From 2d4e1c612458e853f95d93ac433cfda87cadf0d2 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@iXsystems.com>
Date: Thu, 22 Mar 2018 05:47:58 +0100
Subject: [PATCH] Fix invocation of gnutls_aead_cipher_encrypt()

Which was failing with GNUTLS_E_SHORT_MEMORY_BUFFER - The given memory
buffer is too short to hold parameters.

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
---
 source4/dsdb/samdb/ldb_modules/encrypted_secrets.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
index 226f62f641e..ee720331789 100644
--- a/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
+++ b/source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
@@ -848,16 +848,16 @@ static struct ldb_val gnutls_encrypt_aead(int *err,
 	 * Encrypt the value.
 	 */
 	{
-		size_t el;
-		const unsigned block_size = gnutls_cipher_get_tag_size(
+		const unsigned block_size = gnutls_cipher_get_block_size(
 			data->encryption_algorithm);
-		const unsigned tag_size = gnutls_cipher_get_block_size(
+		const unsigned tag_size = gnutls_cipher_get_tag_size(
 			data->encryption_algorithm);
 		const size_t ed_size = round_to_block_size(
 			block_size,
 			sizeof(struct PlaintextSecret) + val.length);
 		const size_t en_size = ed_size + tag_size;
 		uint8_t *ct = talloc_zero_size(frame, en_size);
+		size_t el = en_size;
 
 		if (ct == NULL) {
 			ldb_set_errstring(ldb,
-- 
2.14.2