+#ifdef HAVE_LIBGCRYPT
+ if ( ! have_aesni ) {
+ gcry_error_t gcry_error;
+
+ if (! gcry_check_version(MIN_GCRYPT_VERSION) ) {
+ message(LOG_DAEMON|LOG_ERR,
+ "libgcrypt version mismatch: have %s, require >= %s\n",
+ gcry_check_version(NULL), MIN_GCRYPT_VERSION);
+ return 1;
+ }
+
+ gcry_error= gcry_cipher_open(&gcry_cipher_hd,
+ GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0);
+
+ if ( ! gcry_error ) {
+ gcry_error= gcry_cipher_setkey(gcry_cipher_hd, key, 16);
+ }
+
+ if ( ! gcry_error ) {
+ /*
+ * Only need the first 16 bytes of iv_buf. AES-NI can
+ * encrypt multiple blocks in parallel but we can't.
+ */
+
+ gcry_error= gcry_cipher_setiv(gcry_cipher_hd, iv_buf, 16);
+ }
+
+ if ( gcry_error ) {
+ message(LOG_DAEMON|LOG_ERR,
+ "could not set key or IV: %s\n",
+ gcry_strerror(gcry_error));
+ gcry_cipher_close(gcry_cipher_hd);
+ return 1;
+ }
+ }
+#endif
+