3 files changed, 3 insertions, 0 deletions

diff --git a/lib/consumer.cc b/lib/consumer.cc
index f9212ea..d578546 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,98 +1,99 @@
 #include <algorithm>
 #include <cassert>
+#include <cstring>
 #include <opkele/util.h>
 #include <opkele/exception.h>
 #include <opkele/data.h>
 #include <opkele/consumer.h>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <curl/curl.h>
 
 #include <iostream>
 
 #include "config.h"
 
 #include <pcre.h>
 
 namespace opkele {
     using namespace std;
 
     class pcre_matches_t {
 	public:
 	    int *_ov;
 	    int _s;
 
 	    pcre_matches_t() : _ov(0), _s(0) { }
 	    pcre_matches_t(int s) : _ov(0), _s(s) {
 		if(_s&1) ++_s;
 		_s += _s>>1;
 		_ov = new int[_s];
 	    }
 	    ~pcre_matches_t() throw() { if(_ov) delete[] _ov; }
 
 	    int begin(int i) const { return _ov[i<<1]; }
 	    int end(int i) const { return _ov[(i<<1)+1]; }
 	    int length(int i) const { int t=i<<1; return _ov[t+1]-_ov[t]; }
     };
 
     class pcre_t {
 	public:
 	    pcre *_p;
 
 	    pcre_t() : _p(0) { }
 	    pcre_t(pcre *p) : _p(p) { }
 	    pcre_t(const char *re,int opts) : _p(0) {
 		static const char *errptr; static int erroffset;
 		_p = pcre_compile(re,opts,&errptr,&erroffset,NULL);
 		if(!_p)
 		    throw internal_error(OPKELE_CP_ string("Failed to compile regexp: ")+errptr);
 	    }
 	    ~pcre_t() throw() { if(_p) (*pcre_free)(_p); }
 
 	    pcre_t& operator=(pcre *p) { if(_p) (*pcre_free)(_p); _p=p; return *this; }
 
 	    operator const pcre*(void) const { return _p; }
 	    operator pcre*(void) { return _p; }
 
 	    int exec(const string& s,pcre_matches_t& m) {
 		if(!_p)
 		    throw internal_error(OPKELE_CP_ "Trying to execute absent regexp");
 		return pcre_exec(_p,NULL,s.c_str(),s.length(),0,0,m._ov,m._s);
 	    }
     };
 
     class curl_t {
 	public:
 	    CURL *_c;
 
 	    curl_t() : _c(0) { }
 	    curl_t(CURL *c) : _c(c) { }
 	    ~curl_t() throw() { if(_c) curl_easy_cleanup(_c); }
 
 	    curl_t& operator=(CURL *c) { if(_c) curl_easy_cleanup(_c); _c=c; return *this; }
 
 	    operator const CURL*(void) const { return _c; }
 	    operator CURL*(void) { return _c; }
     };
 
     static CURLcode curl_misc_sets(CURL* c) {
 	CURLcode r;
 	(r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1))
 	|| (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5))
 	|| (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120))
 	|| (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1))
 	|| (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_SRC_VERSION))
 	|| (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20))
 #ifdef	DISABLE_CURL_SSL_VERIFYHOST
 	|| (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0))
 #endif
 #ifdef	DISABLE_CURL_SSL_VERIFYPEER
 	|| (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0))
 #endif
 	;
 	return r;
     }
 
     static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) {
 	string *str = (string*)stream;
 	size_t bytes = size*nmemb;
diff --git a/lib/server.cc b/lib/server.cc
index b1c5c3a..aa61035 100644
--- a/lib/server.cc
+++ b/lib/server.cc
@@ -1,96 +1,97 @@
+#include <cstring>
 #include <vector>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <opkele/util.h>
 #include <opkele/exception.h>
 #include <opkele/server.h>
 #include <opkele/data.h>
 
 namespace opkele {
     using namespace std;
 
     void server_t::associate(const params_t& pin,params_t& pout) {
 	util::dh_t dh;
 	util::bignum_t c_pub;
 	unsigned char key_sha1[SHA_DIGEST_LENGTH];
 	enum {
 	    sess_cleartext,
 	    sess_dh_sha1
 	} st = sess_cleartext;
 	if(
 		pin.has_param("openid.session_type")
 		&& pin.get_param("openid.session_type")=="DH-SHA1" ) {
 	    /* TODO: fallback to cleartext in case of exceptions here? */
 	    if(!(dh = DH_new()))
 		throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
 	    c_pub = util::base64_to_bignum(pin.get_param("openid.dh_consumer_public"));
 	    if(pin.has_param("openid.dh_modulus"))
 		dh->p = util::base64_to_bignum(pin.get_param("openid.dh_modulus"));
 	    else
 		dh->p = util::dec_to_bignum(data::_default_p);
 	    if(pin.has_param("openid.dh_gen"))
 		dh->g = util::base64_to_bignum(pin.get_param("openid.dh_gen"));
 	    else
 		dh->g = util::dec_to_bignum(data::_default_g);
 	    if(!DH_generate_key(dh))
 		throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
 	    vector<unsigned char> ck(DH_size(dh)+1);
 	    unsigned char *ckptr = &(ck.front())+1;
 	    int cklen = DH_compute_key(ckptr,c_pub,dh);
 	    if(cklen<0)
 		throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
 	    if(cklen && (*ckptr)&0x80) {
 		(*(--ckptr)) = 0; ++cklen;
 	    }
 	    SHA1(ckptr,cklen,key_sha1);
 	    st = sess_dh_sha1;
 	}
 	assoc_t assoc = alloc_assoc(mode_associate);
 	time_t now = time(0);
 	pout.clear();
 	pout["assoc_type"] = assoc->assoc_type();
 	pout["assoc_handle"] = assoc->handle();
 	/* TODO: eventually remove deprecated stuff */
 	pout["issued"] = util::time_to_w3c(now);
 	pout["expiry"] = util::time_to_w3c(now+assoc->expires_in());
 	pout["expires_in"] = util::long_to_string(assoc->expires_in());
 	secret_t secret = assoc->secret();
 	switch(st) {
 	    case sess_dh_sha1:
 		pout["session_type"] = "DH-SHA1";
 		pout["dh_server_public"] = util::bignum_to_base64(dh->pub_key);
 		secret.enxor_to_base64(key_sha1,pout["enc_mac_key"]);
 		break;
 	    default:
 		secret.to_base64(pout["mac_key"]);
 		break;
 	}
     }
 
