Mercurial > openid
comparison src/c/openid.c @ 43:00c8f43be8b7
Secure HMAC comparison
Fixes bug 67
| author | Robin Green <greenrd@greenrd.org> |
|---|---|
| date | Sat, 02 Jul 2011 20:34:26 +0100 |
| parents | 1068de1623a5 |
| children | ba203b170476 |
comparison
equal
deleted
inserted
replaced
| 42:1068de1623a5 | 43:00c8f43be8b7 |
|---|---|
| 567 bufO[i] = buf1[i] ^ buf2[i % len2]; | 567 bufO[i] = buf1[i] ^ buf2[i % len2]; |
| 568 | 568 |
| 569 return base64(ctx, bufO, len1); | 569 return base64(ctx, bufO, len1); |
| 570 } | 570 } |
| 571 | 571 |
| 572 uw_Basis_bool __attribute__((optimize(0))) uw_OpenidFfi_secCmp(uw_context ctx, uw_Basis_string s1, uw_Basis_string s2) { | |
| 573 int i, x = 0, len1 = strlen(s1); | |
| 574 if (len1 != strlen(s2)) return 0; | |
| 575 for (i = 0; i < len1; ++i) | |
| 576 x |= s1[i] ^ s2[i]; | |
| 577 return x == 0; | |
| 578 } | |
| 579 | |
| 572 uw_OpenidFfi_inputs uw_OpenidFfi_remode(uw_context ctx, uw_OpenidFfi_outputs out, uw_Basis_string mode) { | 580 uw_OpenidFfi_inputs uw_OpenidFfi_remode(uw_context ctx, uw_OpenidFfi_outputs out, uw_Basis_string mode) { |
| 573 uw_OpenidFfi_inputs in = uw_OpenidFfi_createInputs(ctx); | 581 uw_OpenidFfi_inputs in = uw_OpenidFfi_createInputs(ctx); |
| 574 char *s; | 582 char *s; |
| 575 | 583 |
| 576 for (s = out->start; *s; s = strchr(strchr(s, 0)+1, 0)+1) | 584 for (s = out->start; *s; s = strchr(strchr(s, 0)+1, 0)+1) |