Properly handle a partial block in OCB mode

If we have previously been passed a partial block in an "Update" call then
make sure we properly increment the output buffer when we use it.

Fixes #2273

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2275)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 0fb3c16e4e7dd2f913e034b6a63b3f6ac6677725..d3be6a086aaaefe872fd85af9feaaed9dc2f1514 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -2587,6 +2587,8 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             }
             written_len = AES_BLOCK_SIZE;
             *buf_len = 0;
             }
             written_len = AES_BLOCK_SIZE;
             *buf_len = 0;

+            if (out != NULL)
+                out += AES_BLOCK_SIZE;

         }
 
         /* Do we have a partial block to handle at the end? */
         }
 
         /* Do we have a partial block to handle at the end? */