On Wed, May 12, 2021 at 11:24:09PM +0200, Ard Biesheuvel wrote: > > The difference is that zero sized inputs never make sense for > skciphers, but for AEADs, they could occur, even if they are uncommon > (the AEAD could have associated data only, and no plain/ciphertext) I don't see what a zero-sized input has to do with this though. When the walk->nbytes is zero, that means that you must never call the done function, because the walk state could be in error in which case everything would have been freed already and calling the done function may potentially cause a double-free. I don't understand why in the case of AEAD you cannot structure your code such that the done function is not called when nbytes is zero. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
