Mercurial > openid
comparison src/ur/openid.ur @ 43:00c8f43be8b7
Secure HMAC comparison
Fixes bug 67
| author | Robin Green <greenrd@greenrd.org> |
|---|---|
| date | Sat, 02 Jul 2011 20:34:26 +0100 |
| parents | f6b3fbf10dac |
| children | f8c9e1e4d337 |
comparison
equal
deleted
inserted
replaced
| 42:1068de1623a5 | 43:00c8f43be8b7 |
|---|---|
| 321 let | 321 let |
| 322 val sign' = case atype of | 322 val sign' = case atype of |
| 323 HMAC_SHA256 => OpenidFfi.hmac_sha256 key nvps | 323 HMAC_SHA256 => OpenidFfi.hmac_sha256 key nvps |
| 324 | HMAC_SHA1 => OpenidFfi.hmac_sha1 key nvps | 324 | HMAC_SHA1 => OpenidFfi.hmac_sha1 key nvps |
| 325 in | 325 in |
| 326 if sign' = sign then | 326 if secCmp sign' sign then |
| 327 return None | 327 return None |
| 328 else | 328 else |
| 329 return (Some "Signatures don't match") | 329 return (Some "Signatures don't match") |
| 330 end | 330 end |
| 331 | Some (left, _) => return (Some ("openid.signed is missing required fields: " ^ show left)) | 331 | Some (left, _) => return (Some ("openid.signed is missing required fields: " ^ show left)) |