author | Michael Krelin <hacker@klever.net> | 2008-02-08 22:16:15 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2008-02-08 22:16:15 (UTC) |
commit | 16667a21c3052c89218d3e56098f0fc29dca2f1a (patch) (unidiff) | |
tree | 7154633a771b96da02cc4c980167b7ad92b6d27e /lib/basic_rp.cc | |
parent | f2ba7be73a62d115f293f5d690efabcafd5fcf4f (diff) | |
download | libopkele-16667a21c3052c89218d3e56098f0fc29dca2f1a.zip libopkele-16667a21c3052c89218d3e56098f0fc29dca2f1a.tar.gz libopkele-16667a21c3052c89218d3e56098f0fc29dca2f1a.tar.bz2 |
minor fixes and making compiler a bit happier
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | lib/basic_rp.cc | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index bd45d99..a0ad130 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc | |||
@@ -1,8 +1,9 @@ | |||
1 | #include <cassert> | ||
1 | #include <openssl/sha.h> | 2 | #include <openssl/sha.h> |
2 | #include <openssl/hmac.h> | 3 | #include <openssl/hmac.h> |
3 | #include <opkele/basic_rp.h> | 4 | #include <opkele/basic_rp.h> |
4 | #include <opkele/exception.h> | 5 | #include <opkele/exception.h> |
5 | #include <opkele/uris.h> | 6 | #include <opkele/uris.h> |
6 | #include <opkele/data.h> | 7 | #include <opkele/data.h> |
7 | #include <opkele/util.h> | 8 | #include <opkele/util.h> |
8 | #include <opkele/curl.h> | 9 | #include <opkele/curl.h> |
@@ -20,17 +21,18 @@ namespace opkele { | |||
20 | util::bignum_t s_pub = util::base64_to_bignum(om.get_field("dh_server_public")); | 21 | util::bignum_t s_pub = util::base64_to_bignum(om.get_field("dh_server_public")); |
21 | vector<unsigned char> ck(DH_size(dh)+1); | 22 | vector<unsigned char> ck(DH_size(dh)+1); |
22 | unsigned char *ckptr = &(ck.front())+1; | 23 | unsigned char *ckptr = &(ck.front())+1; |
23 | int cklen = DH_compute_key(ckptr,s_pub,dh); | 24 | int cklen = DH_compute_key(ckptr,s_pub,dh); |
24 | if(cklen<0) | 25 | if(cklen<0) |
25 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); | 26 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); |
26 | if(cklen && (*ckptr)&0x80) { | 27 | if(cklen && (*ckptr)&0x80) { |
27 | (*(--ckptr))=0; ++cklen; } | 28 | (*(--ckptr))=0; ++cklen; } |
28 | unsigned char key_digest[d_len]; | 29 | assert(d_len<=SHA256_DIGEST_LENGTH); |
30 | unsigned char key_digest[SHA256_DIGEST_LENGTH]; | ||
29 | secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key")); | 31 | secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key")); |
30 | if(secret.size()!=exp_s_len) | 32 | if(secret.size()!=exp_s_len) |
31 | throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type"); | 33 | throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type"); |
32 | }catch(opkele::failed_lookup& ofl) { | 34 | }catch(opkele::failed_lookup& ofl) { |
33 | throw bad_input(OPKELE_CP_ "Incoherent response from OP"); | 35 | throw bad_input(OPKELE_CP_ "Incoherent response from OP"); |
34 | } OPKELE_RETHROW | 36 | } OPKELE_RETHROW |
35 | 37 | ||
36 | static void direct_request(basic_openid_message& oum,const basic_openid_message& inm,const string& OP) { | 38 | static void direct_request(basic_openid_message& oum,const basic_openid_message& inm,const string& OP) { |
@@ -73,26 +75,26 @@ namespace opkele { | |||
