On Fri, 21 May 2021 at 09:55, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > On Wed, May 12, 2021 at 11:24:09PM +0200, Ard Biesheuvel wrote: > > > > The difference is that zero sized inputs never make sense for > > skciphers, but for AEADs, they could occur, even if they are uncommon > > (the AEAD could have associated data only, and no plain/ciphertext) > > I don't see what a zero-sized input has to do with this though. > When the walk->nbytes is zero, that means that you must never > call the done function, because the walk state could be in error > in which case everything would have been freed already and calling > the done function may potentially cause a double-free. > > I don't understand why in the case of AEAD you cannot structure > your code such that the done function is not called when nbytes > is zero. > OK.
