Hi, While debugging some AEAD issues with the inside-secure driver, I couldn't help but notice that the testmgr is NOT checking the AAD data section of the result. And when I added that check myself, I saw a lot of implementations failing on out-of-place vectors, with the poison data still present in that location. So am I correct to assume that the implementation is NOT supposed to write the AAD data, but skip over that part of the output buffer, even if the in- and output buffers do not overlap? I wonder, as the current inside-secure driver DOES write out the AAD data and I guess for us this is the natural way to do the AEAD transform so no one ever just thought twice about that. Also can't find anything specific in the docs. Even so, for the in-place case, checking the AAD data would ensure the crypto implementation didn't *accidentally* corrupt it ... Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Inside Secure