diff options
author | Vlastimil Zíma <vlastimil.zima@nic.cz> | 2018-05-17 13:47:11 +0200 |
---|---|---|
committer | Vlastimil Zíma <vlastimil.zima@nic.cz> | 2018-05-17 13:47:11 +0200 |
commit | 74d2eed6fa17d3ec0ba3b5d32ab0f30f27ab7b8b (patch) | |
tree | 2db5811c68c2485daf12d23338b0d48578c8a86e | |
parent | ce2705ff6d3583c800f8f5974bed6f1de11f1d3c (diff) | |
parent | 6f6b6972036adc5d1937fbb4f63c0b279d630cb7 (diff) | |
download | openid-74d2eed6fa17d3ec0ba3b5d32ab0f30f27ab7b8b.tar.gz |
Merge branch 'refactor-signature-check'
-rw-r--r-- | openid/association.py | 3 | ||||
-rw-r--r-- | openid/cryptutil.py | 11 | ||||
-rw-r--r-- | setup.py | 1 |
3 files changed, 3 insertions, 12 deletions
diff --git a/openid/association.py b/openid/association.py index de607f4..ca063bd 100644 --- a/openid/association.py +++ b/openid/association.py @@ -28,6 +28,7 @@ from __future__ import unicode_literals import time import six +from cryptography.hazmat.primitives.constant_time import bytes_eq from openid import cryptutil, kvform, oidutil from openid.message import OPENID_NS @@ -513,7 +514,7 @@ class Association(object): if not message_sig: raise ValueError("%s has no sig." % (message,)) calculated_sig = self.getMessageSignature(message) - return cryptutil.const_eq(calculated_sig, message_sig) + return bytes_eq(calculated_sig.encode('utf-8'), message_sig.encode('utf-8')) def _makePairs(self, message): signed = message.getArg(OPENID_NS, 'signed') diff --git a/openid/cryptutil.py b/openid/cryptutil.py index 3fddee6..86c3e86 100644 --- a/openid/cryptutil.py +++ b/openid/cryptutil.py @@ -182,14 +182,3 @@ def longToBase64(l): def base64ToLong(s): return binaryToLong(fromBase64(s)) - - -def const_eq(s1, s2): - if len(s1) != len(s2): - return False - - result = True - for i in range(len(s1)): - result = result and (s1[i] == s2[i]) - - return result @@ -13,6 +13,7 @@ if 'sdist' in sys.argv: VERSION = __import__('openid').__version__ INSTALL_REQUIRES = [ 'six', + 'cryptography', 'lxml;platform_python_implementation=="CPython"', 'lxml <4.0;platform_python_implementation=="PyPy"', ] |