diff options
author | Ingela Anderton Andin <[email protected]> | 2015-01-26 08:36:03 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2015-01-26 08:36:03 +0100 |
commit | 51bc4157763032e18342eefe1ccbd7f262505483 (patch) | |
tree | 772cf5da56cf94ab78ea68ccb2772fd061e2db61 /lib/ssl/src/ssl_record.erl | |
parent | e3175a030bcb3ddbdea328c218bcc79913b746c1 (diff) | |
parent | e53c55dd0ab69982bc511396ccf8655d27c6d38c (diff) | |
download | otp-51bc4157763032e18342eefe1ccbd7f262505483.tar.gz otp-51bc4157763032e18342eefe1ccbd7f262505483.tar.bz2 otp-51bc4157763032e18342eefe1ccbd7f262505483.zip |
Merge branch 'ia/ssl/maint/poddle/OTP-12420' into maint
* ia/ssl/maint/poddle/OTP-12420:
ssl: Reenable padding check for TLS-1.0 and provide backwards compatible disable option
Diffstat (limited to 'lib/ssl/src/ssl_record.erl')
-rw-r--r-- | lib/ssl/src/ssl_record.erl | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl index 7337225bc4..025a46bf65 100644 --- a/lib/ssl/src/ssl_record.erl +++ b/lib/ssl/src/ssl_record.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2013-2014. All Rights Reserved. +%% Copyright Ericsson AB 2013-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -48,7 +48,7 @@ -export([compress/3, uncompress/3, compressions/0]). %% Payload encryption/decryption --export([cipher/4, decipher/3, is_correct_mac/2]). +-export([cipher/4, decipher/4, is_correct_mac/2]). -export_type([ssl_version/0, ssl_atom_version/0]). @@ -376,8 +376,9 @@ cipher(Version, Fragment, {CipherFragment, CipherS1} = ssl_cipher:cipher(BulkCipherAlgo, CipherS0, MacHash, Fragment, Version), {CipherFragment, WriteState0#connection_state{cipher_state = CipherS1}}. + %%-------------------------------------------------------------------- --spec decipher(ssl_version(), binary(), #connection_state{}) -> {binary(), binary(), #connection_state{}} | #alert{}. +-spec decipher(ssl_version(), binary(), #connection_state{}, boolean()) -> {binary(), binary(), #connection_state{}} | #alert{}. %% %% Description: Payload decryption %%-------------------------------------------------------------------- @@ -387,8 +388,8 @@ decipher(Version, CipherFragment, BulkCipherAlgo, hash_size = HashSz}, cipher_state = CipherS0 - } = ReadState) -> - case ssl_cipher:decipher(BulkCipherAlgo, HashSz, CipherS0, CipherFragment, Version) of + } = ReadState, PaddingCheck) -> + case ssl_cipher:decipher(BulkCipherAlgo, HashSz, CipherS0, CipherFragment, Version, PaddingCheck) of {PlainFragment, Mac, CipherS1} -> CS1 = ReadState#connection_state{cipher_state = CipherS1}, {PlainFragment, Mac, CS1}; |