From 48b7cb8ea2fb5a25a010a6c15bc55c27f7cd4975 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Mon, 11 Mar 2013 15:59:03 +0100
Subject: [PATCH] Disable debug messages that can introduce a timing side
 channel.

Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
(cherry picked from commit d66f070d492ef75405baad9f0d018b1bd06862c8)

Conflicts:
	include/polarssl/config.h
	library/ssl_tls.c
---
 ChangeLog                 |  2 ++
 include/polarssl/config.h | 16 ++++++++++++++++
 library/ssl_tls.c         |  7 ++++++-
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 5884e498d..5afc2a1dc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,8 @@ PolarSSL ChangeLog
 = Branch 1.1
 Changes
    * Allow enabling of dummy error_strerror() to support some use-cases
+   * Debug messages about padding errors during SSL message decryption are
+     disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
 
 Security
    * Removed timing differences during SSL message decryption in
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 110e3b4b5..e597edf9a 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -216,6 +216,22 @@
  */
 #define POLARSSL_SELF_TEST
 
+/**
+ * \def POLARSSL_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+#define POLARSSL_SSL_DEBUG_ALL
+ */
+
 /**
  * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
  *
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 95e912f0d..2c618a7ff 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -769,9 +769,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
 
         if( ssl->in_msglen < ssl->maclen + padlen )
         {
+#if defined(POLARSSL_SSL_DEBUG_ALL)
             SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
                         ssl->in_msglen, ssl->maclen, padlen ) );
-
+#endif
             padlen = 0;
             fake_padlen = 256;
             correct = 0;
@@ -781,9 +782,11 @@ static int ssl_decrypt_buf( ssl_context *ssl )
         {
             if( padlen > ssl->ivlen )
             {
+#if defined(POLARSSL_SSL_DEBUG_ALL)
                 SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
                                     "should be no more than %d",
                                padlen, ssl->ivlen ) );
+#endif
                 correct = 0;
             }
         }
@@ -809,8 +812,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
                 else
                     minlen = 1;
             }
+#if defined(POLARSSL_SSL_DEBUG_ALL)
             if( padlen > 0 && correct == 0)
                 SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
+#endif
         }
     }