-rw-r--r-- | lib/server.cc | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/server.cc b/lib/server.cc index e81d4b6..8db97be 100644 --- a/lib/server.cc +++ b/lib/server.cc | |||
@@ -34,14 +34,15 @@ namespace opkele { | |||
34 | dh->g = util::dec_to_bignum(data::_default_g); | 34 | dh->g = util::dec_to_bignum(data::_default_g); |
35 | if(!DH_generate_key(dh)) | 35 | if(!DH_generate_key(dh)) |
36 | throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); | 36 | throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); |
37 | vector<unsigned char> ck(DH_size(dh)); | 37 | vector<unsigned char> ck(DH_size(dh)+1); |
38 | unsigned char *ckptr = &(ck.front())+1; | ||
38 | int cklen = DH_compute_key(&(ck.front()),c_pub,dh); | 39 | int cklen = DH_compute_key(&(ck.front()),c_pub,dh); |
39 | if(cklen<0) | 40 | if(cklen<0) |
40 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); | 41 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); |
41 | ck.resize(cklen); | 42 | if(cklen && (*ckptr)&0x80) { |
42 | // OpenID algorithm requires extra zero in case of set bit here | 43 | (*(--ckptr)) = 0; ++cklen; |
43 | if(ck[0]&0x80) ck.insert(ck.begin(),1,0); | 44 | } |
44 | SHA1(&(ck.front()),ck.size(),key_sha1); | 45 | SHA1(ckptr,cklen,key_sha1); |
45 | st = sess_dh_sha1; | 46 | st = sess_dh_sha1; |
46 | } | 47 | } |
47 | assoc_t assoc = alloc_assoc(mode_associate); | 48 | assoc_t assoc = alloc_assoc(mode_associate); |