Topic: AES_GCM additional data must not be NULL?


I migrated my current project to the latest stable version 3.11.0 and now some of my AES_GCM tests are failing. I found that the cause for this are the new varaible checks in wc_AesGcmDecrypt

 if (aes == NULL || out == NULL || in == NULL || sz == 0 || iv == NULL ||
        authTag == NULL || authIn == NULL || authTagSz > AES_BLOCK_SIZE) {
        return BAD_FUNC_ARG;

With these checks, additional data (authIn) is not permitted to be NULL anymore. I know that it can be avoided by passing an empty dummy instead, but shouldn't it be permitted to call the function without any additional data to authenticate?

Best Regards


Re: AES_GCM additional data must not be NULL?

Hi telina,

We apologize for this inconvenience, we noticed this after the release with our work on TLS 1.3 and it has already been reverted: … d4937L4446

Please feel free to remove that check with the understanding it is safe to do so.

Warmest Regards,