diff --git a/ChangeLog b/ChangeLog
index 24f0cc1ad3e17bd1d7f1d67af583e025bf827128..0793ce7cc6e124e0b6728c7a7d6663b5f66c769e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2018-01-08  Niels Möller  <nisse@lysator.liu.se>
+
+	* cbc.c (cbc_decrypt): For in-place operation (src == dst case),
+	eliminate use of src variable.
+	* cfb.c (cfb_decrypt): Likewise.
+	* gcm.c (gcm_crypt): Likewise, and replace one memxor3 by memxor.
+
 2018-01-03  Niels Möller  <nisse@lysator.liu.se>
 
 	* x86_64/aesni/aes-encrypt-internal.asm: Read subkeys into xmm
diff --git a/cbc.c b/cbc.c
index 85ad255c73b38c44e49217af0d220f7f51f0925f..76b6492d84c1cd36af6ddf7068bc2525826be3bf 100644
--- a/cbc.c
+++ b/cbc.c
@@ -109,23 +109,22 @@ cbc_decrypt(const void *ctx, nettle_cipher_func *f,
       TMP_ALLOC(buffer, buffer_size);
       TMP_ALLOC(initial_iv, block_size);
 
-      for ( ; length > buffer_size;
-	    length -= buffer_size, src += buffer_size, dst += buffer_size)
+      for ( ; length > buffer_size; length -= buffer_size, dst += buffer_size)
 	{
-	  f(ctx, buffer_size, buffer, src);
+	  f(ctx, buffer_size, buffer, dst);
 	  memcpy(initial_iv, iv, block_size);
-	  memcpy(iv, src + buffer_size - block_size, block_size);
-	  memxor3(dst + block_size, buffer + block_size, src,
+	  memcpy(iv, dst + buffer_size - block_size, block_size);
+	  memxor3(dst + block_size, buffer + block_size, dst,
 		  buffer_size - block_size);
 	  memxor3(dst, buffer, initial_iv, block_size);
 	}
 
-      f(ctx, length, buffer, src);
+      f(ctx, length, buffer, dst);
       memcpy(initial_iv, iv, block_size);
       /* Copies last block */
-      memcpy(iv, src + length - block_size, block_size);
+      memcpy(iv, dst + length - block_size, block_size);
       /* Writes all but first block, reads all but last block. */
-      memxor3(dst + block_size, buffer + block_size, src,
+      memxor3(dst + block_size, buffer + block_size, dst,
 	      length - block_size);
       /* Writes first block. */
       memxor3(dst, buffer, initial_iv, block_size);
diff --git a/cfb.c b/cfb.c
index 82cf18f4d9c6e25c60ccb2e75158f4ad1fc13eef..805b8c4533a0ae6a13b8686727c1f9ee0001c23a 100644
--- a/cfb.c
+++ b/cfb.c
@@ -147,12 +147,11 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
 	   * not less than block_size. So does part */
 
 	  f(ctx, block_size, buffer, iv);
-	  f(ctx, part - block_size, buffer + block_size, src);
-	  memcpy(iv, src + part - block_size, block_size);
+	  f(ctx, part - block_size, buffer + block_size, dst);
+	  memcpy(iv, dst + part - block_size, block_size);
 	  memxor(dst, buffer, part);
 
 	  length -= part;
-	  src += part;
 	  dst += part;
 	}
 
diff --git a/gcm.c b/gcm.c
index d3e301132ee53723c42317081d1bfa8ee30c019c..0a2102f1e7234eff56c1c2daaac58574f0e7b6df 100644
--- a/gcm.c
+++ b/gcm.c
@@ -458,7 +458,7 @@ gcm_crypt(struct gcm_ctx *ctx, const void *cipher, nettle_cipher_func *f,
 	    src += GCM_BLOCK_SIZE, dst += GCM_BLOCK_SIZE))
         {
           f (cipher, GCM_BLOCK_SIZE, buffer, ctx->ctr.b);
-          memxor3 (dst, src, buffer, GCM_BLOCK_SIZE);
+          memxor (dst, buffer, GCM_BLOCK_SIZE);
           INC32 (ctx->ctr);
         }
     }