From 40865c8e5d065c02d1e73c3c60d99e68eee0a0b0 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Thu, 31 Jan 2013 17:13:13 +0100
Subject: [PATCH] Added sending of alert messages in case of decryption
 failures as per RFC

The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
---
 ChangeLog                 |  3 +++
 include/polarssl/config.h | 14 ++++++++++++++
 library/ssl_tls.c         |  8 ++++++++
 3 files changed, 25 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index c6f90a299..86a77279a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ Changes
    * Allow enabling of dummy error_strerror() to support some use-cases
    * Debug messages about padding errors during SSL message decryption are
      disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL 
+   * Sending of security-relevant alert messages that do not break
+     interoperability can be switched on/off with the flag
+	 POLARSSL_SSL_ALL_ALERT_MESSAGES
 
 Security
    * Removed timing differences during SSL message decryption in
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index e7de136f7..456c77c74 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -238,6 +238,20 @@
  */
 #define POLARSSL_SELF_TEST
 
+/**
+ * \def POLARSSL_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, PolarSSL can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define POLARSSL_SSL_ALERT_MESSAGES
+
 /**
  * \def POLARSSL_SSL_DEBUG_ALL
  *
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0fae076ab..4194ac05c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1975,6 +1975,14 @@ int ssl_read_record( ssl_context *ssl )
     {
         if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
         {
+#if defined(POLARSSL_SSL_ALERT_MESSAGES)
+            if( ret == POLARSSL_ERR_SSL_INVALID_MAC )
+            {
+                ssl_send_alert_message( ssl,
+                                        SSL_ALERT_LEVEL_FATAL,
+                                        SSL_ALERT_MSG_BAD_RECORD_MAC );
+            }
+#endif
             SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
             return( ret );
         }