From: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat, 19 Dec 2009 19:10:38 +0000 (+0100)
Subject: Reinitialise block cipher IV each time we encrypt a packet when using libgcrypt.
X-Git-Tag: release-1.1pre1~91
X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=0ff44fc2417217d542bf0e9a7ecfd20020893bc7

Reinitialise block cipher IV each time we encrypt a packet when using libgcrypt.
---

diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c
index 390959cb..ad2a9505 100644
--- a/src/gcrypt/cipher.c
+++ b/src/gcrypt/cipher.c
@@ -207,6 +207,9 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 				pad[i] = padbyte;
 	}
 	
+	if(oneshot)
+		gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
+
 	if((err = gcry_cipher_encrypt(cipher->handle, outdata, *outlen, indata, inlen))) {
 		logger(LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
 		return false;
@@ -228,6 +231,9 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
 	gcry_error_t err;
 
+	if(oneshot)
+		gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
+
 	if((err = gcry_cipher_decrypt(cipher->handle, outdata, *outlen, indata, inlen))) {
 		logger(LOG_ERR, "Error while decrypting: %s", gcry_strerror(err));
 		return false;