SSH-1 BPP: pass the IV to detect_attack.

In the course of writing the tests for detect_attack, I noticed that
it had a parameter where you can pass in the last cipher block of the
previous packet (or the CBC IV, of course, if there was no previous
packet), so that it can detect a pattern of repeated cipher blocks
even if one of them is just outside the current packet.

But the actual use of the attack detector in ssh1bpp wasn't using that
parameter. Now it is!

ssh1bpp.c

@@ -20,6 +20,7 @@ struct ssh1_bpp_state {
     ssh1_cipher *cipher;
 
     struct crcda_ctx *crcda_ctx;
+    uint8_t iv[8];                     /* for crcda */
 
     bool pending_compression_request;
     ssh_compressor *compctx;
@@ -86,6 +87,8 @@ void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp,
         s->crcda_ctx = crcda_make_context();
 
         bpp_logevent("Initialised %s encryption", cipher->text_name);
+
+        memset(s->iv, 0, sizeof(s->iv));
     }
 }
 
@@ -155,11 +158,15 @@ static void ssh1_bpp_handle_input(BinaryPacketProtocol *bpp)
         BPP_READ(s->data, s->biglen);
 
         if (s->cipher && detect_attack(s->crcda_ctx,
-                                       s->data, s->biglen, NULL)) {
+                                       s->data, s->biglen, s->iv)) {
             ssh_sw_abort(s->bpp.ssh,
                          "Network attack (CRC compensation) detected!");
             crStopV;
         }
+        /* Save the last cipher block, to be passed to the next call
+         * to detect_attack */
+        assert(s->biglen >= 8);
+        memcpy(s->iv, s->data + s->biglen - 8, sizeof(s->iv));
 
         if (s->cipher)
             ssh1_cipher_decrypt(s->cipher, s->data, s->biglen);