73 | secret_t secret; | 75 | secret_t secret; |
74 | int expires_in; | 76 | int expires_in; |
75 | try { | 77 | try { |
76 | direct_request(res,req,OP); | 78 | direct_request(res,req,OP); |
77 | dh_get_secret( secret, res, | 79 | dh_get_secret( secret, res, |
78 | "HMAC-SHA256", "DH-SHA256", | 80 | "HMAC-SHA256", "DH-SHA256", |
79 | dh, SHA256_DIGEST_LENGTH, SHA256, SHA256_DIGEST_LENGTH ); | 81 | dh, SHA256_DIGEST_LENGTH, SHA256, SHA256_DIGEST_LENGTH ); |
80 | expires_in = util::string_to_long(res.get_field("expires_in")); | 82 | expires_in = util::string_to_long(res.get_field("expires_in")); |
81 | }catch(exception& e) { | 83 | }catch(exception&) { |
82 | try { | 84 | try { |
83 | req.set_field("assoc_type","HMAC-SHA1"); | 85 | req.set_field("assoc_type","HMAC-SHA1"); |
84 | req.set_field("session_type","DH-SHA1"); | 86 | req.set_field("session_type","DH-SHA1"); |
85 | direct_request(res,req,OP); | 87 | direct_request(res,req,OP); |
86 | dh_get_secret( secret, res, | 88 | dh_get_secret( secret, res, |
87 | "HMAC-SHA1", "DH-SHA1", | 89 | "HMAC-SHA1", "DH-SHA1", |
88 | dh, SHA_DIGEST_LENGTH, SHA1, SHA_DIGEST_LENGTH ); | 90 | dh, SHA_DIGEST_LENGTH, SHA1, SHA_DIGEST_LENGTH ); |
89 | expires_in = util::string_to_long(res.get_field("expires_in")); | 91 | expires_in = util::string_to_long(res.get_field("expires_in")); |
90 | }catch(bad_input& e) { | 92 | }catch(bad_input&) { |
91 | throw dumb_RP(OPKELE_CP_ "OP failed to supply an association"); | 93 | throw dumb_RP(OPKELE_CP_ "OP failed to supply an association"); |
92 | } | 94 | } |
93 | } | 95 | } |
94 | return store_assoc( | 96 | return store_assoc( |
95 | OP, res.get_field("assoc_handle"), | 97 | OP, res.get_field("assoc_handle"), |
96 | res.get_field("assoc_type"), secret, | 98 | res.get_field("assoc_type"), secret, |
97 | expires_in ); | 99 | expires_in ); |
98 | } | 100 | } |
@@ -229,17 +231,17 @@ namespace opkele { | |||
229 | } | 231 | } |
230 | signed_part_message_proxy signeds(om); | 232 | signed_part_message_proxy signeds(om); |
231 | if(o2) { | 233 | if(o2) { |
232 | check_nonce(om.get_field("op_endpoint"), | 234 | check_nonce(om.get_field("op_endpoint"), |
233 | om.get_field("response_nonce")); | 235 | om.get_field("response_nonce")); |
234 | static const char *mustsign[] = { | 236 | static const char *mustsign[] = { |
235 | "op_endpoint", "return_to", "response_nonce", "assoc_handle", | 237 | "op_endpoint", "return_to", "response_nonce", "assoc_handle", |
236 | "claimed_id", "identity" }; | 238 | "claimed_id", "identity" }; |
237 | for(int ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) { | 239 | for(size_t ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) { |
238 | if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms])) | 240 | if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms])) |
239 | throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs"); | 241 | throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs"); |
240 | } | 242 | } |
241 | if( ( | 243 | if( ( |
242 | (om.has_field("claimed_id")?1:0) | 244 | (om.has_field("claimed_id")?1:0) |
243 | ^ | 245 | ^ |
244 | (om.has_field("identity")?1:0) | 246 | (om.has_field("identity")?1:0) |
245 | )&1 ) | 247 | )&1 ) |