3 files changed, 15 insertions, 9 deletions

diff --git a/src/include/ipxe/cbc.h b/src/include/ipxe/cbc.h
index 18a94e144..5c8740365 100644
--- a/src/include/ipxe/cbc.h
+++ b/src/include/ipxe/cbc.h
@@ -33,12 +33,15 @@ static inline int cbc_setkey ( void *ctx, const void *key, size_t keylen,
  *
  * @v ctx		Context
  * @v iv		Initialisation vector
+ * @v ivlen		Initialisation vector length
  * @v raw_cipher	Underlying cipher algorithm
  * @v cbc_ctx		CBC context
  */
-static inline void cbc_setiv ( void *ctx __unused, const void *iv,
+static inline void cbc_setiv ( void *ctx __unused,
+			       const void *iv, size_t ivlen,
 			       struct cipher_algorithm *raw_cipher,
 			       void *cbc_ctx ) {
+	assert ( ivlen == raw_cipher->blocksize );
 	memcpy ( cbc_ctx, iv, raw_cipher->blocksize );
 }
 
@@ -70,9 +73,10 @@ static int _cbc_name ## _setkey ( void *ctx, const void *key,		\
 	return cbc_setkey ( &_cbc_name ## _ctx->raw_ctx, key, keylen,	\
 			    &_raw_cipher, &_cbc_name ## _ctx->cbc_ctx );\
 }									\
-static void _cbc_name ## _setiv ( void *ctx, const void *iv ) {		\
+static void _cbc_name ## _setiv ( void *ctx, const void *iv,		\
+				   size_t ivlen ) {			\
 	struct _cbc_name ## _context * _cbc_name ## _ctx = ctx;		\
-	cbc_setiv ( &_cbc_name ## _ctx->raw_ctx, iv,			\
+	cbc_setiv ( &_cbc_name ## _ctx->raw_ctx, iv, ivlen,		\
 		    &_raw_cipher, &aes_cbc_ctx->cbc_ctx );		\
 }									\
 static void _cbc_name ## _encrypt ( void *ctx, const void *src,		\
diff --git a/src/include/ipxe/crypto.h b/src/include/ipxe/crypto.h
index 34ab38930..931be0502 100644
--- a/src/include/ipxe/crypto.h
+++ b/src/include/ipxe/crypto.h
@@ -64,8 +64,9 @@ struct cipher_algorithm {
 	 *
 	 * @v ctx		Context
 	 * @v iv		Initialisation vector
+	 * @v ivlen		Initialisation vector length
 	 */
-	void ( * setiv ) ( void *ctx, const void *iv );
+	void ( * setiv ) ( void *ctx, const void *iv, size_t ivlen );
 	/** Encrypt data
 	 *
 	 * @v ctx		Context
@@ -190,8 +191,8 @@ static inline int cipher_setkey ( struct cipher_algorithm *cipher,
 }
 
 static inline void cipher_setiv ( struct cipher_algorithm *cipher,
-				  void *ctx, const void *iv ) {
-	cipher->setiv ( ctx, iv );
+				  void *ctx, const void *iv, size_t ivlen ) {
+	cipher->setiv ( ctx, iv, ivlen );
 }
 
 static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
@@ -268,7 +269,7 @@ extern void digest_null_update ( void *ctx, const void *src, size_t len );
 extern void digest_null_final ( void *ctx, void *out );
 
 extern int cipher_null_setkey ( void *ctx, const void *key, size_t keylen );
-extern void cipher_null_setiv ( void *ctx, const void *iv );
+extern void cipher_null_setiv ( void *ctx, const void *iv, size_t ivlen );
 extern void cipher_null_encrypt ( void *ctx, const void *src, void *dst,
 				  size_t len );
 extern void cipher_null_decrypt ( void *ctx, const void *src, void *dst,
diff --git a/src/include/ipxe/ecb.h b/src/include/ipxe/ecb.h
index 4e6aa3c81..6c40c6126 100644
--- a/src/include/ipxe/ecb.h
+++ b/src/include/ipxe/ecb.h
@@ -31,8 +31,9 @@ static int _ecb_name ## _setkey ( void *ctx, const void *key,		\
 				  size_t keylen ) {			\
 	return cipher_setkey ( &_raw_cipher, ctx, key, keylen );	\
 }									\
-static void _ecb_name ## _setiv ( void *ctx, const void *iv ) {		\
-	cipher_setiv ( &_raw_cipher, ctx, iv );				\
+static void _ecb_name ## _setiv ( void *ctx, const void *iv,		\
+				  size_t ivlen ) {			\
+	cipher_setiv ( &_raw_cipher, ctx, iv, ivlen );			\
 }									\
 static void _ecb_name ## _encrypt ( void *ctx, const void *src,		\
 				    void *dst, size_t len ) {		\