| -rw-r--r-- | lib/basic_op.cc | 1 | ||||
| -rw-r--r-- | lib/basic_rp.cc | 1 | ||||
| -rw-r--r-- | lib/consumer.cc | 1 | ||||
| -rw-r--r-- | lib/server.cc | 1 |
4 files changed, 4 insertions, 0 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc index c247493..fa659ac 100644 --- a/lib/basic_op.cc +++ b/lib/basic_op.cc @@ -1,32 +1,33 @@ #include <time.h> #include <cassert> #include <openssl/sha.h> #include <openssl/hmac.h> #include <opkele/data.h> #include <opkele/basic_op.h> #include <opkele/exception.h> #include <opkele/util.h> +#include <opkele/util-internal.h> #include <opkele/uris.h> namespace opkele { void basic_OP::reset_vars() { assoc.reset(); return_to.clear(); realm.clear(); claimed_id.clear(); identity.clear(); invalidate_handle.clear(); } bool basic_OP::has_return_to() const { return !return_to.empty(); } const string& basic_OP::get_return_to() const { if(return_to.empty()) throw no_return_to(OPKELE_CP_ "No return_to URL provided with request"); return return_to; } const string& basic_OP::get_realm() const { assert(!realm.empty()); return realm; } diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index a0ad130..e65d9fb 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc @@ -1,32 +1,33 @@ #include <cassert> #include <openssl/sha.h> #include <openssl/hmac.h> #include <opkele/basic_rp.h> #include <opkele/exception.h> #include <opkele/uris.h> #include <opkele/data.h> #include <opkele/util.h> +#include <opkele/util-internal.h> #include <opkele/curl.h> namespace opkele { static void dh_get_secret( secret_t& secret, const basic_openid_message& om, const char *exp_assoc, const char *exp_sess, util::dh_t& dh, size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*), size_t exp_s_len) try { if(om.get_field("assoc_type")!=exp_assoc || om.get_field("session_type")!=exp_sess) throw bad_input(OPKELE_CP_ "Unexpected associate response"); util::bignum_t s_pub = util::base64_to_bignum(om.get_field("dh_server_public")); vector<unsigned char> ck(DH_size(dh)+1); unsigned char *ckptr = &(ck.front())+1; int cklen = DH_compute_key(ckptr,s_pub,dh); if(cklen<0) throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); if(cklen && (*ckptr)&0x80) { (*(--ckptr))=0; ++cklen; } assert(d_len<=SHA256_DIGEST_LENGTH); unsigned char key_digest[SHA256_DIGEST_LENGTH]; secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key")); if(secret.size()!=exp_s_len) diff --git a/lib/consumer.cc b/lib/consumer.cc index ebda262..801496e 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc @@ -1,28 +1,29 @@ #include <algorithm> #include <cassert> #include <cstring> #include <opkele/util.h> +#include <opkele/util-internal.h> #include <opkele/curl.h> #include <opkele/exception.h> #include <opkele/data.h> #include <opkele/consumer.h> #include <openssl/sha.h> #include <openssl/hmac.h> #include <iostream> #include "config.h" #include <pcre.h> namespace opkele { using namespace std; using util::curl_t; using util::curl_pick_t; class pcre_matches_t { public: int *_ov; int _s; pcre_matches_t() : _ov(0), _s(0) { } pcre_matches_t(int s) : _ov(0), _s(s) { diff --git a/lib/server.cc b/lib/server.cc index 776f1ae..0dea1eb 100644 --- a/lib/server.cc +++ b/lib/server.cc @@ -1,29 +1,30 @@ #include <cstring> #include <vector> #include <openssl/sha.h> #include <openssl/hmac.h> #include <opkele/util.h> +#include <opkele/util-internal.h> #include <opkele/exception.h> #include <opkele/server.h> #include <opkele/data.h> namespace opkele { using namespace std; void server_t::associate(const params_t& pin,params_t& pout) { util::dh_t dh; util::bignum_t c_pub; unsigned char key_sha1[SHA_DIGEST_LENGTH]; enum { sess_cleartext, sess_dh_sha1 } st = sess_cleartext; if( pin.has_param("openid.session_type") && pin.get_param("openid.session_type")=="DH-SHA1" ) { /* TODO: fallback to cleartext in case of exceptions here? */ if(!(dh = DH_new())) throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); c_pub = util::base64_to_bignum(pin.get_param("openid.dh_consumer_public")); if(pin.has_param("openid.dh_modulus")) dh->p = util::base64_to_bignum(pin.get_param("openid.dh_modulus")); |