Skip to content
Commits on Jan 1, 2011
  1. depend on json

    committed Jan 1, 2011
  2. v1.030099_005

        * Remove calls to util::ejs and util::eurl; use JSON and URI::Escape
          directly (Robert Norris)
    committed Jan 1, 2011
  3. use proper json and uri escapers

    committed Jan 1, 2011
Commits on Dec 17, 2010
  1. v1.030099_004

        * Added example CGI program (Robert Norris)
    
        * Added missing error messages (Mario Domgoergen)
    committed Dec 18, 2010
  2. @mdom

    error messages sorted and intended

    mdom committed Dec 17, 2010
  3. @mdom

    added missing error messages

    mdom committed Dec 17, 2010
Commits on Nov 13, 2010
  1. include lwp

    committed Nov 13, 2010
Commits on Nov 12, 2010
  1. example cgi

    committed Nov 13, 2010
Commits on Nov 9, 2010
  1. add link to group as homepage

    committed Nov 9, 2010
Commits on Nov 8, 2010
  1. v1.030099_003

        * Add namespace to check_authentication signature verification calls to
          fix stateless mode against strict OPs (Robert Norris)
    
        * Documentation tweaks (Robert Norris)
    committed Nov 9, 2010
  2. add namespace to check_authentication signature verification calls to…

    … fix stateless mode against strict OPs
    committed Nov 9, 2010
  3. doc tweaks

    committed Nov 8, 2010
Commits on Nov 7, 2010
  1. v1.030099_002

    committed Nov 7, 2010
  2. version bump

    committed Nov 7, 2010
Commits on Nov 6, 2010
  1. v1.030099_001

        * Use Crypt::DH::GMP over Crypt::DH for speed (Robert Norris)
    
        * Fix potential timing attack when checking signatures (Adam Sjøgren)
          (see http://lists.openid.net/pipermail/openid-security/2010-July/001156.html)
    
    	* Set sreg namespace based on what the server is expecting
          (Adam Sjøgren)
    
    	* Moved some utility bits out to a separate Net::OpenID::Common
    	  package so that Net::OpenID::Server can use it in future
    	  versions.
    committed Nov 6, 2010
  2. dist metadata

    committed Nov 6, 2010
  3. more dzil support

    committed Nov 6, 2010
  4. gitignore

    committed Nov 6, 2010
  5. changes is more standard

    committed Nov 6, 2010
Commits on Nov 5, 2010
  1. changelog version

    committed Nov 6, 2010
  2. remove shipit files

    committed Nov 6, 2010
Commits on Nov 4, 2010
  1. switch to int conversion funcs

    committed Nov 5, 2010
  2. use digest:sha for hmac stuff

    committed Nov 4, 2010
  3. get crypt::dh stuff from -common

    committed Nov 4, 2010
Commits on Nov 3, 2010
  1. dzil version stuff

    committed Nov 4, 2010
Commits on Oct 25, 2010
  1. explicitly use crypt::dh::gmp

    committed Oct 26, 2010
  2. version bump and changelog update

    committed Oct 26, 2010
  3. Merge branch 'dist-zilla'

    committed Oct 26, 2010
  4. Merge branch 'asjo-timing-attack'

    committed Oct 26, 2010
  5. Merge branch 'asjo-fixes'

    committed Oct 26, 2010
  6. dzil config

    committed Oct 25, 2010
Commits on Oct 23, 2010
  1. @asjo

    Try handling possible Timing Attack problems

    See http://lists.openid.net/pipermail/openid-security/2010-July/001156.html
    and:
    
    $ perl -MBenchmark -e '$x="x" x 10000000; $y="y" . "x" x 9999999; Benchmark::timethese(100000000, { same=>sub { $x eq $x }, different=>sub { $x eq $y } });'
    Benchmark: timing 100000000 iterations of different, same...
     different:  9 wallclock secs ( 8.70 usr +  0.04 sys =  8.74 CPU) @ 11441647.60/s (n=100000000)
          same:  9 wallclock secs ( 9.88 usr +  0.08 sys =  9.96 CPU) @ 10040160.64/s (n=100000000)
    $
    
    Benchmark of new OpenID::util::timing_indep_eq():
    
    Benchmark: timing 10 iterations of different, same...
     different: 39 wallclock secs (38.23 usr +  0.43 sys = 38.66 CPU) @  0.26/s (n=10)
          same: 38 wallclock secs (37.51 usr +  0.33 sys = 37.84 CPU) @  0.26/s (n=10)
    asjo committed with Jul 17, 2010
Something went wrong with that request. Please try again.