| -rw-r--r-- | lib/server.cc | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/server.cc b/lib/server.cc index e81d4b6..8db97be 100644 --- a/lib/server.cc +++ b/lib/server.cc @@ -25,32 +25,33 @@ namespace opkele { throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); c_pub = util::base64_to_bignum(pin.get_param("openid.dh_consumer_public")); if(pin.has_param("openid.dh_modulus")) dh->p = util::base64_to_bignum(pin.get_param("openid.dh_modulus")); else dh->p = util::dec_to_bignum(data::_default_p); if(pin.has_param("openid.dh_gen")) dh->g = util::base64_to_bignum(pin.get_param("openid.dh_gen")); else dh->g = util::dec_to_bignum(data::_default_g); if(!DH_generate_key(dh)) throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); - vector<unsigned char> ck(DH_size(dh)); + vector<unsigned char> ck(DH_size(dh)+1); + unsigned char *ckptr = &(ck.front())+1; int cklen = DH_compute_key(&(ck.front()),c_pub,dh); if(cklen<0) throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); - ck.resize(cklen); - // OpenID algorithm requires extra zero in case of set bit here - if(ck[0]&0x80) ck.insert(ck.begin(),1,0); - SHA1(&(ck.front()),ck.size(),key_sha1); + if(cklen && (*ckptr)&0x80) { + (*(--ckptr)) = 0; ++cklen; + } + SHA1(ckptr,cklen,key_sha1); st = sess_dh_sha1; } assoc_t assoc = alloc_assoc(mode_associate); time_t now = time(0); pout.clear(); pout["assoc_type"] = assoc->assoc_type(); pout["assoc_handle"] = assoc->handle(); /* TODO: eventually remove deprecated stuff */ pout["issued"] = util::time_to_w3c(now); pout["expiry"] = util::time_to_w3c(now+assoc->expires_in()); pout["expires_in"] = util::long_to_string(assoc->expires_in()); secret_t secret = assoc->secret(); |