Topic: [SOLVED] Decrypt problem in WolfSSL
Hello:
I 'm using the wolfSSL library to secure an MQTT connection with AWS IoT using mutual authentication. A device publishes messages and subscribes to a couple of topics.
So far, I don't have any problem publishing, but eventually, I have decryption problems when receiving a message.
So basically everything works fine until at some point I get this message in the console;
.....SendAlert.....2 20
which comes from SendAlert(), and means severity: 2, type:20
Debugging the issue, I found problem happens in Decrypt() (internal.c), in case wolfssl_aes_gcm which calls function wc_AesGcmDecrypt() returning VERIFY_MAC_ERROR -305
Above function is called from ProcessReply() which will return DECRYPT_ERROR -312 ; which in turns is called by wolfSSL_read() from mqtt_packet_read() function.
Here is the debug info printed when using #define DEBUG_WOLFSSL option in settings.
wolfSSL Entering AesGcmDecrypt
.....SendAlert.....2 20
growing output buffer
wolfSSL Entering AesGcmEncrypt
Shrinking output buffer
Decrypt failed
wolfSSL error occurred, error = -305
wolfSSL error occurred, error = -312
wolfSSL Leaving wolfSSL_read_internal(), return -312
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -312
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
User calling wolfSSL_read in error state, not allowed
wolfSSL Leaving wolfSSL_read_internal(), return -312
Additionally, from this point on, the publishing is not longer working as the stack remains in an internal error state, so it basically blocks the device for further communication. (I see the publishing messages being sent - also see tcp packes in wireshark - but it seems the server discards these messages as they probably have something wrong...)
My questions are:
1) what could cause this error? I tried with different messages and I can't see a relation with a message type.
2) in case I can't avoid this error; how I can recover from this situation? What should I do to lose the received packet but continue with rest of tasks?
Thanks in advance
Regards;
Gus