Mbed TLS is now part of TrustedFirmware.org.

Bad MAC error

Jul 14, 2015 14:11


I am using Polar SSL code for encryption and decryption.My client application is sending data of size 16KB. PolarSSL gives POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE. Please let me know what can be possible reasons for the same.

Thanks in advance.

Thanks & Regards Suman

Jul 15, 2015 08:57
Manuel Pégourié-Gonnard

So you're doing TLS, right? The TLS protocol has a limit on the size of the records, which is 16k (before encryption). So if you send slightly more than that, the implementation on the other right can reject your record ans send you a fatal alert, which seems to be the case. Even if you're sending slightly less than 16k, the implementation on the other side might reject your record if it's configured to use a smaller buffer or didn't get the limits exactly right.

The solution is simple : send 8k then 8k. Anyway TLS is a stream protocol, it doesn't guarantee that record boundaries will be preserved (just as TCP), so the application on the other side should be prepared to handle that.