diff --git a/CHANGES b/CHANGES
index a4ae465508f3c000fb96bb84690fbe04ed0c0967..139b20bbd8da178185477fdb011a657fcbac3067 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@
 
  Changes between 0.9.3a and 0.9.4
 
+  *) DES CBC did not update the IV. Weird.
+     [Ben Laurie]
+
   *) When bntest is run from "make test" it drives bc to check its
      calculations, as well as internally checking them. If an internal check
      fails, it needs to cause bc to give a non-zero result or make test carries
diff --git a/crypto/des/cbc_enc.c b/crypto/des/cbc_enc.c
index 4ccabc911adc12cd5b54ba35f201b74ff9158269..668fb150d514fd50e086af2f090d10e0cc4f01ce 100644
--- a/crypto/des/cbc_enc.c
+++ b/crypto/des/cbc_enc.c
@@ -94,6 +94,9 @@ void des_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
+		iv = &(*ivec)[0];
+		l2c(tout0,iv);
+		l2c(tout1,iv);
 		}
 	else
 		{
@@ -122,6 +125,9 @@ void des_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 		/*	xor0=tin0;
 			xor1=tin1; */
 			}
+		iv = &(*ivec)[0];
+		l2c(xor0,iv);
+		l2c(xor1,iv);
 		}
 	tin0=tin1=tout0=tout1=xor0=xor1=0;
 	tin[0]=tin[1]=0;