diff --git a/library/aes.c b/library/aes.c
index aa230fd15..6d8cf2e3c 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1068,6 +1068,8 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
     }
 #endif
 
+    const unsigned char *ivp = iv;
+
     if (mode == MBEDTLS_AES_DECRYPT) {
         while (length > 0) {
             memcpy(temp, input, 16);
@@ -1086,18 +1088,19 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
         }
     } else {
         while (length > 0) {
-            mbedtls_xor(temp, input, iv, 16);
+            mbedtls_xor(output, input, ivp, 16);
 
-            ret = mbedtls_aes_crypt_ecb(ctx, mode, temp, iv);
-            memcpy(output, iv, 16);
+            ret = mbedtls_aes_crypt_ecb(ctx, mode, output, output);
             if (ret != 0) {
                 goto exit;
             }
+            ivp = output;
 
             input  += 16;
             output += 16;
             length -= 16;
         }
+        memcpy(iv, ivp, 16);
     }
     ret = 0;