[wfiveash - Thu Feb 16 18:21:51 2017]:

Someone should also look at src/lib/crypto/crypto_tests/t_cts.c:test_cts()
to see if there is a better way to test the
krb5int_aes_encrypt/krb5int_aes_decrypt functions in regards to chaining
the enciv and deciv args.  Also, these functions should be tested with
NULL given as the ivec arg as the various krb5int_*_encrypt/decrypt
functions are supposed to then use a zero filled ivec when doing the low
level crypto.