From 262d8ced795d72114c3bfdb0786ae8561ec3e266 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 22 May 2023 23:13:45 +0100
Subject: [PATCH] Fix AES-CBC for in-place operation

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/aes.c | 29 ++++++++++++-----------------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/library/aes.c b/library/aes.c
index eb3f873e7..bfcaf352b 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1071,26 +1071,21 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
     const unsigned char *ivp = iv;
 
     if (mode == MBEDTLS_AES_DECRYPT) {
-        if (length >= 16) {
-            unsigned char temp2[16];
-            memcpy(temp, input + length - 16, 16);
-
-            while (length > 0) {
-                ret = mbedtls_aes_crypt_ecb(ctx, mode, input, temp2);
-                if (ret != 0) {
-                    goto exit;
-                }
-
-                mbedtls_xor(output, temp2, ivp, 16);
-
-                ivp = input;
-
-                input  += 16;
-                output += 16;
-                length -= 16;
+        unsigned char temp2[16];
+        while (length > 0) {
+            memcpy(temp, input, 16);
+            ret = mbedtls_aes_crypt_ecb(ctx, mode, input, temp2);
+            if (ret != 0) {
+                goto exit;
             }
 
+            mbedtls_xor(output, temp2, iv, 16);
+
             memcpy(iv, temp, 16);
+
+            input  += 16;
+            output += 16;
+            length -= 16;
         }
     } else {
         while (length > 0) {