comparison src/ur/openid.ur @ 43:00c8f43be8b7

Secure HMAC comparison Fixes bug 67
author Robin Green <greenrd@greenrd.org>
date Sat, 02 Jul 2011 20:34:26 +0100
parents f6b3fbf10dac
children f8c9e1e4d337
comparison
equal deleted inserted replaced
42:1068de1623a5 43:00c8f43be8b7
321 let 321 let
322 val sign' = case atype of 322 val sign' = case atype of
323 HMAC_SHA256 => OpenidFfi.hmac_sha256 key nvps 323 HMAC_SHA256 => OpenidFfi.hmac_sha256 key nvps
324 | HMAC_SHA1 => OpenidFfi.hmac_sha1 key nvps 324 | HMAC_SHA1 => OpenidFfi.hmac_sha1 key nvps
325 in 325 in
326 if sign' = sign then 326 if secCmp sign' sign then
327 return None 327 return None
328 else 328 else
329 return (Some "Signatures don't match") 329 return (Some "Signatures don't match")
330 end 330 end
331 | Some (left, _) => return (Some ("openid.signed is missing required fields: " ^ show left)) 331 | Some (left, _) => return (Some ("openid.signed is missing required fields: " ^ show left))