init_state needs to return a deterministic value, it seems

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/aes-ccm@22943 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 6 insertions, 4 deletions

diff --git a/src/lib/crypto/builtin/enc_provider/aes_ctr.c b/src/lib/crypto/builtin/enc_provider/aes_ctr.c
index 4645bbd..3dedc24 100644
--- a/src/lib/crypto/builtin/enc_provider/aes_ctr.c
+++ b/src/lib/crypto/builtin/enc_provider/aes_ctr.c
@@ -272,13 +272,14 @@ krb5int_aes_init_state_ctr (const krb5_keyblock *key, krb5_keyusage usage,
     assert(n >= 7 && n <= 13);
 
     state->length = 16;
-    state->data = malloc(state->length);
-    if (state->data == NULL)
-	return ENOMEM;
+    state->data = k5alloc(state->length, &code);
+    if (code != 0)
+	return code;
 
     q = 15 - n;
     state->data[0] = q - 1;
 
+#if 0
     nonce.data = &state->data[1];
     nonce.length = n;
 
@@ -290,6 +291,7 @@ krb5int_aes_init_state_ctr (const krb5_keyblock *key, krb5_keyusage usage,
     }
 
     memset(&state->data[1 + n], 0, q);
+#endif
 
     return 0;
 }
diff --git a/src/lib/crypto/krb/dk/dk_ccm.c b/src/lib/crypto/krb/dk/dk_ccm.c
index 37d9313..a9be2aa 100644
--- a/src/lib/crypto/krb/dk/dk_ccm.c
+++ b/src/lib/crypto/krb/dk/dk_ccm.c
@@ -303,7 +303,7 @@ krb5int_ccm_encrypt_iov(const struct krb5_aead_provider *aead,
     if (ivec != NULL) {
 	if (ivec->length != 16 ||
 	    ivec->data[0] & ~(CCM_FLAG_MASK_Q) ||
-	    15 - (unsigned)ivec->data[0] != header_len) {
+	    14 - (unsigned)ivec->data[0] != header_len) {
 	    ret = KRB5_BAD_MSIZE;
 	    goto cleanup;
 	}