Merge pull request #9884 from Frauschi/f-204

Prevent session ticket nonce overflow
This commit is contained in:
Daniel Pouzzner
2026-03-06 22:22:24 -06:00
committed by GitHub
3 changed files with 13 additions and 1 deletions
+3
View File
@@ -27549,6 +27549,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR:
return "Private key decode error (EVP)";
case SESSION_TICKET_NONCE_OVERFLOW:
return "Session ticket nonce overflow";
}
return "unknown error number";
+7
View File
@@ -12175,6 +12175,13 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
#endif
{
if (ssl->session->ticketNonce.data[0] == 255) {
/* RFC8446 Section 4.6.1: Each ticket must have a unique nonce
* value. As the nonce is only a single byte, we have to prevent
* the overflow and abort. */
return SESSION_TICKET_NONCE_OVERFLOW;
}
else
ssl->session->ticketNonce.data[0]++;
}
+3 -1
View File
@@ -238,7 +238,9 @@ enum wolfSSL_ErrorCodes {
CRYPTO_POLICY_FORBIDDEN = -516, /* operation forbidden by system
* crypto-policy */
WOLFSSL_LAST_E = -516
SESSION_TICKET_NONCE_OVERFLOW = -517, /* Session ticket nonce overflow */
WOLFSSL_LAST_E = -517
/* codes -1000 to -1999 are reserved for wolfCrypt. */
};