summaryrefslogtreecommitdiffabout
Unidiff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--lib/consumer.cc13
-rw-r--r--lib/server.cc11
-rw-r--r--lib/util.cc10
3 files changed, 20 insertions, 14 deletions
diff --git a/lib/consumer.cc b/lib/consumer.cc
index 12866f0..282f0cc 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -100,13 +100,14 @@ namespace opkele {
100 }else{ 100 }else{
101 util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public")); 101 util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public"));
102 vector<unsigned char> ck(DH_size(dh)); 102 vector<unsigned char> ck(DH_size(dh)+1);
103 int cklen = DH_compute_key(&(ck.front()),s_pub,dh); 103 unsigned char *ckptr = &(ck.front())+1;
104 int cklen = DH_compute_key(ckptr,s_pub,dh);
104 if(cklen<0) 105 if(cklen<0)
105 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); 106 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
106 ck.resize(cklen); 107 if(cklen && (*ckptr)&0x80) {
107 // OpenID algorithm requires extra zero in case of set bit here 108 (*(--ckptr)) = 0; ++cklen;
108 if(ck[0]&0x80) ck.insert(ck.begin(),1,0); 109 }
109 unsigned char key_sha1[SHA_DIGEST_LENGTH]; 110 unsigned char key_sha1[SHA_DIGEST_LENGTH];
110 SHA1(&(ck.front()),ck.size(),key_sha1); 111 SHA1(ckptr,cklen,key_sha1);
111 secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key")); 112 secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key"));
112 } 113 }
diff --git a/lib/server.cc b/lib/server.cc
index e81d4b6..8db97be 100644
--- a/lib/server.cc
+++ b/lib/server.cc
@@ -35,12 +35,13 @@ namespace opkele {
35 if(!DH_generate_key(dh)) 35 if(!DH_generate_key(dh))
36 throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); 36 throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
37 vector<unsigned char> ck(DH_size(dh)); 37 vector<unsigned char> ck(DH_size(dh)+1);
38 unsigned char *ckptr = &(ck.front())+1;
38 int cklen = DH_compute_key(&(ck.front()),c_pub,dh); 39 int cklen = DH_compute_key(&(ck.front()),c_pub,dh);
39 if(cklen<0) 40 if(cklen<0)
40 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); 41 throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
41 ck.resize(cklen); 42 if(cklen && (*ckptr)&0x80) {
42 // OpenID algorithm requires extra zero in case of set bit here 43 (*(--ckptr)) = 0; ++cklen;
43 if(ck[0]&0x80) ck.insert(ck.begin(),1,0); 44 }
44 SHA1(&(ck.front()),ck.size(),key_sha1); 45 SHA1(ckptr,cklen,key_sha1);
45 st = sess_dh_sha1; 46 st = sess_dh_sha1;
46 } 47 }
diff --git a/lib/util.cc b/lib/util.cc
index d9abca7..94f6f53 100644
--- a/lib/util.cc
+++ b/lib/util.cc
@@ -87,7 +87,11 @@ namespace opkele {
87 87
88 string bignum_to_base64(const BIGNUM *bn) { 88 string bignum_to_base64(const BIGNUM *bn) {
89 vector<unsigned char> bin(BN_num_bytes(bn)); 89 vector<unsigned char> bin(BN_num_bytes(bn)+1);
90 int l = BN_bn2bin(bn,&(bin.front())); 90 unsigned char *binptr = &(bin.front())+1;
91 return encode_base64(&(bin.front()),l); 91 int l = BN_bn2bin(bn,binptr);
92 if(l && (*binptr)&0x80){
93 (*(--binptr)) = 0; ++l;
94 }
95 return encode_base64(binptr,l);
92 } 96 }
93 97