diff --git a/lib/Auth/OpenID/Association.php b/lib/Auth/OpenID/Association.php
index d1ac1ed9b9d9618767b73df9ca54b2311acfc18f..2729138ebb1ee5886a956dfe810e037e2683f436 100644
--- a/lib/Auth/OpenID/Association.php
+++ b/lib/Auth/OpenID/Association.php
@@ -374,7 +374,7 @@ class Auth_OpenID_Association {
         }
 
         $calculated_sig = $this->getMessageSignature($message);
-        return $calculated_sig == $sig;
+        return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig);
     }
 }
 
diff --git a/lib/Auth/OpenID/BigMath.php b/lib/Auth/OpenID/BigMath.php
index 7fca2dc43ef67bce86f309e0048000e04dfaab13..58b46bf27b24bdfdf39225a3f19a3ea025e355d4 100644
--- a/lib/Auth/OpenID/BigMath.php
+++ b/lib/Auth/OpenID/BigMath.php
@@ -365,7 +365,6 @@ function Auth_OpenID_detectMathLibrary($exts)
 {
     $loaded = false;
 
-	$hasDl = function_exists('dl');
     foreach ($exts as $extension) {
         if (extension_loaded($extension['extension'])) {
             return $extension;
diff --git a/lib/Auth/OpenID/Consumer.php b/lib/Auth/OpenID/Consumer.php
index 021c038988cc3134536c99f0d5da59520afbc6d3..bffed4d62e8694b0fc40234af6ba0d94997c7c51 100644
--- a/lib/Auth/OpenID/Consumer.php
+++ b/lib/Auth/OpenID/Consumer.php
@@ -957,6 +957,10 @@ class Auth_OpenID_GenericConsumer {
             }
 
             if (!$assoc->checkMessageSignature($message)) {
+                // If we get a "bad signature" here, it means that the association
+                // is unrecoverabley corrupted in some way. Any futher attempts
+                // to login with this association is likely to fail. Drop it.
+                $this->store->removeAssociation($server_url, $assoc_handle);
                 return new Auth_OpenID_FailureResponse(null,
                                                        "Bad signature");
             }
@@ -1181,7 +1185,7 @@ class Auth_OpenID_GenericConsumer {
         // oidutil.log('Performing discovery on %s' % (claimed_id,))
         list($unused, $services) = call_user_func($this->discoverMethod,
                                                   $claimed_id,
-												  &$this->fetcher);
+                                                  &$this->fetcher);
 
         if (!$services) {
             return new Auth_OpenID_FailureResponse(null,
diff --git a/lib/Auth/OpenID/CryptUtil.php b/lib/Auth/OpenID/CryptUtil.php
index a92626777932757074c39550f803f0faf802595a..3c60cea170037da51154ac871e75ce7c8daf2c0f 100644
--- a/lib/Auth/OpenID/CryptUtil.php
+++ b/lib/Auth/OpenID/CryptUtil.php
@@ -104,5 +104,19 @@ class Auth_OpenID_CryptUtil {
 
         return $str;
     }
+
+    static function constEq($s1, $s2)
+    {
+        if (strlen($s1) != strlen($s2)) {
+            return false;
+        }
+
+        $result = true;
+        $length = strlen($s1);
+        for ($i = 0; $i < $length; $i++) {
+            $result &= ($s1[$i] == $s2[$i]);
+        }
+        return $result;
+    }
 }
 
diff --git a/lib/Auth/OpenID/HMAC.php b/lib/Auth/OpenID/HMAC.php
index e9779bd4e0973055926348deae01d1065d5178d4..e6c4bdfd9dc81dfe5b11cd6022358486a134331a 100644
--- a/lib/Auth/OpenID/HMAC.php
+++ b/lib/Auth/OpenID/HMAC.php
@@ -60,6 +60,13 @@ function Auth_OpenID_HMACSHA1($key, $text)
         $key = Auth_OpenID_SHA1($key, true);
     }
 
+    if (function_exists('hash_hmac') &&
+        function_exists('hash_algos') &&
+        (in_array('sha1', hash_algos()))) {
+        return hash_hmac('sha1', $text, $key, true);
+    }
+    // Home-made solution
+
     $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x00));
     $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE);
     $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE);
diff --git a/lib/Auth/OpenID/Parse.php b/lib/Auth/OpenID/Parse.php
index 6c2e7216912439beb287e10f5a1825f43851b419..c81cb0103fae7ca974e57de34d40e12979a025b2 100644
--- a/lib/Auth/OpenID/Parse.php
+++ b/lib/Auth/OpenID/Parse.php
@@ -227,7 +227,7 @@ class Auth_OpenID_Parse {
         if (!mb_ereg_search($regexp)) {
             return false;
         }
-        list($match) = mb_ereg_search_getregs();
+        $match = mb_ereg_search_getregs();
         return true;
     }
 
@@ -269,7 +269,7 @@ class Auth_OpenID_Parse {
 
         // Try to find the <HEAD> tag.
         $head_re = $this->headFind();
-        $head_match = '';
+        $head_match = array();
         if (!$this->match($head_re, $stripped, $head_match)) {
                      ini_set( 'pcre.backtrack_limit', $old_btlimit );
                      return array();
@@ -278,7 +278,7 @@ class Auth_OpenID_Parse {
         $link_data = array();
         $link_matches = array();
 
-        if (!preg_match_all($this->_link_find, $head_match,
+        if (!preg_match_all($this->_link_find, $head_match[0],
                             $link_matches)) {
             ini_set( 'pcre.backtrack_limit', $old_btlimit );
             return array();
diff --git a/lib/Auth/OpenID/Server.php b/lib/Auth/OpenID/Server.php
index cc8ba961c2593eb559c55abbc8ef245add525563..fb7cc39d291fa6d903a8b609228ffe68ef3f2112 100644
--- a/lib/Auth/OpenID/Server.php
+++ b/lib/Auth/OpenID/Server.php
@@ -817,11 +817,11 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
      */
     function returnToVerified()
     {
-    	$fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
+        $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
         return call_user_func_array($this->verifyReturnTo,
                                     array($this->trust_root, $this->return_to, $fetcher));
     }
-    
+
     static function fromMessage($message, $server)
     {
         $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');