ikev2: Use IV generator to encrypt encrypted payload

1 files changed, 9 insertions, 1 deletions

diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
index 6ba1b23a0..302c4a45a 100644
--- a/src/libcharon/encoding/payloads/encryption_payload.c
+++ b/src/libcharon/encoding/payloads/encryption_payload.c
@@ -313,6 +313,7 @@ METHOD(encryption_payload_t, encrypt, status_t,
 {
 	chunk_t iv, plain, padding, icv, crypt;
 	generator_t *generator;
+	iv_gen_t *iv_gen;
 	rng_t *rng;
 	size_t bs;
 
@@ -329,6 +330,13 @@ METHOD(encryption_payload_t, encrypt, status_t,
 		return NOT_SUPPORTED;
 	}
 
+	iv_gen = this->aead->get_iv_gen(this->aead);
+	if (!iv_gen)
+	{
+		DBG1(DBG_ENC, "encrypting encryption payload failed, no IV generator");
+		return NOT_SUPPORTED;
+	}
+
 	assoc = append_header(this, assoc);
 
 	generator = generator_create();
@@ -356,7 +364,7 @@ METHOD(encryption_payload_t, encrypt, status_t,
 	crypt = chunk_create(plain.ptr, plain.len + padding.len);
 	generator->destroy(generator);
 
-	if (!rng->get_bytes(rng, iv.len, iv.ptr) ||
+	if (!iv_gen->get_iv(iv_gen, iv.len, iv.ptr) ||
 		!rng->get_bytes(rng, padding.len - 1, padding.ptr))
 	{
 		DBG1(DBG_ENC, "encrypting encryption payload failed, no IV or padding");