From 8b1f87ff17c15812707feb063a073472bba18199 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 10 Sep 2022 17:45:10 +0000
Subject: Increment the input and output position for EVP AES CFB1.

The length is decremented, however the input is repeatedly read from and
output written to the same position. Correct this by actually incrementing
the input and output pointers.

Found via OpenSSL 604e591ed7,

ok tb@
---
 src/lib/libcrypto/evp/e_aes.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index e6bba2b952..3661abcbfe 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.47 2022/09/06 06:38:26 jsing Exp $ */
+/* $OpenBSD: e_aes.c,v 1.48 2022/09/10 17:45:10 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -511,6 +511,8 @@ aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK*8, &dat->ks,
 		    ctx->iv, &ctx->num, ctx->encrypt, dat->block);
 		len -= MAXBITCHUNK;
+		in += MAXBITCHUNK;
+		out += MAXBITCHUNK;
 	}
 	if (len)
 		CRYPTO_cfb128_1_encrypt(in, out, len*8, &dat->ks,
-- 
cgit v1.2.3-55-g6feb