We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent ce4630f commit 12efd78Copy full SHA for 12efd78
2 files changed
openid/association.py
@@ -532,7 +532,7 @@ def checkMessageSignature(self, message):
532
if not message_sig:
533
raise ValueError("%s has no sig." % (message,))
534
calculated_sig = self.getMessageSignature(message)
535
- return calculated_sig == message_sig
+ return cryptutil.const_eq(calculated_sig, message_sig)
536
537
538
def _makePairs(self, message):
openid/cryptutil.py
@@ -218,3 +218,13 @@ def randomString(length, chrs=None):
218
else:
219
n = len(chrs)
220
return ''.join([chrs[randrange(n)] for _ in xrange(length)])
221
+
222
+def const_eq(s1, s2):
223
+ if len(s1) != len(s2):
224
+ return False
225
226
+ result = True
227
+ for i in range(len(s1)):
228
+ result = result and (s1[i] == s2[i])
229
230
+ return result
0 commit comments