From 76bc6e337b24ed76c4539eda357d593867da7ad2 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 27 Feb 2026 23:40:37 -0600 Subject: [PATCH] wolfcrypt/src/hpke.c, wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: implement RFC 9180 overflow checks on context->seq in wc_HpkeContextSealBase() and wc_HpkeContextOpenBase(), and add SEQ_OVERFLOW_E to wolfCrypt_ErrorCodes (Fenrir M-70). --- wolfcrypt/src/error.c | 3 +++ wolfcrypt/src/hpke.c | 10 ++++++++++ wolfssl/wolfcrypt/error-crypt.h | 5 +++-- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index c74879f8e0..431a3c996c 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -665,6 +665,9 @@ const char* wc_GetErrorString(int error) case ALREADY_E: return "Operation was redundant or preempted"; + case SEQ_OVERFLOW_E: + return "Sequence counter would overflow"; + case MAX_CODE_E: case WC_SPAN1_MIN_CODE_E: case MIN_CODE_E: diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c index e7b15db0a4..ea49be60de 100644 --- a/wolfcrypt/src/hpke.c +++ b/wolfcrypt/src/hpke.c @@ -865,6 +865,11 @@ int wc_HpkeContextSealBase(Hpke* hpke, HpkeBaseContext* context, plaintext == NULL || out == NULL) { return BAD_FUNC_ARG; } + + /* RFC 9180 requires error on sequence overflow. */ + if (context->seq == WC_MAX_SINT_OF(int)) + return SEQ_OVERFLOW_E; + WC_ALLOC_VAR_EX(aes, Aes, 1, hpke->heap, DYNAMIC_TYPE_AES, return MEMORY_E); ret = wc_AesInit(aes, hpke->heap, INVALID_DEVID); @@ -1097,6 +1102,11 @@ int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context, byte* aad, if (hpke == NULL) { return BAD_FUNC_ARG; } + + /* RFC 9180 requires error on sequence overflow. */ + if (context->seq == WC_MAX_SINT_OF(int)) + return SEQ_OVERFLOW_E; + XMEMSET(nonce, 0, sizeof(nonce)); WC_ALLOC_VAR_EX(aes, Aes, 1, hpke->heap, DYNAMIC_TYPE_AES, return MEMORY_E); diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index cc7d3679ff..f879aabc3b 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -312,8 +312,9 @@ enum wolfCrypt_ErrorCodes { BUSY_E = -1006, /* Object is busy */ ALREADY_E = -1007, /* Operation was redundant or preempted */ - WC_SPAN2_LAST_E = -1007, /* Update to indicate last used error code */ - WC_LAST_E = -1007, /* the last code used either here or in + SEQ_OVERFLOW_E = -1008, /* Sequence counter would overflow */ + WC_SPAN2_LAST_E = -1008, /* Update to indicate last used error code */ + WC_LAST_E = -1008, /* the last code used either here or in * error-ssl.h */ WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */