From 01aee889bc01b0411bedd06b0169605546cda92a Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 10 Sep 2022 17:45:10 +0000
Subject: Increment the input and output position for EVP AES CFB1.

The length is decremented, however the input is repeatedly read from and
output written to the same position. Correct this by actually incrementing
the input and output pointers.

Found via OpenSSL 604e591ed7,

ok tb@
---
 src/lib/libcrypto/evp/e_aes.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index e6bba2b952..3661abcbfe 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.47 2022/09/06 06:38:26 jsing Exp $ */
+/* $OpenBSD: e_aes.c,v 1.48 2022/09/10 17:45:10 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -511,6 +511,8 @@ aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK*8, &dat->ks,
 		    ctx->iv, &ctx->num, ctx->encrypt, dat->block);
 		len -= MAXBITCHUNK;
+		in += MAXBITCHUNK;
+		out += MAXBITCHUNK;
 	}
 	if (len)
 		CRYPTO_cfb128_1_encrypt(in, out, len*8, &dat->ks,
-- 
cgit v1.2.3-55-g6feb