summaryrefslogtreecommitdiffabout
authorMichael Krelin <hacker@klever.net>2008-02-09 22:59:55 (UTC)
committer Michael Krelin <hacker@klever.net>2008-02-09 22:59:55 (UTC)
commitb5a9adac9dfe84ccf509197d24b9e04ecd3ca1d3 (patch) (side-by-side diff)
treee73d26cc9b175c7b989438674b9fba3d1eacd966
parent16667a21c3052c89218d3e56098f0fc29dca2f1a (diff)
downloadlibopkele-b5a9adac9dfe84ccf509197d24b9e04ecd3ca1d3.zip
libopkele-b5a9adac9dfe84ccf509197d24b9e04ecd3ca1d3.tar.gz
libopkele-b5a9adac9dfe84ccf509197d24b9e04ecd3ca1d3.tar.bz2
OP fixes
* allocate stateful handles when processing associate request * use the expiration from allocated handle, not empty shared_ptr Signed-off-by: Michael Krelin <hacker@klever.net>
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--lib/basic_op.cc6
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc
index 2d82147..c247493 100644
--- a/lib/basic_op.cc
+++ b/lib/basic_op.cc
@@ -84,42 +84,42 @@ namespace opkele {
unsigned char *ckptr = &(ck.front())+1;
int cklen = DH_compute_key(ckptr,c_pub,dh);
if(cklen<0)
throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
if(cklen && (*ckptr)&0x80) {
(*(--ckptr)) = 0; ++cklen; }
if(sts=="DH-SHA1") {
SHA1(ckptr,cklen,key_digest); d_len = SHA_DIGEST_LENGTH;
}else if(sts=="DH-SHA256") {
SHA256(ckptr,cklen,key_digest); d_len = SHA256_DIGEST_LENGTH;
}else
throw internal_error(OPKELE_CP_ "I thought I knew the session type");
}else
throw unsupported(OPKELE_CP_ "Unsupported session_type");
assoc_t a;
if(ats=="HMAC-SHA1")
- a = alloc_assoc(ats,SHA_DIGEST_LENGTH,true);
+ a = alloc_assoc(ats,SHA_DIGEST_LENGTH,false);
else if(ats=="HMAC-SHA256")
- a = alloc_assoc(ats,SHA256_DIGEST_LENGTH,true);
+ a = alloc_assoc(ats,SHA256_DIGEST_LENGTH,false);
else
throw unsupported(OPKELE_CP_ "Unsupported assoc_type");
oum.reset_fields();
oum.set_field("ns",OIURI_OPENID20);
oum.set_field("assoc_type",a->assoc_type());
oum.set_field("assoc_handle",a->handle());
- oum.set_field("expires_in",util::long_to_string(assoc->expires_in()));
+ oum.set_field("expires_in",util::long_to_string(a->expires_in()));
secret_t secret = a->secret();
if(sts=="DH-SHA1" || sts=="DH-SHA256") {
if(d_len != secret.size())
throw bad_input(OPKELE_CP_ "Association secret and session MAC are not of the same size");
oum.set_field("session_type",sts);
oum.set_field("dh_server_public",util::bignum_to_base64(dh->pub_key));
string b64; secret.enxor_to_base64(key_digest,b64);
oum.set_field("enc_mac_key",b64);
}else /* TODO: support cleartext over encrypted connection */
throw unsupported(OPKELE_CP_ "Unsupported session type");
return oum;
} catch(unsupported& u) {
oum.reset_fields();
oum.set_field("ns",OIURI_OPENID20);
oum.set_field("error",u.what());
oum.set_field("error_code","unsupported-type");