Fix AES-GCM edge cases to allow for null input or output arrays#145
Merged
rlm2002 merged 1 commit intowolfSSL:masterfrom Aug 27, 2025
Merged
Fix AES-GCM edge cases to allow for null input or output arrays#145rlm2002 merged 1 commit intowolfSSL:masterfrom
rlm2002 merged 1 commit intowolfSSL:masterfrom
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR fixes AES-GCM edge cases to handle null input/output arrays for scenarios where users only provide Additional Authenticated Data (AAD) to generate authentication tags. The changes ensure compatibility with OpenJDK SunJCE test requirements.
Key changes:
- Modified JNI validation logic to allow null plaintext/ciphertext when only generating authentication tags
- Updated JCE cipher implementation to handle null input arrays correctly during encryption/decryption
- Added comprehensive test cases for null plaintext scenarios with and without AAD
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
jni/jni_aesgcm.c |
Updated input validation to allow null input arrays for GMAC operations |
src/main/java/com/wolfssl/provider/jce/WolfCryptCipher.java |
Added null-safety check before array copy operations |
src/test/java/com/wolfssl/wolfcrypt/test/AesGcmTest.java |
Updated existing tests and added new test cases for null plaintext scenarios |
src/test/java/com/wolfssl/provider/jce/test/WolfCryptCipherTest.java |
Added JCE-level test cases for null plaintext with OpenJDK test vectors |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
d13ee92 to
d0f51e9
Compare
rlm2002
reviewed
Aug 26, 2025
Contributor
rlm2002
left a comment
There was a problem hiding this comment.
Looks good. The branch conflicts just need to be resolved.
d0f51e9 to
d0fe8ae
Compare
…ays, add test cases
d0fe8ae to
794be08
Compare
rlm2002
approved these changes
Aug 27, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fixes both JNI and JCE levels for AES-GCM usage to allow for the cases where a user may pass in a null input/plaintext, or provide a null output buffer. These are scenarios where a user may provide Additional Authenticated Data during encrypt() to generate an auth tag.
JUnit test cases have been added for regression prevention.
This fixes the OpenJDK SunJCE test:
crypto/provider/Cipher/AES/TestKATForGCM.java