From cd2d1e28184b9924bceda22aab7d09e8034352b3 Mon Sep 17 00:00:00 2001
From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date: Wed, 10 Oct 2018 19:26:25 +0200
Subject: [PATCH] ctr16: fix encryption if src == dst

---
 ChangeLog | 6 ++++++
 ctr16.c   | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 16560c14..01515575 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2018-10-10  Dmitry Eremin-Solenikov  <dbaryshkov@gmail.com>
+
+	* ctr16.c (_ctr_crypt16): Bugfix for the src == dst case, when
+	processing more than on full block of size CTR_BUFFER_LIMIT, src
+	and dst arguments to memxor3 were not properly updated.
+
 2018-10-10  Niels Möller  <nisse@lysator.liu.se>
 
 	* aes-set-encrypt-key.c: Add missing include of stdlib.h.
diff --git a/ctr16.c b/ctr16.c
index 60418e8b..7e1c23d2 100644
--- a/ctr16.c
+++ b/ctr16.c
@@ -91,7 +91,7 @@ _ctr_crypt16(const void *ctx, nettle_cipher_func *f,
 	  f(ctx, CTR_BUFFER_LIMIT, buffer->b, buffer->b);
 	  if (length - i < CTR_BUFFER_LIMIT)
 	    goto done;
-	  memxor3 (dst, src, buffer->b, CTR_BUFFER_LIMIT);
+	  memxor3 (dst + i, src + i, buffer->b, CTR_BUFFER_LIMIT);
 	}
 
       if (blocks > 0)
-- 
2.47.2