Fix the overlapping check for fragmented "Update" operations

When doing in place encryption the overlapping buffer check can fail incorrectly where we have done a partial block "Update" operation. This fixes things to take account of any pending partial blocks. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275)
author: Matt Caswell <matt@openssl.org> 2017-01-24 12:57:34 +0000
committer: Matt Caswell <matt@openssl.org> 2017-01-25 15:02:44 +0000
commit: 7141ba31969d0b378d08104a51f8f99b9187b9d5 (patch)
tree: 58735ecf1d4e9b266e2b928f13d018d2118f05c3 /crypto/evp/e_des3.c
parent: 0b96d77a62d8ac9a45ac1dda47560ced676b5b8d (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index a842913658..da77936c96 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -15,6 +15,7 @@
 # include "internal/evp_int.h"
 # include <openssl/des.h>
 # include <openssl/rand.h>
+# include "evp_locl.h"
 
 typedef struct {
     union {
@@ -392,6 +393,12 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
      */
     if (inl >= EVP_MAXCHUNK || inl % 8)
         return -1;
+
+    if (is_partially_overlapping(out, in, inl)) {
+        EVPerr(EVP_F_DES_EDE3_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
+
     if (EVP_CIPHER_CTX_encrypting(ctx))
         return des_ede3_wrap(ctx, out, in, inl);
     else
author	Matt Caswell <matt@openssl.org>	2017-01-24 12:57:34 +0000
committer	Matt Caswell <matt@openssl.org>	2017-01-25 15:02:44 +0000
commit	7141ba31969d0b378d08104a51f8f99b9187b9d5 (patch)
tree	58735ecf1d4e9b266e2b928f13d018d2118f05c3 /crypto/evp/e_des3.c
parent	0b96d77a62d8ac9a45ac1dda47560ced676b5b8d (diff)