Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Jan 1, 2011
  1. depend on json

    authored
  2. v1.030099_005

    authored
        * Remove calls to util::ejs and util::eurl; use JSON and URI::Escape
          directly (Robert Norris)
  3. use proper json and uri escapers

    authored
Commits on Dec 17, 2010
  1. v1.030099_004

    authored
        * Added example CGI program (Robert Norris)
    
        * Added missing error messages (Mario Domgoergen)
  2. @mdom
  3. @mdom

    added missing error messages

    mdom authored
Commits on Nov 13, 2010
  1. include lwp

    authored
Commits on Nov 12, 2010
  1. example cgi

    authored
Commits on Nov 9, 2010
  1. add link to group as homepage

    authored
Commits on Nov 8, 2010
  1. v1.030099_003

    authored
        * Add namespace to check_authentication signature verification calls to
          fix stateless mode against strict OPs (Robert Norris)
    
        * Documentation tweaks (Robert Norris)
  2. add namespace to check_authentication signature verification calls to…

    authored
    … fix stateless mode against strict OPs
  3. doc tweaks

    authored
Commits on Nov 7, 2010
  1. v1.030099_002

    authored
  2. version bump

    authored
Commits on Nov 6, 2010
  1. v1.030099_001

    authored
        * Use Crypt::DH::GMP over Crypt::DH for speed (Robert Norris)
    
        * Fix potential timing attack when checking signatures (Adam Sjøgren)
          (see http://lists.openid.net/pipermail/openid-security/2010-July/001156.html)
    
    	* Set sreg namespace based on what the server is expecting
          (Adam Sjøgren)
    
    	* Moved some utility bits out to a separate Net::OpenID::Common
    	  package so that Net::OpenID::Server can use it in future
    	  versions.
  2. dist metadata

    authored
  3. more dzil support

    authored
  4. gitignore

    authored
  5. changes is more standard

    authored
Commits on Nov 5, 2010
  1. changelog version

    authored
  2. remove shipit files

    authored
Commits on Nov 4, 2010
  1. switch to int conversion funcs

    authored
  2. use digest:sha for hmac stuff

    authored
  3. get crypt::dh stuff from -common

    authored
Commits on Nov 3, 2010
  1. dzil version stuff

    authored
Commits on Oct 25, 2010
  1. explicitly use crypt::dh::gmp

    authored
  2. version bump and changelog update

    authored
  3. Merge branch 'dist-zilla'

    authored
  4. Merge branch 'asjo-timing-attack'

    authored
  5. Merge branch 'asjo-fixes'

    authored
  6. dzil config

    authored
Commits on Oct 23, 2010
  1. @asjo

    Try handling possible Timing Attack problems

    asjo authored committed
    See http://lists.openid.net/pipermail/openid-security/2010-July/001156.html
    and:
    
    $ perl -MBenchmark -e '$x="x" x 10000000; $y="y" . "x" x 9999999; Benchmark::timethese(100000000, { same=>sub { $x eq $x }, different=>sub { $x eq $y } });'
    Benchmark: timing 100000000 iterations of different, same...
     different:  9 wallclock secs ( 8.70 usr +  0.04 sys =  8.74 CPU) @ 11441647.60/s (n=100000000)
          same:  9 wallclock secs ( 9.88 usr +  0.08 sys =  9.96 CPU) @ 10040160.64/s (n=100000000)
    $
    
    Benchmark of new OpenID::util::timing_indep_eq():
    
    Benchmark: timing 10 iterations of different, same...
     different: 39 wallclock secs (38.23 usr +  0.43 sys = 38.66 CPU) @  0.26/s (n=10)
          same: 38 wallclock secs (37.51 usr +  0.33 sys = 37.84 CPU) @  0.26/s (n=10)
Something went wrong with that request. Please try again.