Skip to content

Fix session ticket key rotation when hint exceeds key lifetime#10822

Open
mattia-moffa wants to merge 1 commit into
wolfSSL:masterfrom
mattia-moffa:20260629-ticket-hint-window-check
Open

Fix session ticket key rotation when hint exceeds key lifetime#10822
mattia-moffa wants to merge 1 commit into
wolfSSL:masterfrom
mattia-moffa:20260629-ticket-hint-window-check

Conversation

@mattia-moffa

@mattia-moffa mattia-moffa commented Jun 30, 2026

Copy link
Copy Markdown
Member

Description

Disallows a ticketHint > WOLFSSL_TICKET_KEY_LIFETIME / 2.

The default ticket encryption callback rotates two keys and can only honor a hint below half the ticket key lifetime; a larger hint previously left no key available for encryption, failing every handshake after the first on a reused server CTX. Now these values are rejected.

Fixes #10796

Testing

./configure --enable-dtls13 --enable-session-ticket && make && make check

Checklist

  • added tests

@mattia-moffa mattia-moffa self-assigned this Jun 30, 2026
Copilot AI review requested due to automatic review settings June 30, 2026 21:38

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes a session-ticket encryption key rotation edge case where ticketHint can exceed the default ticket key lifetime, previously causing TicketEncCbCtx_ChooseKey() to return BAD_STATE_E and break subsequent handshakes when reusing a server WOLFSSL_CTX.

Changes:

  • Update default session ticket key selection/rotation logic to avoid returning BAD_STATE_E when both keys are decrypt-valid but neither covers ticketHint.
  • Add a new API regression test that reuses server/client contexts across multiple handshakes with an oversized ticket hint.
  • Register the new test in the ssl extension test list.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
src/internal.c Adjusts default ticket key selection behavior when neither key covers the configured hint window.
tests/api/test_ssl_ext.c Adds a regression test covering repeated handshakes with a reused server context and oversized ticket hint.
tests/api/test_ssl_ext.h Exposes/registers the new regression test in the ssl_ext group.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/internal.c Outdated
Comment thread tests/api/test_ssl_ext.c Outdated
The default ticket encryption callback rotates two keys and can only
honor a hint below WOLFSSL_TICKET_KEY_LIFETIME/2; a larger hint
previously left no key available for encryption, failing every handshake
after the first on a reused server CTX. Now these values are rejected.
@mattia-moffa mattia-moffa force-pushed the 20260629-ticket-hint-window-check branch from 3125631 to 9514b21 Compare July 1, 2026 19:48
@mattia-moffa

Copy link
Copy Markdown
Member Author

Jenkins retest this please

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug]: DefTicketEncCb: BAD_STATE_E on second handshake when ticket hint > WOLFSSL_TICKET_KEY_LIFETIME / 2

3 participants