From: Andy Polyakov <appro@openssl.org>
Date: Mon, 13 Aug 2012 15:31:10 +0000 (+0000)
Subject: gcm128.c: fix AAD-only case with AAD length not divisible by 16 [from HEAD].
X-Git-Tag: OpenSSL_1_0_2-beta1~594
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f0a069c1a2d488b7668075baf78623bcab36e37d;p=thirdparty%2Fopenssl.git

gcm128.c: fix AAD-only case with AAD length not divisible by 16 [from HEAD].

PR: 2859
Submitted by: John Foley
---

diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index ec6c1b30b2c..0e6ff8b0a15 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1398,7 +1398,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
 	void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])	= ctx->gmult;
 #endif
 
-	if (ctx->mres)
+	if (ctx->mres || ctx->ares)
 		GCM_MUL(ctx,Xi);
 
 	if (is_endian.little) {