From 9ddd859d2a0f987ca63ff7b83a723b39f1dfa8fd Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Mon, 13 Aug 2012 15:07:37 +0000
Subject: [PATCH] gcm128.c: fix AAD-only case with AAD length not divisible by
 16.

PR: 2859
Submitted by: John Foley
---
 crypto/modes/gcm128.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 025c7f8897..f8dd497f87 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1401,7 +1401,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
 	void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])	= ctx->gmult;
 #endif
 
-	if (ctx->mres)
+	if (ctx->mres || ctx->ares)
 		GCM_MUL(ctx,Xi);
 
 	if (is_endian.little) {
-- 
2.34.1