Merge pull request #697 from vincenthz/master

Use const time equality from byteable instead of crypto-api
2014-03-18 14:13:20 +02:00 · 2014-03-18 14:13:20 +02:00 · bb97d83853
commit bb97d83853
parent 43baddd1eb 8d07d1fa72
2 changed files with 3 additions and 3 deletions
--- a/yesod-form/Yesod/Form/Functions.hs
+++ b/yesod-form/Yesod/Form/Functions.hs
@ -50,7 +50,7 @@ import Control.Arrow (second)
 import Control.Monad.Trans.RWS (ask, get, put, runRWST, tell, evalRWST, local)
 import Control.Monad.Trans.Class
 import Control.Monad (liftM, join)
-import Crypto.Classes (constTimeEq)
+import Data.Byteable (constEqBytes)
 import Text.Blaze (Markup, toMarkup)
 #define Html Markup
 #define toHtml toMarkup
@ -223,7 +223,7 @@ postHelper form env = do
                    | not (Map.lookup tokenKey params === reqToken req) ->
                        FormFailure [renderMessage m langs MsgCsrfWarning]
                _ -> res
-            where (Just [t1]) === (Just t2) = TE.encodeUtf8 t1 `constTimeEq` TE.encodeUtf8 t2
+            where (Just [t1]) === (Just t2) = TE.encodeUtf8 t1 `constEqBytes` TE.encodeUtf8 t2
                  Nothing     === Nothing   = True   -- It's important to use constTimeEq
                  _           === _         = False  -- in order to avoid timing attacks.
    return ((res', xml), enctype)
--- a/yesod-form/yesod-form.cabal
+++ b/yesod-form/yesod-form.cabal
@ -35,7 +35,7 @@ library
                   , blaze-html            >= 0.5
                   , blaze-markup          >= 0.5.1
                   , attoparsec            >= 0.10
-                   , crypto-api            >= 0.8
+                   , byteable
                   , aeson
                   , resourcet