summaryrefslogtreecommitdiffabout
path: root/lib/server.cc
Side-by-side diff
Diffstat (limited to 'lib/server.cc') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/server.cc11
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/server.cc b/lib/server.cc
index e81d4b6..8db97be 100644
--- a/lib/server.cc
+++ b/lib/server.cc
@@ -25,32 +25,33 @@ namespace opkele {
throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
c_pub = util::base64_to_bignum(pin.get_param("openid.dh_consumer_public"));
if(pin.has_param("openid.dh_modulus"))
dh->p = util::base64_to_bignum(pin.get_param("openid.dh_modulus"));
else
dh->p = util::dec_to_bignum(data::_default_p);
if(pin.has_param("openid.dh_gen"))
dh->g = util::base64_to_bignum(pin.get_param("openid.dh_gen"));
else
dh->g = util::dec_to_bignum(data::_default_g);
if(!DH_generate_key(dh))
throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
- vector<unsigned char> ck(DH_size(dh));
+ vector<unsigned char> ck(DH_size(dh)+1);
+ unsigned char *ckptr = &(ck.front())+1;
int cklen = DH_compute_key(&(ck.front()),c_pub,dh);
if(cklen<0)
throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
- ck.resize(cklen);
- // OpenID algorithm requires extra zero in case of set bit here
- if(ck[0]&0x80) ck.insert(ck.begin(),1,0);
- SHA1(&(ck.front()),ck.size(),key_sha1);
+ if(cklen && (*ckptr)&0x80) {
+ (*(--ckptr)) = 0; ++cklen;
+ }
+ SHA1(ckptr,cklen,key_sha1);
st = sess_dh_sha1;
}
assoc_t assoc = alloc_assoc(mode_associate);
time_t now = time(0);
pout.clear();
pout["assoc_type"] = assoc->assoc_type();
pout["assoc_handle"] = assoc->handle();
/* TODO: eventually remove deprecated stuff */
pout["issued"] = util::time_to_w3c(now);
pout["expiry"] = util::time_to_w3c(now+assoc->expires_in());
pout["expires_in"] = util::long_to_string(assoc->expires_in());
secret_t secret = assoc->secret();