Welcome to the wolfSSL Forums!

telina · 2017-06-02 03:35:45

telina
Member
Offline

Registered: 2017-04-27
Posts: 8

Topic: AES_GCM additional data must not be NULL?

Hello,

I migrated my current project to the latest stable version 3.11.0 and now some of my AES_GCM tests are failing. I found that the cause for this are the new varaible checks in wc_AesGcmDecrypt

 if (aes == NULL || out == NULL || in == NULL || sz == 0 || iv == NULL ||
        authTag == NULL || authIn == NULL || authTagSz > AES_BLOCK_SIZE) {
        return BAD_FUNC_ARG;
    }

With these checks, additional data (authIn) is not permitted to be NULL anymore. I know that it can be avoided by passing an empty dummy instead, but shouldn't it be permitted to call the function without any additional data to authenticate?

Best Regards
telina

Kaleb J. Himes · 2017-06-02 15:14:32

Kaleb J. Himes
Moderator
Offline

From: Bozeman
Registered: 2014-05-09
Posts: 777

Re: AES_GCM additional data must not be NULL?

Hi telina,

We apologize for this inconvenience, we noticed this after the release with our work on TLS 1.3 and it has already been reverted:

https://github.com/wolfSSL/wolfssl/comm … d4937L4446

Please feel free to remove that check with the understanding it is safe to do so.

Warmest Regards,

Kaleb

Welcome to the wolfSSL Forums!

AES_GCM additional data must not be NULL?

Posts: 2

1 Topic by telina 2017-06-02 03:35:45

Topic: AES_GCM additional data must not be NULL?

2 Reply by Kaleb J. Himes 2017-06-02 15:14:32

Re: AES_GCM additional data must not be NULL?

Posts: 2