From 8ccf3d974f7973ae52ccf9410942771ced7e7bec Mon Sep 17 00:00:00 2001
From: John Baldwin <jhb@FreeBSD.org>
Date: Wed, 24 Apr 2019 23:27:39 +0000
Subject: [PATCH] Don't panic for empty CCM requests.

A request to encrypt an empty payload without any AAD is unusual, but
it is defined behavior.  Removing this assertion removes a panic and
instead returns the correct tag for an empty buffer.

Reviewed by:	cem, sef
MFC after:	2 weeks
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D20043
---
 sys/opencrypto/cbc_mac.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/sys/opencrypto/cbc_mac.c b/sys/opencrypto/cbc_mac.c
index 647d81e5a106..3c07f73063db 100644
--- a/sys/opencrypto/cbc_mac.c
+++ b/sys/opencrypto/cbc_mac.c
@@ -82,9 +82,6 @@ AES_CBC_MAC_Reinit(struct aes_cbc_mac_ctx *ctx, const uint8_t *nonce, uint16_t n
 	uint8_t *bp = b0, flags = 0;
 	uint8_t L = 0;
 	uint64_t dataLength = ctx->cryptDataLength;
-	
-	KASSERT(ctx->authDataLength != 0 || ctx->cryptDataLength != 0,
-	    ("Auth Data and Data lengths cannot both be 0"));
 
 	KASSERT(nonceLen >= 7 && nonceLen <= 13,
 	    ("nonceLen must be between 7 and 13 bytes"));