Skip to content

esp: improve oseq overflow handling.#80

Merged
danielinux merged 2 commits intowolfSSL:masterfrom
philljj:f_696
Mar 14, 2026
Merged

esp: improve oseq overflow handling.#80
danielinux merged 2 commits intowolfSSL:masterfrom
philljj:f_696

Conversation

@philljj
Copy link
Contributor

@philljj philljj commented Mar 14, 2026

Description

Improve ESP oseq overflow handling.

Add unit test to check overflow.

Fixes F-696.

@philljj philljj self-assigned this Mar 14, 2026
Copilot AI review requested due to automatic review settings March 14, 2026 16:08
Copilot AI reviewed Mar 14, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves ESP outbound sequence-number (oseq) overflow handling and adds a unit test to validate the overflow behavior, addressing F-696.

Changes:

  • Initialize ESP outbound replay sequence (oseq) to 0 so the first transmitted sequence becomes 1 after pre-increment.
  • Pre-increment oseq during esp_transport_wrap() and reject the wrap-around-to-0 case.
  • Add a unit test that drives oseq to ESP_MAX_32_SEQ and asserts the overflow wrap is rejected.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
wolfesp.h Adjusts replay initialization to start outbound sequence counter at 0.
src/wolfesp.c Updates outbound sequence increment/overflow check in ESP transport wrapping.
src/test/unit/unit_esp.c Adds and registers a unit test covering oseq overflow rejection.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@philljj philljj requested a review from Copilot March 14, 2026 16:29
Copilot AI reviewed Mar 14, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Improves ESP outbound sequence number (oseq) overflow handling to prevent wrap-around/reuse, and adds a unit test to validate the behavior (Fixes F-696).

Changes:

  • Initialize outbound replay.oseq to 0 so the first transmitted ESP sequence is still 1 after the pre-increment behavior.
  • Detect oseq overflow during esp_transport_wrap() and reject further transmissions by latching oseq at max and returning -1.
  • Add a unit test that drives oseq to the overflow boundary and asserts repeated rejection after overflow.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
wolfesp.h Adjusts replay initialization so outbound oseq starts at 0 (works with pre-increment send semantics).
src/wolfesp.c Moves oseq increment before writing SEQ and adds overflow detection that prevents wrap-around reuse.
src/test/unit/unit_esp.c Adds test_replay_overflow to verify overflow is detected and remains rejected on subsequent wraps.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@philljj philljj requested a review from danielinux March 14, 2026 17:28
@philljj philljj assigned danielinux and unassigned philljj Mar 14, 2026
@danielinux danielinux merged commit 5b34dc7 into wolfSSL:master Mar 14, 2026
24 checks passed
@philljj philljj deleted the f_696 branch March 15, 2026 09:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@danielinux danielinux danielinux approved these changes

Assignees

@danielinux danielinux

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@philljj @danielinux