     void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
 	checkid_(mode_checkid_immediate,pin,return_to,pout,ext);
     }
 
     void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
 	checkid_(mode_checkid_setup,pin,return_to,pout,ext);
     }
 
     void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext) {
 	if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup)
 	    throw bad_input(OPKELE_CP_ "invalid checkid_* mode");
 	pout.clear();
 	assoc_t assoc;
 	try {
 	    assoc = retrieve_assoc(pin.get_param("openid.assoc_handle"));
 	}catch(failed_lookup& fl) {
 	    // no handle specified or no valid handle found, going dumb
 	    assoc = alloc_assoc(mode_checkid_setup);
 	    if(pin.has_param("openid.assoc_handle"))
 		pout["invalidate_handle"]=pin.get_param("openid.assoc_handle");
 	}
 	string trust_root;
 	try {
 	    trust_root = pin.get_param("openid.trust_root");
 	}catch(failed_lookup& fl) { }
 	string identity = pin.get_param("openid.identity");
 	return_to = pin.get_param("openid.return_to");
diff --git a/lib/util.cc b/lib/util.cc
index 94e09ed..26be66a 100644
--- a/lib/util.cc
+++ b/lib/util.cc
@@ -1,98 +1,99 @@
 #include <errno.h>
 #include <cassert>
+#include <cstring>
 #include <vector>
 #include <string>
 #include <openssl/bio.h>
 #include <openssl/evp.h>
 #include <curl/curl.h>
 #include "opkele/util.h"
 #include "opkele/exception.h"
 
 namespace opkele {
     using namespace std;
 
     namespace util {
 
 	/*
 	 * base64
 	 */
 	string encode_base64(const void *data,size_t length) {
 	    BIO *b64 = 0, *bmem = 0;
 	    try {
 		b64 = BIO_new(BIO_f_base64());
 		if(!b64)
 		    throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder");
 		BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
 		bmem = BIO_new(BIO_s_mem());
 		BIO_set_flags(b64,BIO_CLOSE);
 		if(!bmem)
 		    throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer");
 		BIO_push(b64,bmem);
 		if(((size_t)BIO_write(b64,data,length))!=length)
 		    throw exception_openssl(OPKELE_CP_ "failed to BIO_write()");
 		if(BIO_flush(b64)!=1)
 		    throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()");
 		char *rvd;
 		long rvl = BIO_get_mem_data(bmem,&rvd);
 		string rv(rvd,rvl);
 		BIO_free_all(b64);
 		return rv;
 	    }catch(...) {
 		if(b64) BIO_free_all(b64);
 		throw;
 	    }
 	}
 
 	void decode_base64(const string& data,vector<unsigned char>& rv) {
 	    BIO *b64 = 0, *bmem = 0;
 	    rv.clear();
 	    try {
 		bmem = BIO_new_mem_buf((void*)data.data(),data.size());
 		if(!bmem)
 		    throw exception_openssl(OPKELE_CP_ "failed to BIO_new_mem_buf()");
 		b64 = BIO_new(BIO_f_base64());
 		if(!b64)
 		    throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 decoder");
 		BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
 		BIO_push(b64,bmem);
 		unsigned char tmp[512];
 		size_t rb = 0;
 		while((rb=BIO_read(b64,tmp,sizeof(tmp)))>0)
 		    rv.insert(rv.end(),tmp,&tmp[rb]);
 		BIO_free_all(b64);
 	    }catch(...) {
 		if(b64) BIO_free_all(b64);
 		throw;
 	    }
 	}
 
 	/*
 	 * big numerics
 	 */
 
 	BIGNUM *base64_to_bignum(const string& b64) {
 	    vector<unsigned char> bin;
 	    decode_base64(b64,bin);
 	    BIGNUM *rv = BN_bin2bn(&(bin.front()),bin.size(),0);
 	    if(!rv)
 		throw failed_conversion(OPKELE_CP_ "failed to BN_bin2bn()");
 	    return rv;
 	}
 
 	BIGNUM *dec_to_bignum(const string& dec) {
 	    BIGNUM *rv = 0;
 	    if(!BN_dec2bn(&rv,dec.c_str()))
 		throw failed_conversion(OPKELE_CP_ "failed to BN_dec2bn()");
 	    return rv;
 	}
 
 	string bignum_to_base64(const BIGNUM *bn) {
 	    vector<unsigned char> bin(BN_num_bytes(bn)+1);
 	    unsigned char *binptr = &(bin.front())+1;
 	    int l = BN_bn2bin(bn,binptr);
 	    if(l && (*binptr)&0x80){
 		(*(--binptr)) = 0; ++l;
 	    }
 	    return encode_base64(binptr,l);
 	}