DTLS Handshake is failing with "VERIFY_MAC_ERROR"

[swamidas1998]

Hi Team,

Type:- Bug Priority:- Critical WolfSSL build:- 4.6.0 OpenSSL Server version:- OpenSSL 1.0.2u

I was porting the DTLS client into my application and encountered an error during the DTLS Handshake. During the handshake, The TimingPadVerify API is failing with VERIFY_MAC_ERROR For the "Encrypted Handshake Message" packet received from the DTLS server, and this issue is observed only in the case when we get "Change Cipher Spec + Encrypted Handshake Message" in a single DTLS packet. However, The handshake is successful when the "Encrypted Handshake Message" alone is received in a single packet. Do I need to enable any other macros or need to call any APIs? Could you please help me in resolving this issue?

Please find the snaps of the Wireshark capture. If you have a look at the below capture, Packet number 105 has both the headers and the TimingPadVerify API fails.

If you have a look at the below capture, Packet number 110 has only "Encrypted Handshake Message" and the API is successful at this point.

OpenSSL Server command:- .\openssl.exe s_server -accept 5012 -cert server-cert.pem -key server-key.pem -dtls1_2 -cipher AES256-SHA256

Note:- It's not a cipher specific issue.

[dgarske]

Hi @swamidas1998 , Thank you for the report. @rizlik will review this report. Thanks, David Garske, wolfSSL