Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DTLS Bad MAC Checks

Browse Source 
1. Make the decrypt and verify MAC failure cases behave the same with
   respect to DTLS messages. It should pretend the message never happened.
2. Allow the echoclient to survive the echoserver sending a message with
   a bad MAC.
3. Allow the server to survive the client sending a message with a bad MAC.
This commit is contained in:
John Safranek
2017-07-31 11:24:42 -07:00
parent fb53fac1c1
commit 36a539760a
3 changed files with 44 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
examples/server/server.c
View File

@@ -47,6 +47,9 @@
#endif
#include <cyassl/openssl/ssl.h>
#include <cyassl/test.h>
#ifdef CYASSL_DTLS
#include <cyassl/error-ssl.h>
#endif
#include "examples/server/server.h"
@@ -294,6 +297,12 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
if (ret < 0) break;
}
else
#endif
#ifdef CYASSL_DTLS
if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
printf("Dropped client's message due to a bad MAC\n");
}
else
#endif
if (err != SSL_ERROR_WANT_READ) {
printf("SSL_read input error %d, %s\n", err,