diff --git a/Makefile.am b/Makefile.am
index 984903fd283038fc2f9ad6444605ef9e60b0bf93..4587ce33b23707b70faf10d7464a48df78875e0b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -12,6 +12,7 @@ libnettleinclude_HEADERS = aes.h arcfour.h blowfish.h cast128.h des.h \
 libnettle_a_SOURCES = aes.c aes.h arcfour.c arcfour.h \
 		      cast128.c cast128.h cast128_sboxes.h \
 		      blowfish.h blowfish.c \
+		      cbc.c \
 		      des.c des.h desinfo.h desCode.h \
 		      md5.c md5.h md5-compat.c md5-compat.h \
 		      sha1.c sha1.h \
diff --git a/cbc.c b/cbc.c
index 768ba1dbc48a9c43cc78733479bdb79bc706a841..d12ed79a32437df63a2b9d4e95fbeb6a8fa33ad2 100644
--- a/cbc.c
+++ b/cbc.c
@@ -25,7 +25,11 @@
 
 #include "cbc.h"
 
+#include "memxor.h"
+
 #include <assert.h>
+#include <stdlib.h>
+#include <string.h>
 
 void
 cbc_encrypt(void *ctx, void (*f)(void *ctx,
@@ -40,7 +44,7 @@ cbc_encrypt(void *ctx, void (*f)(void *ctx,
   for ( ; length; length -= block_size, src += block_size, dst += block_size)
     {
       memxor(iv, src, block_size);
-      f(ctx, dst, src, block_size);
+      f(ctx, block_size, dst, src);
       memcpy(iv, dst, block_size);
     }
 }
@@ -69,10 +73,21 @@ cbc_decrypt(void *ctx, void (*f)(void *ctx,
     }
 
   /* Decrypt in ECB mode */
-  f(ctx, dst, src, length);
+  f(ctx, length, dst, src);
 
   /* XOR the cryptotext, shifted one block */
   memxor(dst, iv, block_size);
   memxor(dst + block_size, src, length - block_size);
   memcpy(iv, src + length - block_size, block_size);
 }
+
+#include "des.h"
+static void foo(void)
+{
+  struct des_ctx ctx;
+  uint8_t iv[DES_BLOCK_SIZE];
+  uint8_t src[DES_BLOCK_SIZE];
+  uint8_t dst[DES_BLOCK_SIZE];
+  
+  CBC_ENCRYPT(&ctx, des_encrypt, DES_BLOCK_SIZE, iv, DES_BLOCK_SIZE, dst, src);
+}
diff --git a/cbc.h b/cbc.h
index 4335a518b5f0d2b345351a4580f546f39ecdd7c5..2bf72e7c95fffe95935f851389a423e6eca0ce50 100644
--- a/cbc.h
+++ b/cbc.h
@@ -28,7 +28,7 @@
 
 #include <inttypes.h>
 
-/* Uses a void * for cipher contexts. It's hard to be type safe. */
+/* Uses a void * for cipher contexts. */
 
 void
 cbc_encrypt(void *ctx, void (*f)(void *ctx,
@@ -46,4 +46,11 @@ cbc_decrypt(void *ctx, void (*f)(void *ctx,
 	    unsigned length, uint8_t *dst,
 	    const uint8_t *src);
 
+/* Type safer variants */
+#define CBC_ENCRYPT(ctx, f, b, iv, l, dst, src) \
+(0 ? ((f)((ctx),0,NULL,NULL)) \
+   : cbc_encrypt((void *)(ctx), \
+                 ((*)(void *, unsigned, uint8_t *, const uint8_t *)) (f), \
+                 (b), (iv), (l), (dst), (src)))
+
 #endif /* NETTLE_CBC_H_INCLUDED */