	Andy Polyakov <appro@openssl.org>
	Mon, 13 Aug 2012 15:31:10 +0000 (15:31 +0000)
committer	Andy Polyakov <appro@openssl.org>
	Mon, 13 Aug 2012 15:31:10 +0000 (15:31 +0000)