From 671f932a8785820098f8ec49cf193d9b290d321c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 10 Jul 2018 11:15:36 +0200
Subject: [PATCH] Avoid debug message that might leak length

The length to the debug message could conceivably leak through the time it
takes to print it, and that length would in turn reveal whether padding was
correct or not.
---
 library/ssl_tls.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1a15dfceb..32d62ca22 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1953,8 +1953,10 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
 
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
     MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
                    ssl->in_msg, ssl->in_msglen );
+#endif
 
     /*
      * Authenticate if not done yet.