Disable debug messages that can introduce a timing side channel.

Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug messages in case somebody does want to see the reason checks fail. (cherry picked from commit d66f070d49) Conflicts: include/polarssl/config.h library/ssl_tls.c
2024-11-26 04:35:44 +01:00 · 2013-03-11 15:59:03 +01:00 · 2013-03-11 15:59:03 +01:00 · 48b7cb8ea2
commit 48b7cb8ea2
parent 6a229c1f8c
3 changed files with 24 additions and 1 deletions
--- a/2
+++ b/2
@ -3,6 +3,8 @@ PolarSSL ChangeLog
 = Branch 1.1
 Changes
   * Allow enabling of dummy error_strerror() to support some use-cases
+   * Debug messages about padding errors during SSL message decryption are
+     disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL

 Security
   * Removed timing differences during SSL message decryption in
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -216,6 +216,22 @@
 */
 #define POLARSSL_SELF_TEST

+/**
+ * \def POLARSSL_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+#define POLARSSL_SSL_DEBUG_ALL
+ */
+
 /**
 * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 *
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -769,9 +769,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )

        if( ssl->in_msglen < ssl->maclen + padlen )
        {
+#if defined(POLARSSL_SSL_DEBUG_ALL)
            SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
                        ssl->in_msglen, ssl->maclen, padlen ) );
-
+#endif
            padlen = 0;
            fake_padlen = 256;
            correct = 0;
@ -781,9 +782,11 @@ static int ssl_decrypt_buf( ssl_context *ssl )
        {
            if( padlen > ssl->ivlen )
            {
+#if defined(POLARSSL_SSL_DEBUG_ALL)
                SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
                                    "should be no more than %d",
                               padlen, ssl->ivlen ) );
+#endif
                correct = 0;
            }
        }
@ -809,8 +812,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
                else
                    minlen = 1;
            }
+#if defined(POLARSSL_SSL_DEBUG_ALL)
            if( padlen > 0 && correct == 0)
                SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
+#endif
        }
    }