Mercurial > openid
diff src/ur/openid.ur @ 43:00c8f43be8b7
Secure HMAC comparison
Fixes bug 67
author | Robin Green <greenrd@greenrd.org> |
---|---|
date | Sat, 02 Jul 2011 20:34:26 +0100 |
parents | f6b3fbf10dac |
children | f8c9e1e4d337 |
line wrap: on
line diff
--- a/src/ur/openid.ur Sun Jun 12 18:12:47 2011 -0400 +++ b/src/ur/openid.ur Sat Jul 02 20:34:26 2011 +0100 @@ -323,7 +323,7 @@ HMAC_SHA256 => OpenidFfi.hmac_sha256 key nvps | HMAC_SHA1 => OpenidFfi.hmac_sha1 key nvps in - if sign' = sign then + if secCmp sign' sign then return None else return (Some "Signatures don't match")