From 121047232026505d0e23de1cc15137d986a4b4b4 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 12 Nov 2010 17:28:11 +0100
Subject: Added alert in stream cipher case.

Also changed alert to BAD_RECORD_MAC as:

"differentiating between bad_record_mac and decryption_failed alerts
may permit certain attacks against CBC mode as used in TLS
[CBCATT].  It is preferable to uniformly use the bad_record_mac
alert to hide the specific type of the error."

Also cleaned up the code and changed a few other alert reasons in
according to alert descriptions in the TLS RFC 4346. And added function
terminate_alert/3 so that we can differentiate between a crash
in ssl (a bug in our code) and a crash in the application using ssl.
---
 lib/ssl/src/ssl_tls1.erl | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'lib/ssl/src/ssl_tls1.erl')

diff --git a/lib/ssl/src/ssl_tls1.erl b/lib/ssl/src/ssl_tls1.erl
index dd66418dd8..88394b23ba 100644
--- a/lib/ssl/src/ssl_tls1.erl
+++ b/lib/ssl/src/ssl_tls1.erl
@@ -132,15 +132,12 @@ mac_hash(Method, Mac_write_secret, Seq_num, Type, {Major, Minor},
     case Method of
         ?NULL -> ok;
         _ ->
-	    ?DBG_HEX(Mac_write_secret),
-	    ?DBG_HEX(hash(Method, Fragment)),
             ok
     end,
     Mac = hmac_hash(Method, Mac_write_secret, 
 		    [<<?UINT64(Seq_num), ?BYTE(Type), 
 		      ?BYTE(Major), ?BYTE(Minor), ?UINT16(Length)>>, 
 		     Fragment]),
-    ?DBG_HEX(Mac),
     Mac.
 
 -spec suites() -> [cipher_suite()].
-- 
cgit v1.2.3