Bug 1818235 Comment 0 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Anna Weine

on 2023-02-22 07:46:59 PST

It seems that there is a difference between the AEAD Nonce generation (https://searchfox.org/mozilla-central/source/security/nss/lib/ssl/tls13con.c#5671).

Let's call the extracted nonce as IV, and the buffer to randomize it - Nonce.
For WolfSSL implementation the nonce is presented as a sequence number, for us it includes epoch etc.
See RFC 8446: 5.3. Per-Record Nonce

Revision 1 by

Anna Weine

on 2023-02-22 07:48:35 PST

It seems that there is a difference between the AEAD Nonce generation (https://searchfox.org/mozilla-central/source/security/nss/lib/ssl/tls13con.c#5671).

Let's call the extracted nonce as IV, and the buffer to randomize it - Nonce.
For WolfSSL implementation the nonce is presented as a sequence number, for us it includes epoch etc.
See RFC 8446: 5.3. Per-Record Nonce

Found during the interoperability testing with WolfSSL.

Back to Bug 1818235 Comment 0