Fix invocation of gnutls_aead_cipher_encrypt()

Which was failing with GNUTLS_E_SHORT_MEMORY_BUFFER - The given memory
buffer is too short to hold parameters.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13352

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Fri Mar 23 07:25:30 CET 2018 on sn-devel-144

diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
index 34c44c7bd9f19bbda62836f9f3f1d59f5e029555..87ec9e4eb539167e75fca517c3a3b9203fd3a4bf 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
@@ -750,16 +750,16 @@ static struct ldb_val gnutls_encrypt_aead(int *err,
         * Encrypt the value.
         */
        {
-               size_t el;
-               const unsigned block_size = gnutls_cipher_get_tag_size(
+               const unsigned block_size = gnutls_cipher_get_block_size(
                        data->encryption_algorithm);
-               const unsigned tag_size = gnutls_cipher_get_block_size(
+               const unsigned tag_size = gnutls_cipher_get_tag_size(
                        data->encryption_algorithm);
                const size_t ed_size = round_to_block_size(
                        block_size,
                        sizeof(struct PlaintextSecret) + val.length);
                const size_t en_size = ed_size + tag_size;
                uint8_t *ct = talloc_zero_size(frame, en_size);
+               size_t el = en_size;
 
                if (ct == NULL) {
                        ldb_set_errstring(ldb,