diff -r dac347701b4f Lib/hmac.py
--- a/Lib/hmac.py	Sat Jun 02 18:22:31 2012 +0200
+++ b/Lib/hmac.py	Sat Jun 02 13:51:18 2012 -0400
@@ -16,20 +16,17 @@
 def secure_compare(a, b):
     """Returns the equivalent of 'a == b', but using a time-independent
     comparison method to prevent timing attacks."""
-    if not ((isinstance(a, str) and isinstance(b, str)) or
-            (isinstance(a, bytes) and isinstance(b, bytes))):
+    if isinstance(a, str) and isinstance(b, str):
+        a, b = a.encode('unicode-internal'), b.encode('unicode-internal')
+    if not (isinstance(a, bytes) and isinstance(b, bytes)):
         raise TypeError("inputs must be strings or bytes")
 
     if len(a) != len(b):
         return False
 
     result = 0
-    if isinstance(a, bytes):
-        for x, y in zip(a, b):
-            result |= x ^ y
-    else:
-        for x, y in zip(a, b):
-            result |= ord(x) ^ ord(y)
+    for x, y in zip(a, b):
+        result |= x ^ y
 
     return result == 0