diff --git a/ChangeLog b/ChangeLog
index 8ecb0b93ecbc88f121fb024fa8dd72b8f776a74e..155af0edd44b4223e4ec791bd604231a51d7b2f3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2013-04-16  Niels Möller  <nisse@lysator.liu.se>
 
+	* umac32.c (umac32_digest): Fix nonce caching.
+	* umac64.c (umac64_digest): Likewise.
+
 	* testsuite/umac-test.c (test_incr): New function.
 	(test_main): Test nonce increment.
 
diff --git a/umac32.c b/umac32.c
index 98f987e9b359b0af16968d1a34cf22996cfe8f87..ce859c15996a116642900ab44b8a530a0b3939f4 100644
--- a/umac32.c
+++ b/umac32.c
@@ -101,8 +101,11 @@ umac32_digest (struct umac32_ctx *ctx,
     }
   assert (ctx->count > 0);
   if ( !(ctx->nonce_low & _UMAC_NONCE_CACHED))
-    aes_encrypt (&ctx->pdf_key, AES_BLOCK_SIZE,
-		 (uint8_t *) ctx->pad_cache, ctx->nonce);
+    {
+      aes_encrypt (&ctx->pdf_key, AES_BLOCK_SIZE,
+		   (uint8_t *) ctx->pad_cache, ctx->nonce);
+      ctx->nonce_low |= _UMAC_NONCE_CACHED;
+    }
 
   pad = ctx->pad_cache[ctx->nonce_low & 3];
 
diff --git a/umac64.c b/umac64.c
index b2a6970984c1dc68b344ca434dc48ebd5c2ab9b2..e92b95cb6ef6f8120dab3e815259c051e45575d2 100644
--- a/umac64.c
+++ b/umac64.c
@@ -104,9 +104,11 @@ umac64_digest (struct umac64_ctx *ctx,
     }
   assert (ctx->count > 0);
   if ( !(ctx->nonce_low & _UMAC_NONCE_CACHED))
-    aes_encrypt (&ctx->pdf_key, AES_BLOCK_SIZE,
-		 (uint8_t *) ctx->pad_cache, ctx->nonce);
-
+    {
+      aes_encrypt (&ctx->pdf_key, AES_BLOCK_SIZE,
+		   (uint8_t *) ctx->pad_cache, ctx->nonce);
+      ctx->nonce_low |= _UMAC_NONCE_CACHED;
+    }
   pad = ctx->pad_cache + 2*(ctx->nonce_low & 1);
 
   /* Increment nonce */