use strict time constant version of and and bytestring == during Reception.
This commit is contained in:
parent
bb9d46447f
commit
09e32f10c7
1 changed files with 3 additions and 7 deletions
|
@ -181,9 +181,7 @@ getCipherData (Record pt ver _) cdata = do
|
||||||
Just digest -> do
|
Just digest -> do
|
||||||
let new_hdr = Header pt ver (fromIntegral $ B.length $ cipherDataContent cdata)
|
let new_hdr = Header pt ver (fromIntegral $ B.length $ cipherDataContent cdata)
|
||||||
expected_digest <- makeDigest False new_hdr $ cipherDataContent cdata
|
expected_digest <- makeDigest False new_hdr $ cipherDataContent cdata
|
||||||
if expected_digest == digest
|
return (expected_digest `bytesEq` digest)
|
||||||
then return True
|
|
||||||
else return False
|
|
||||||
|
|
||||||
-- check if the padding is filled with the correct pattern if it exists
|
-- check if the padding is filled with the correct pattern if it exists
|
||||||
paddingValid <- case cipherDataPadding cdata of
|
paddingValid <- case cipherDataPadding cdata of
|
||||||
|
@ -191,11 +189,9 @@ getCipherData (Record pt ver _) cdata = do
|
||||||
Just pad -> do
|
Just pad -> do
|
||||||
cver <- stVersion <$> get
|
cver <- stVersion <$> get
|
||||||
let b = B.length pad - 1
|
let b = B.length pad - 1
|
||||||
if cver < TLS10
|
return (if cver < TLS10 then True else B.replicate (B.length pad) (fromIntegral b) `bytesEq` pad)
|
||||||
then return True
|
|
||||||
else return $ maybe True (const False) $ B.find (/= fromIntegral b) pad
|
|
||||||
|
|
||||||
unless (and $! [ macValid, paddingValid ]) $ do
|
unless (macValid &&! paddingValid) $ do
|
||||||
throwError $ Error_Protocol ("bad record mac", True, BadRecordMac)
|
throwError $ Error_Protocol ("bad record mac", True, BadRecordMac)
|
||||||
|
|
||||||
return $ cipherDataContent cdata
|
return $ cipherDataContent cdata
|
||||||
|
|
Loading…
Reference in a new issue