diff src/ur/openid.ur @ 43:00c8f43be8b7

Secure HMAC comparison Fixes bug 67
author Robin Green <greenrd@greenrd.org>
date Sat, 02 Jul 2011 20:34:26 +0100
parents f6b3fbf10dac
children f8c9e1e4d337
line wrap: on
line diff
--- a/src/ur/openid.ur	Sun Jun 12 18:12:47 2011 -0400
+++ b/src/ur/openid.ur	Sat Jul 02 20:34:26 2011 +0100
@@ -323,7 +323,7 @@
                                         HMAC_SHA256 => OpenidFfi.hmac_sha256 key nvps
                                       | HMAC_SHA1 => OpenidFfi.hmac_sha1 key nvps
                     in
-                        if sign' = sign then
+                        if secCmp sign' sign then
                             return None
                         else
                             return (Some "Signatures don't match")