Mercurial > openid
diff src/c/openid.c @ 43:00c8f43be8b7
Secure HMAC comparison
Fixes bug 67
| author | Robin Green <greenrd@greenrd.org> |
|---|---|
| date | Sat, 02 Jul 2011 20:34:26 +0100 |
| parents | 1068de1623a5 |
| children | ba203b170476 |
line wrap: on
line diff
--- a/src/c/openid.c Sun Jun 12 18:12:47 2011 -0400 +++ b/src/c/openid.c Sat Jul 02 20:34:26 2011 +0100 @@ -569,6 +569,14 @@ return base64(ctx, bufO, len1); } +uw_Basis_bool __attribute__((optimize(0))) uw_OpenidFfi_secCmp(uw_context ctx, uw_Basis_string s1, uw_Basis_string s2) { + int i, x = 0, len1 = strlen(s1); + if (len1 != strlen(s2)) return 0; + for (i = 0; i < len1; ++i) + x |= s1[i] ^ s2[i]; + return x == 0; +} + uw_OpenidFfi_inputs uw_OpenidFfi_remode(uw_context ctx, uw_OpenidFfi_outputs out, uw_Basis_string mode) { uw_OpenidFfi_inputs in = uw_OpenidFfi_createInputs(ctx); char *s;