From a795323cd503fb9579b3561814e7500ab982ce5f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 7 Aug 2018 14:29:29 +0100
Subject: [PATCH] Move debugging output after record decryption

The debugging call printing the decrypted record payload happened
before updating ssl->in_msglen.
---
 library/ssl_tls.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 274d00456..93bcde424 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4340,13 +4340,14 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
             return( ret );
         }
 
-        MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
-                       ssl->in_msg, ssl->in_msglen );
 
         ssl->in_msglen = rec.data_len;
         ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 );
         ssl->in_len[1] = (unsigned char)( rec.data_len      );
 
+        MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
+                       ssl->in_msg, ssl->in_msglen );
+
         if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );