commit 40865c8e5d065c02d1e73c3c60d99e68eee0a0b0
author Paul Bakker <p.j.bakker@polarssl.org> Thu Jan 31 17:13:13 2013 +0100
committer Paul Bakker <p.j.bakker@polarssl.org> Sat Feb 02 19:04:13 2013 +0100
tree 2ef137d0d7017b35c005141bf8b063523a416d43
parent d66f070d492ef75405baad9f0d018b1bd06862c8

Added sending of alert messages in case of decryption failures as per RFC

The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index c6f90a2..86a7727 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@
    * Allow enabling of dummy error_strerror() to support some use-cases
    * Debug messages about padding errors during SSL message decryption are
      disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL 
+   * Sending of security-relevant alert messages that do not break
+     interoperability can be switched on/off with the flag
+	 POLARSSL_SSL_ALL_ALERT_MESSAGES
 
 Security
    * Removed timing differences during SSL message decryption in

include/polarssl/config.h

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index e7de136..456c77c 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -239,6 +239,20 @@
 #define POLARSSL_SELF_TEST
 
 /**
+ * \def POLARSSL_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, PolarSSL can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define POLARSSL_SSL_ALERT_MESSAGES
+
+/**
  * \def POLARSSL_SSL_DEBUG_ALL
  *
  * Enable the debug messages in SSL module for all issues.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0fae076..4194ac0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1975,6 +1975,14 @@
     {
         if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
         {
+#if defined(POLARSSL_SSL_ALERT_MESSAGES)
+            if( ret == POLARSSL_ERR_SSL_INVALID_MAC )
+            {
+                ssl_send_alert_message( ssl,
+                                        SSL_ALERT_LEVEL_FATAL,
+                                        SSL_ALERT_MSG_BAD_RECORD_MAC );
+            }
+#endif
             SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
             return( ret );
         }