| -rw-r--r-- | lib/basic_rp.cc | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index bd45d99..a0ad130 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc | |||
| @@ -1,3 +1,4 @@ | |||
| 1 | #include <cassert> | ||
| 1 | #include <openssl/sha.h> | 2 | #include <openssl/sha.h> |
| 2 | #include <openssl/hmac.h> | 3 | #include <openssl/hmac.h> |
| 3 | #include <opkele/basic_rp.h> | 4 | #include <opkele/basic_rp.h> |
| @@ -25,7 +26,8 @@ namespace opkele { | |||
| 25 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); | 26 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); |
| 26 | if(cklen && (*ckptr)&0x80) { | 27 | if(cklen && (*ckptr)&0x80) { |
| 27 | (*(--ckptr))=0; ++cklen; } | 28 | (*(--ckptr))=0; ++cklen; } |
| 28 | unsigned char key_digest[d_len]; | 29 | assert(d_len<=SHA256_DIGEST_LENGTH); |
| 30 | unsigned char key_digest[SHA256_DIGEST_LENGTH]; | ||
| 29 | secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key")); | 31 | secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key")); |
| 30 | if(secret.size()!=exp_s_len) | 32 | if(secret.size()!=exp_s_len) |
| 31 | throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type"); | 33 | throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type"); |
| @@ -78,7 +80,7 @@ namespace opkele { | |||
| 78 | "HMAC-SHA256", "DH-SHA256", | 80 | "HMAC-SHA256", "DH-SHA256", |
| 79 | dh, SHA256_DIGEST_LENGTH, SHA256, SHA256_DIGEST_LENGTH ); | 81 | dh, SHA256_DIGEST_LENGTH, SHA256, SHA256_DIGEST_LENGTH ); |
| 80 | expires_in = util::string_to_long(res.get_field("expires_in")); | 82 | expires_in = util::string_to_long(res.get_field("expires_in")); |
| 81 | }catch(exception& e) { | 83 | }catch(exception&) { |
| 82 | try { | 84 | try { |
| 83 | req.set_field("assoc_type","HMAC-SHA1"); | 85 | req.set_field("assoc_type","HMAC-SHA1"); |
| 84 | req.set_field("session_type","DH-SHA1"); | 86 | req.set_field("session_type","DH-SHA1"); |
| @@ -87,7 +89,7 @@ namespace opkele { | |||
| 87 | "HMAC-SHA1", "DH-SHA1", | 89 | "HMAC-SHA1", "DH-SHA1", |
| 88 | dh, SHA_DIGEST_LENGTH, SHA1, SHA_DIGEST_LENGTH ); | 90 | dh, SHA_DIGEST_LENGTH, SHA1, SHA_DIGEST_LENGTH ); |
| 89 | expires_in = util::string_to_long(res.get_field("expires_in")); | 91 | expires_in = util::string_to_long(res.get_field("expires_in")); |
| 90 | }catch(bad_input& e) { | 92 | }catch(bad_input&) { |
| 91 | throw dumb_RP(OPKELE_CP_ "OP failed to supply an association"); | 93 | throw dumb_RP(OPKELE_CP_ "OP failed to supply an association"); |
| 92 | } | 94 | } |
| 93 | } | 95 | } |
| @@ -234,7 +236,7 @@ namespace opkele { | |||
| 234 | static const char *mustsign[] = { | 236 | static const char *mustsign[] = { |
| 235 | "op_endpoint", "return_to", "response_nonce", "assoc_handle", | 237 | "op_endpoint", "return_to", "response_nonce", "assoc_handle", |
| 236 | "claimed_id", "identity" }; | 238 | "claimed_id", "identity" }; |
| 237 | for(int ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) { | 239 | for(size_t ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) { |
| 238 | if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms])) | 240 | if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms])) |
| 239 | throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs"); | 241 | throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs"); |
| 240 | } | 242 | } |