gcm128.c: fix AAD-only case with AAD length not divisible by 16.
authorAndy Polyakov <appro@openssl.org>
Mon, 13 Aug 2012 15:07:37 +0000 (15:07 +0000)
committerAndy Polyakov <appro@openssl.org>
Mon, 13 Aug 2012 15:07:37 +0000 (15:07 +0000)
PR: 2859
Submitted by: John Foley

crypto/modes/gcm128.c

index 025c7f8..f8dd497 100644 (file)
@@ -1401,7 +1401,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
        void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])    = ctx->gmult;
 #endif
 
-       if (ctx->mres)
+       if (ctx->mres || ctx->ares)
                GCM_MUL(ctx,Xi);
 
        if (is_endian.little) {