diff options
Diffstat (limited to 'Auth')
| -rw-r--r-- | Auth/OpenID/Association.php | 2 | ||||
| -rw-r--r-- | Auth/OpenID/CryptUtil.php | 14 |
2 files changed, 15 insertions, 1 deletions
diff --git a/Auth/OpenID/Association.php b/Auth/OpenID/Association.php index d1ac1ed..2729138 100644 --- a/Auth/OpenID/Association.php +++ b/Auth/OpenID/Association.php @@ -374,7 +374,7 @@ class Auth_OpenID_Association { } $calculated_sig = $this->getMessageSignature($message); - return $calculated_sig == $sig; + return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig); } } diff --git a/Auth/OpenID/CryptUtil.php b/Auth/OpenID/CryptUtil.php index a926267..3c60cea 100644 --- a/Auth/OpenID/CryptUtil.php +++ b/Auth/OpenID/CryptUtil.php @@ -104,5 +104,19 @@ class Auth_OpenID_CryptUtil { return $str; } + + static function constEq($s1, $s2) + { + if (strlen($s1) != strlen($s2)) { + return false; + } + + $result = true; + $length = strlen($s1); + for ($i = 0; $i < $length; $i++) { + $result &= ($s1[$i] == $s2[$i]); + } + return $result; + } } |