use local array for hmac when calculating signature

Signed-off-by: Michael Krelin <hacker@klever.net>
author: Michael Krelin <hacker@klever.net> 2008-02-19 10:51:12 (UTC)
committer: Michael Krelin <hacker@klever.net> 2008-02-19 10:51:12 (UTC)
commit: a3db32747e8370cab8cfdcc382fee875613b7b77 (patch) (unidiff)
tree: 2d11728a195a85907f06c3f920e405f1d1c769cd
parent: c18b77c610d0f963a274420a6558629d198818ee (diff)
download: libopkele-a3db32747e8370cab8cfdcc382fee875613b7b77.zip
libopkele-a3db32747e8370cab8cfdcc382fee875613b7b77.tar.gz
libopkele-a3db32747e8370cab8cfdcc382fee875613b7b77.tar.bz2
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/util.cc b/lib/util.cc
index b85a377..bb8a2e8 100644
--- a/lib/util.cc
+++ b/lib/util.cc
@@ -1,62 +1,64 @@
 #include <errno.h>
 #include <cassert>
 #include <cctype>
 #include <cstring>
 #include <vector>
 #include <string>
 #include <stack>
 #include <algorithm>
 #include <openssl/bio.h>
 #include <openssl/evp.h>
+#include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <curl/curl.h>
-#include "opkele/util.h"
+#include <opkele/util.h>
-#include "opkele/exception.h"
+#include <opkele/exception.h>
+#include <opkele/debug.h>
 #include <config.h>
 #ifdef HAVE_DEMANGLE
 # include <cxxabi.h>
 #endif
 namespace opkele {
    using namespace std;
    namespace util {
        /*
         * base64
         */
        string encode_base64(const void *data,size_t length) {
            BIO *b64 = 0, *bmem = 0;
            try {
                b64 = BIO_new(BIO_f_base64());
                if(!b64)
                    throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder");
                BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
                bmem = BIO_new(BIO_s_mem());
                BIO_set_flags(b64,BIO_CLOSE);
                if(!bmem)
                    throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer");
                BIO_push(b64,bmem);
                if(((size_t)BIO_write(b64,data,length))!=length)
                    throw exception_openssl(OPKELE_CP_ "failed to BIO_write()");
                if(BIO_flush(b64)!=1)
                    throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()");
                char *rvd;
                long rvl = BIO_get_mem_data(bmem,&rvd);
                string rv(rvd,rvl);
                BIO_free_all(b64);
                return rv;
            }catch(...) {
                if(b64) BIO_free_all(b64);
                throw;
            }
        }
        void decode_base64(const string& data,vector<unsigned char>& rv) {
            BIO *b64 = 0, *bmem = 0;
            rv.clear();
            try {
                bmem = BIO_new_mem_buf((void*)data.data(),data.size());
                if(!bmem)
                    throw exception_openssl(OPKELE_CP_ "failed to BIO_new_mem_buf()");
@@ -375,58 +377,59 @@ namespace opkele {
            pair<const char*,const char*> mp = mismatch(
                    nrealm.c_str()+pr,nrealm.c_str()+lr,
                    nu.c_str()+pu);
            if( (*(mp.first-1))!='/'
                    && !strchr("/?#",*mp.second) )
                return false;
            return true;
        }
        string abi_demangle(const char *mn) {
 #ifndef HAVE_DEMANGLE
            return mn;
 #else /* !HAVE_DEMANGLE */
            int dstat;
            char *demangled = abi::__cxa_demangle(mn,0,0,&dstat);
            if(dstat)
                return mn;
            string rv = demangled;
            free(demangled);
            return rv;
 #endif /* !HAVE_DEMANGLE */
        }
        string base64_signature(const assoc_t& assoc,const basic_openid_message& om) {
            const string& slist = om.get_field("signed");
            string kv;
            string::size_type p=0;
            while(true) {
                string::size_type co = slist.find(',',p);
                string f = (co==string::npos)
                    ?slist.substr(p):slist.substr(p,co-p);
                kv += f;
                kv += ':';
                kv += om.get_field(f);
                kv += '\n';
                if(co==string::npos) break;
                p = co+1;
            }
            const secret_t& secret = assoc->secret();
            const EVP_MD *evpmd;
            const string& at = assoc->assoc_type();
            if(at=="HMAC-SHA256")
                evpmd = EVP_sha256();
            else if(at=="HMAC-SHA1")
                evpmd = EVP_sha1();
            else
                throw unsupported(OPKELE_CP_ "unknown association type");
            unsigned int md_len = 0;
-            unsigned char *md = HMAC(evpmd,
+            unsigned char md[SHA256_DIGEST_LENGTH];
+            HMAC(evpmd,
                    &(secret.front()),secret.size(),
                    (const unsigned char*)kv.data(),kv.length(),
-                    0,&md_len);
+                    md,&md_len);
            return encode_base64(md,md_len);
        }
    }
 }
author	Michael Krelin <hacker@klever.net>	2008-02-19 10:51:12 (UTC)
committer	Michael Krelin <hacker@klever.net>	2008-02-19 10:51:12 (UTC)
commit	a3db32747e8370cab8cfdcc382fee875613b7b77 (patch) (unidiff)
tree	2d11728a195a85907f06c3f920e405f1d1c769cd
parent	c18b77c610d0f963a274420a6558629d198818ee (diff)
download	libopkele-a3db32747e8370cab8cfdcc382fee875613b7b77.zip libopkele-a3db32747e8370cab8cfdcc382fee875613b7b77.tar.gz libopkele-a3db32747e8370cab8cfdcc382fee875613b7b77.tar.bz2