diff options
| author | Ingela Anderton Andin <[email protected]> | 2015-01-13 15:16:20 +0100 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2015-01-23 11:10:39 +0100 |
| commit | e53c55dd0ab69982bc511396ccf8655d27c6d38c (patch) | |
| tree | da70f327bed2894cb82f1f22a063c06fa64cfc6c /lib/ssl/src/ssl_record.erl | |
| parent | 677cb69c4c919e40d074df3bae40338a375a4731 (diff) | |
| download | otp-e53c55dd0ab69982bc511396ccf8655d27c6d38c.tar.gz otp-e53c55dd0ab69982bc511396ccf8655d27c6d38c.tar.bz2 otp-e53c55dd0ab69982bc511396ccf8655d27c6d38c.zip | |
ssl: Reenable padding check for TLS-1.0 and provide backwards compatible
disable option
Conflicts:
lib/ssl/src/ssl_cipher.erl
lib/ssl/src/ssl_record.erl
lib/ssl/src/tls_record.erl
lib/ssl/test/ssl_cipher_SUITE.erl
Diffstat (limited to 'lib/ssl/src/ssl_record.erl')
| -rw-r--r-- | lib/ssl/src/ssl_record.erl | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl index 7337225bc4..025a46bf65 100644 --- a/lib/ssl/src/ssl_record.erl +++ b/lib/ssl/src/ssl_record.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2013-2014. All Rights Reserved. +%% Copyright Ericsson AB 2013-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -48,7 +48,7 @@ -export([compress/3, uncompress/3, compressions/0]). %% Payload encryption/decryption --export([cipher/4, decipher/3, is_correct_mac/2]). +-export([cipher/4, decipher/4, is_correct_mac/2]). -export_type([ssl_version/0, ssl_atom_version/0]). @@ -376,8 +376,9 @@ cipher(Version, Fragment, {CipherFragment, CipherS1} = ssl_cipher:cipher(BulkCipherAlgo, CipherS0, MacHash, Fragment, Version), {CipherFragment, WriteState0#connection_state{cipher_state = CipherS1}}. + %%-------------------------------------------------------------------- --spec decipher(ssl_version(), binary(), #connection_state{}) -> {binary(), binary(), #connection_state{}} | #alert{}. +-spec decipher(ssl_version(), binary(), #connection_state{}, boolean()) -> {binary(), binary(), #connection_state{}} | #alert{}. %% %% Description: Payload decryption %%-------------------------------------------------------------------- @@ -387,8 +388,8 @@ decipher(Version, CipherFragment, BulkCipherAlgo, hash_size = HashSz}, cipher_state = CipherS0 - } = ReadState) -> - case ssl_cipher:decipher(BulkCipherAlgo, HashSz, CipherS0, CipherFragment, Version) of + } = ReadState, PaddingCheck) -> + case ssl_cipher:decipher(BulkCipherAlgo, HashSz, CipherS0, CipherFragment, Version, PaddingCheck) of {PlainFragment, Mac, CipherS1} -> CS1 = ReadState#connection_state{cipher_state = CipherS1}, {PlainFragment, Mac, CS1}; |