From d146075205d3115ebfb0cd560e224af47604f5c8 Mon Sep 17 00:00:00 2001
From: Daniel Schadt <kingdread@gmx.de>
Date: Fri, 13 Jun 2025 17:50:12 +0200
Subject: don't (always) allocate in decrypt

This is the same thing we do in encrypt
---
 src/lib.rs | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/lib.rs b/src/lib.rs
index 908cc1f..e6c0c8d 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -359,8 +359,16 @@ fn decrypt<'a>(
 
     let tau_block = Block::from_int(tau * 8);
     let tau_bytes = tau_block.bytes();
-    let mut tweaks = vec![&tau_bytes, nonce];
-    tweaks.extend(ad);
+    let mut tweaks_vec;
+    let tweaks = match ad.len() {
+        0 => &[&tau_bytes, nonce] as &[&[u8]],
+        1 => &[&tau_bytes, nonce, ad[0]],
+        _ => {
+            tweaks_vec = vec![&tau_bytes, nonce];
+            tweaks_vec.extend(ad);
+            &tweaks_vec
+        }
+    };
 
     if ciphertext.len() == tau as usize {
         aez_prf(aez, &tweaks, ciphertext);
-- 
cgit v1.2.3