[PATCH v3 1/7] crypto: handle zero sized AEAD inputs correctly

Ard Biesheuvel ardb at kernel.org
Fri May 21 02:28:14 PDT 2021


On Fri, 21 May 2021 at 09:55, Herbert Xu <herbert at gondor.apana.org.au> wrote:
>
> On Wed, May 12, 2021 at 11:24:09PM +0200, Ard Biesheuvel wrote:
> >
> > The difference is that zero sized inputs never make sense for
> > skciphers, but for AEADs, they could occur, even if they are uncommon
> > (the AEAD could have associated data only, and no plain/ciphertext)
>
> I don't see what a zero-sized input has to do with this though.
> When the walk->nbytes is zero, that means that you must never
> call the done function, because the walk state could be in error
> in which case everything would have been freed already and calling
> the done function may potentially cause a double-free.
>
> I don't understand why in the case of AEAD you cannot structure
> your code such that the done function is not called when nbytes
> is zero.
>

OK.



More information about the linux-arm-kernel mailing list