Permalink
Browse files

Disable debug messages that can introduce a timing side channel.

Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
  • Loading branch information...
1 parent 4582999 commit d66f070d492ef75405baad9f0d018b1bd06862c8 Paul Bakker committed Jan 31, 2013
Showing with 24 additions and 1 deletion.
  1. +2 −0 ChangeLog
  2. +16 −0 include/polarssl/config.h
  3. +6 −1 library/ssl_tls.c
View
2 ChangeLog
@@ -3,6 +3,8 @@ PolarSSL ChangeLog
= Development
Changes
* Allow enabling of dummy error_strerror() to support some use-cases
+ * Debug messages about padding errors during SSL message decryption are
+ disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
Security
* Removed timing differences during SSL message decryption in
View
16 include/polarssl/config.h
@@ -239,6 +239,22 @@
#define POLARSSL_SELF_TEST
/**
+ * \def POLARSSL_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+#define POLARSSL_SSL_DEBUG_ALL
+ */
+
+/**
* \def POLARSSL_SSL_HW_RECORD_ACCEL
*
* Enable hooking functions in SSL module for hardware acceleration of
View
7 library/ssl_tls.c
@@ -1403,9 +1403,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
if( ssl->in_msglen < ssl->transform_in->maclen + padlen )
{
+#if defined(POLARSSL_SSL_DEBUG_ALL)
SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
ssl->in_msglen, ssl->transform_in->maclen, padlen ) );
-
+#endif
padlen = 0;
fake_padlen = 256;
correct = 0;
@@ -1415,9 +1416,11 @@ static int ssl_decrypt_buf( ssl_context *ssl )
{
if( padlen > ssl->transform_in->ivlen )
{
+#if defined(POLARSSL_SSL_DEBUG_ALL)
SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
"should be no more than %d",
padlen, ssl->transform_in->ivlen ) );
+#endif
correct = 0;
}
}
@@ -1443,8 +1446,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
else
minlen = 1;
}
+#if defined(POLARSSL_SSL_DEBUG_ALL)
if( padlen > 0 && correct == 0)
SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
+#endif
}
}

0 comments on commit d66f070

Please sign in to comment.