Permalink
Browse files

Use constant-time comparison of signatures to mitigate timing attacks

  • Loading branch information...
1 parent 9171ae5 commit affbf7c0e8d69048838230035a7add428f75d608 Carl Howells committed Jul 19, 2010
Showing with 12 additions and 1 deletion.
  1. +1 −1 lib/openid/association.rb
  2. +11 −0 lib/openid/cryptutil.rb
@@ -125,7 +125,7 @@ def check_message_signature(message)
raise ProtocolError, "#{message} has no sig."
end
calculated_sig = get_message_signature(message)
- return calculated_sig == message_sig
+ return CryptUtil.const_eq(calculated_sig, message_sig)
end
# Get the signature for this message
View
@@ -100,5 +100,16 @@ def CryptUtil.num_to_base64(l)
def CryptUtil.base64_to_num(s)
return binary_to_num(OpenID::Util.from_base64(s))
end
+
+ def CryptUtil.const_eq(s1, s2)
+ if s1.length != s2.length
+ return false
+ end
+ result = true
+ s1.length.times do |i|
+ result &= (s1[i] == s2[i])
+ end
+ return result
+ end
end
end

0 comments on commit affbf7c

Please sign in to comment.