Avoid debug message that might leak length
The length to the debug message could conceivably leak through the time it
takes to print it, and that length would in turn reveal whether padding was
correct or not.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 272aba3..44237e0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1974,8 +1974,10 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
ssl->in_msg, ssl->in_msglen );
+#endif
/*
* Authenticate if not done yet.