austin seipp wrote:
Here's a version that produces predictable results:uw_Basis_bool uw_OpenidFfi_secCmp(uw_context ctx, uw_Basis_string s1, uw_Basis_string s2) { int i, x = 0, len1 = strlen(s1); if (len1 != strlen(s2)) return 0; for (i = 0; i< len1; ++i) { __asm__ __volatile__ (""); x |= s1[i] ^ s2[i]; } return x == 0; }
I've added that version to the base Ur/Web distribution, since there's comparison of cryptographic signatures there too, and I've changed the openid library to call that function. Thanks for you research on this!
_______________________________________________ Ur mailing list [email protected] http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
