Merge pull request #1069 from ejohnstown/dtls-mac

DTLS Bad MAC Checks
2017-08-01 13:45:19 -07:00 · 2017-08-01 13:45:19 -07:00 · bd20729fba
parent b553d36548 36a539760a
commit bd20729fba
3 changed files with 44 additions and 4 deletions
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@ -25,10 +25,12 @@
 #endif

 #include <cyassl/ctaocrypt/settings.h>
-
 /* let's use cyassl layer AND cyassl openssl layer */
 #include <cyassl/ssl.h>
 #include <cyassl/openssl/ssl.h>
+#ifdef CYASSL_DTLS
+    #include <cyassl/error-ssl.h>
+#endif

 #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
        #include <stdio.h>
@ -266,6 +268,14 @@ void echoclient_test(void* args)
                fflush(fout) ;
                sendSz -= ret;
            }
+#ifdef CYASSL_DTLS
+            else if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
+                /* This condition is OK. The packet should be dropped
+                 * silently when there is a decrypt or MAC error on
+                 * a DTLS record. */
+                sendSz = 0;
+            }
+#endif
            else {
                printf("SSL_read msg error %d, %s\n", err,
                    ERR_error_string(err, buffer));
--- a/examples/server/server.c
+++ b/examples/server/server.c
@ -47,6 +47,9 @@
 #endif
 #include <cyassl/openssl/ssl.h>
 #include <cyassl/test.h>
+#ifdef CYASSL_DTLS
+    #include <cyassl/error-ssl.h>
+#endif

 #include "examples/server/server.h"

@ -294,6 +297,12 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
                if (ret < 0) break;
            }
            else
+        #endif
+        #ifdef CYASSL_DTLS
+            if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
+                printf("Dropped client's message due to a bad MAC\n");
+            }
+            else
        #endif
            if (err != SSL_ERROR_WANT_READ) {
                printf("SSL_read input error %d, %s\n", err,
--- a/src/internal.c
+++ b/src/internal.c
@ -11711,6 +11711,9 @@ int ProcessReply(WOLFSSL* ssl)
                        ssl->options.processReply = doProcessInit;
                        ssl->buffers.inputBuffer.idx =
                                        ssl->buffers.inputBuffer.length;
+                        #ifdef WOLFSSL_DTLS_DROP_STATS
+                            ssl->macDropCount++;
+                        #endif /* WOLFSSL_DTLS_DROP_STATS */
                    }
                #endif /* WOLFSSL_DTLS */

@ -11737,9 +11740,18 @@ int ProcessReply(WOLFSSL* ssl)
                    if (ret < 0) {
                        WOLFSSL_MSG("VerifyMac failed");
                        WOLFSSL_ERROR(ret);
+                        #ifdef WOLFSSL_DTLS
+                        /* If in DTLS mode, if the decrypt fails for any
+                         * reason, pretend the datagram never happened. */
+                        if (ssl->options.dtls) {
+                            ssl->options.processReply = doProcessInit;
+                            ssl->buffers.inputBuffer.idx =
+                                            ssl->buffers.inputBuffer.length;
                            #ifdef WOLFSSL_DTLS_DROP_STATS
                                ssl->macDropCount++;
                            #endif /* WOLFSSL_DTLS_DROP_STATS */
+                        }
+                        #endif /* WOLFSSL_DTLS */
                        return DECRYPT_ERROR;
                    }
                }
@ -13542,6 +13554,15 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
    if (ssl->error == WANT_WRITE || ssl->error == WC_PENDING_E)
        ssl->error = 0;

+#ifdef WOLFSSL_DTLS
+    if (ssl->options.dtls) {
+        /* In DTLS mode, we forgive some errors and allow the session
+         * to continue despite them. */
+        if (ssl->error == VERIFY_MAC_ERROR || ssl->error == DECRYPT_ERROR)
+            ssl->error = 0;
+    }
+#endif /* WOLFSSL_DTLS */
+
 #ifdef WOLFSSL_EARLY_DATA
    if (ssl->earlyData) {
        if (ssl->options.handShakeState == HANDSHAKE_DONE) {