For 1) aesXCBCmac is an exported function thus it could get a broken AESstate from the caller.

For 2) you are right... thanks!

Giacomo

2017-01-17 22:36 GMT+01:00 <cinap_lenrek@felloff.net>:

on 1), the comment says right here that it does not deal with keys
bigger than 128 bits. which is implied by s->keybytes == 16. so rounds
is 10 here as of aes_setupEnc(). given 4*(10+1) == 48, so the buffer
size holds.

--
cinap