fix: AES-EAX allow empty plaintext#10251
Open
MarkAtwood wants to merge 1 commit into
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR updates AES-EAX one-shot and incremental APIs to support authentication-only operations by allowing NULL plaintext/ciphertext pointers when the corresponding length is 0 (as permitted by the EAX spec and required by Wycheproof vectors).
Changes:
- Relax NULL pointer checks in
wc_AesEaxEncryptAuth/wc_AesEaxDecryptAuthwheninSz == 0and/orauthInSz == 0. - In
wc_AesEaxEncryptUpdate/wc_AesEaxDecryptUpdate, skip CTR and ciphertext-CMAC updates wheninSz == 0to avoid callingwc_AesCtrEncryptwith NULL pointers.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
LinuxJedi
requested changes
Apr 23, 2026
Member
LinuxJedi
left a comment
LinuxJedi
left a comment
There was a problem hiding this comment.
@MarkAtwood please remove the Claude co-authored-by in the commit message.
MarkAtwood
force-pushed
the
fix/aes-eax-empty-plaintext
branch
from
06bc366 to
8264dd4
Compare
The one-shot wc_AesEaxEncryptAuth/wc_AesEaxDecryptAuth and the incremental wc_AesEaxEncryptUpdate/wc_AesEaxDecryptUpdate functions unconditionally required non-NULL out/in/authIn pointers, returning BAD_FUNC_ARG even when the corresponding length was 0. EAX mode with empty plaintext is a valid authentication-only operation that produces just an authentication tag (OMAC over nonce and AAD). This is permitted by the EAX specification (Bellare, Rogaway, Wagner 2004) and exercised by Wycheproof test vectors. Fix: gate NULL pointer checks on the corresponding length being > 0. In the incremental Update functions, skip the AES-CTR and CMAC ciphertext update when inSz is 0 to avoid passing NULL to wc_AesCtrEncrypt (which also rejects NULL unconditionally).
MarkAtwood
force-pushed
the
fix/aes-eax-empty-plaintext
branch
from
8264dd4 to
a7cc526
Compare
Contributor
|
Jenkins retest this please |
Contributor
Author
|
Co-Authored-By line was already removed in the current commit. The CHANGES_REQUESTED is stale — ready for re-review. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
wc_AesEaxEncryptAuth,wc_AesEaxDecryptAuth,wc_AesEaxEncryptUpdate, andwc_AesEaxDecryptUpdateunconditionally required non-NULLout/in/authInpointers, returningBAD_FUNC_ARGeven when the corresponding length was 0.EAX mode with empty plaintext is a valid authentication-only operation (OMAC over nonce and AAD only), permitted by the EAX specification (Bellare, Rogaway, Wagner 2004) and exercised by Wycheproof test vectors.
Fix: gate NULL pointer checks on the corresponding length being > 0. In the incremental Update functions, skip the AES-CTR and CMAC ciphertext update when
inSzis 0 to avoid passing NULL towc_AesCtrEncrypt.Found via Wycheproof test vectors.
Test plan
/cc @wolfSSL-Fenrir-bot please review