wolfcrypt/src/hpke.c, wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: implement RFC 9180 overflow checks on context->seq in wc_HpkeContextSealBase() and wc_HpkeContextOpenBase(), and add SEQ_OVERFLOW_E to wolfCrypt_ErrorCodes (Fenrir M-70).

douzzer · douzzer · commit 76bc6e337b24 · 2026-02-27T23:40:37.000-06:00
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
@@ -665,6 +665,9 @@ const char* wc_GetErrorString(int error)
     case ALREADY_E:
         return "Operation was redundant or preempted";
 
+    case SEQ_OVERFLOW_E:
+        return "Sequence counter would overflow";
+
     case MAX_CODE_E:
     case WC_SPAN1_MIN_CODE_E:
     case MIN_CODE_E:
diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c
@@ -865,6 +865,11 @@ int wc_HpkeContextSealBase(Hpke* hpke, HpkeBaseContext* context,
         plaintext == NULL || out == NULL) {
         return BAD_FUNC_ARG;
     }
+
+    /* RFC 9180 requires error on sequence overflow. */
+    if (context->seq == WC_MAX_SINT_OF(int))
+        return SEQ_OVERFLOW_E;
+
     WC_ALLOC_VAR_EX(aes, Aes, 1, hpke->heap, DYNAMIC_TYPE_AES,
         return MEMORY_E);
     ret = wc_AesInit(aes, hpke->heap, INVALID_DEVID);
@@ -1097,6 +1102,11 @@ int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context, byte* aad,
     if (hpke == NULL) {
         return BAD_FUNC_ARG;
     }
+
+    /* RFC 9180 requires error on sequence overflow. */
+    if (context->seq == WC_MAX_SINT_OF(int))
+        return SEQ_OVERFLOW_E;
+
     XMEMSET(nonce, 0, sizeof(nonce));
     WC_ALLOC_VAR_EX(aes, Aes, 1, hpke->heap, DYNAMIC_TYPE_AES,
         return MEMORY_E);
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
@@ -312,8 +312,9 @@ enum wolfCrypt_ErrorCodes {
     BUSY_E              = -1006, /* Object is busy */
     ALREADY_E           = -1007, /* Operation was redundant or preempted */
 
-    WC_SPAN2_LAST_E     = -1007, /* Update to indicate last used error code */
-    WC_LAST_E           = -1007, /* the last code used either here or in
+    SEQ_OVERFLOW_E      = -1008, /* Sequence counter would overflow */
+    WC_SPAN2_LAST_E     = -1008, /* Update to indicate last used error code */
+    WC_LAST_E           = -1008, /* the last code used either here or in
                                   * error-ssl.h */
 
     WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */
