on 1), the comment says right here that it does not deal with keys bigger than 128 bits. which is implied by s->keybytes == 16. so rounds is 10 here as of aes_setupEnc(). given 4*(10+1) == 48, so the buffer size holds. -- cinap