diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 08b382235..fef2f9c74 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -5123,8 +5123,10 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c,
         }
 #ifdef OPENSSL_EXTRA
         /* store AAD partial tag for next call */
-        aes->aadH[0] = (word32)x[0];
-        aes->aadH[1] = (word32)x[1];
+        aes->aadH[0] = (word32)((x[0] & 0xFFFFFFFF00000000) >> 32);
+        aes->aadH[1] = (word32)(x[0] & 0xFFFFFFFF);
+        aes->aadH[2] = (word32)((x[1] & 0xFFFFFFFF00000000) >> 32);
+        aes->aadH[3] = (word32)(x[1] & 0xFFFFFFFF);
 #endif
     }
 
@@ -5136,8 +5138,8 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c,
 #ifdef OPENSSL_EXTRA
         /* Start from last AAD partial tag */
         if(aes->aadLen) {
-            x[0] = (word64)aes->aadH[0];
-            x[1] = (word64)aes->aadH[1];
+            x[0] = ((word64)aes->aadH[0]) << 32 | aes->aadH[1];
+            x[1] = ((word64)aes->aadH[2]) << 32 | aes->aadH[3];
          }
 #endif
         while (blocks--) {
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index e59d36348..eeecb0b65 100644
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -146,7 +146,7 @@ typedef struct Aes {
 #ifdef HAVE_AESGCM
     ALIGN16 byte H[AES_BLOCK_SIZE];
 #ifdef OPENSSL_EXTRA
-    word32 aadH[2]; /* additional authenticated data GASH */
+    word32 aadH[4]; /* additional authenticated data GHASH */
     word32 aadLen;  /* additional authenticated data len */
 #endif