mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 12:00:51 +02:00
wolfcrypt/src/hpke.c, wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: implement RFC 9180 overflow checks on context->seq in wc_HpkeContextSealBase() and wc_HpkeContextOpenBase(), and add SEQ_OVERFLOW_E to wolfCrypt_ErrorCodes (Fenrir M-70).
This commit is contained in:
@@ -665,6 +665,9 @@ const char* wc_GetErrorString(int error)
|
||||
case ALREADY_E:
|
||||
return "Operation was redundant or preempted";
|
||||
|
||||
case SEQ_OVERFLOW_E:
|
||||
return "Sequence counter would overflow";
|
||||
|
||||
case MAX_CODE_E:
|
||||
case WC_SPAN1_MIN_CODE_E:
|
||||
case MIN_CODE_E:
|
||||
|
||||
@@ -865,6 +865,11 @@ int wc_HpkeContextSealBase(Hpke* hpke, HpkeBaseContext* context,
|
||||
plaintext == NULL || out == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* RFC 9180 requires error on sequence overflow. */
|
||||
if (context->seq == WC_MAX_SINT_OF(int))
|
||||
return SEQ_OVERFLOW_E;
|
||||
|
||||
WC_ALLOC_VAR_EX(aes, Aes, 1, hpke->heap, DYNAMIC_TYPE_AES,
|
||||
return MEMORY_E);
|
||||
ret = wc_AesInit(aes, hpke->heap, INVALID_DEVID);
|
||||
@@ -1097,6 +1102,11 @@ int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context, byte* aad,
|
||||
if (hpke == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* RFC 9180 requires error on sequence overflow. */
|
||||
if (context->seq == WC_MAX_SINT_OF(int))
|
||||
return SEQ_OVERFLOW_E;
|
||||
|
||||
XMEMSET(nonce, 0, sizeof(nonce));
|
||||
WC_ALLOC_VAR_EX(aes, Aes, 1, hpke->heap, DYNAMIC_TYPE_AES,
|
||||
return MEMORY_E);
|
||||
|
||||
@@ -312,8 +312,9 @@ enum wolfCrypt_ErrorCodes {
|
||||
BUSY_E = -1006, /* Object is busy */
|
||||
ALREADY_E = -1007, /* Operation was redundant or preempted */
|
||||
|
||||
WC_SPAN2_LAST_E = -1007, /* Update to indicate last used error code */
|
||||
WC_LAST_E = -1007, /* the last code used either here or in
|
||||
SEQ_OVERFLOW_E = -1008, /* Sequence counter would overflow */
|
||||
WC_SPAN2_LAST_E = -1008, /* Update to indicate last used error code */
|
||||
WC_LAST_E = -1008, /* the last code used either here or in
|
||||
* error-ssl.h */
|
||||
|
||||
WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */
|
||||
|
||||
Reference in New Issue
Block a user