On Mon, Jan 27, 2020 at 10:04:26AM +0200, Gilad Ben-Yossef wrote: > > When both vec->alen and vec->plen are 0, which can happen as > generate_random_bytes will happily generate zero length from time to > time, > we seem to be getting a scatterlist with the first entry (as well as > the 2nd) being a NULL. > > This seems to violate the words of wisdom from aead.h and much more > important to me crashes the ccree driver :-) > > Is there anything I am missing or is this a valid concern? > My understanding is that all crypto API functions that take scatterlists only forbid zero-length scatterlist elements in the part of the scatterlist that's actually passed to the API call. The input to these functions is never simply a scatterlist, but rather a (scatterlist, length) pair. Algorithms shouldn't look beyond 'length', so in the case of 'length == 0', they shouldn't look at the scatterlist at all -- which may be just a NULL pointer. If that's the case, there's no problem with this test code. I'm not sure the comment in aead.h is relevant here. It sounds like it's warning about not providing an empty scatterlist element for the AAD when it's followed by a nonempty scatterlist element for the plaintext. I'm not sure it's meant to also cover the case where both are empty. Herbert and Stephan, any thoughts on what was intended? - Eric