If you call rekey() and then encrypt_message() before the rekey is confirmed, decryption would fail because the pending key wouldn't be tried yet. This fixes it (including a verified-to-have-failed test case).
Thanks to Harris for the help tracking down/debugging this one.
If you call rekey() and then encrypt_message() before the rekey is confirmed, decryption would fail because the pending key wouldn't be tried yet. This fixes it (including a verified-to-have-failed test case).
Thanks to Harris for the help tracking down/debugging this one.