Properly handle a partial block in OCB mode

If we have previously been passed a partial block in an "Update" call then
make sure we properly increment the output buffer when we use it.

Fixes #2273

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2275)
(cherry picked from commit 7c12c7b61c5b37c9dff930ccc68421fb7de00271)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index de73b3f52976efa639bedfcfcb8cf71087f5abb9..115da20e6592f25f1ebe79dbe77f9b2b46078654 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -2587,6 +2587,8 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             }
             written_len = AES_BLOCK_SIZE;
             *buf_len = 0;
+            if (out != NULL)
+                out += AES_BLOCK_SIZE;
         }
 
         /* Do we have a partial block to handle at the end? */