annotate src/c/openssl.c @ 2071:739172204214

Introduce recv timeout controlled by '-T' option in http.c This should prevent a DDoS attack where attacker and keeps the connection open but send no data.
author Sergey Mironov <grrwlf@gmail.com>
date Tue, 02 Sep 2014 17:42:10 +0000
parents b2bc8bcd546f
children 882556b3029d
rev   line source
adamc@1268 1 #include "config.h"
adamc@1268 2
adam@1368 3 #include <stdlib.h>
adam@1368 4 #include <unistd.h>
adam@1368 5 #include <sys/types.h>
adam@1368 6 #include <sys/stat.h>
adamc@1145 7 #include <fcntl.h>
adam@1368 8 #include <stdio.h>
adam@1368 9 #include <string.h>
adamc@1104 10
adam@1368 11 #include <openssl/sha.h>
adam@1368 12
adamc@1104 13 #define PASSSIZE 4
adamc@1104 14
adam@1368 15 int uw_hash_blocksize = 32;
adamc@1104 16
adamc@1104 17 static int password[PASSSIZE];
adamc@1104 18
adamc@1145 19 char *uw_sig_file = NULL;
adamc@1145 20
adamc@1145 21 static void random_password() {
adamc@1145 22 int i;
adamc@1145 23
adamc@1145 24 for (i = 0; i < PASSSIZE; ++i)
adamc@1145 25 password[i] = rand();
adamc@1145 26 }
adamc@1145 27
adamc@1104 28 void uw_init_crypto() {
adamc@1145 29 if (uw_sig_file) {
adamc@1145 30 int fd;
adamc@1145 31
adamc@1155 32 if (access(uw_sig_file, F_OK)) {
adamc@1145 33 random_password();
adamc@1145 34
adamc@1145 35 if ((fd = open(uw_sig_file, O_WRONLY | O_CREAT, 0700)) < 0) {
adamc@1145 36 fprintf(stderr, "Can't open signature file %s\n", uw_sig_file);
adamc@1145 37 perror("open");
adamc@1145 38 exit(1);
adamc@1145 39 }
adamc@1145 40
adamc@1145 41 if (write(fd, &password, sizeof password) != sizeof password) {
adamc@1145 42 fprintf(stderr, "Error writing signature file\n");
adamc@1145 43 exit(1);
adamc@1145 44 }
adamc@1145 45
adamc@1145 46 close(fd);
adamc@1145 47 } else {
adamc@1145 48 if ((fd = open(uw_sig_file, O_RDONLY)) < 0) {
adamc@1145 49 fprintf(stderr, "Can't open signature file %s\n", uw_sig_file);
adamc@1145 50 perror("open");
adamc@1145 51 exit(1);
adamc@1145 52 }
adamc@1145 53
adamc@1145 54 if (read(fd, &password, sizeof password) != sizeof password) {
adamc@1145 55 fprintf(stderr, "Error reading signature file\n");
adamc@1145 56 exit(1);
adamc@1145 57 }
adamc@1145 58
adamc@1145 59 close(fd);
adamc@1145 60 }
adamc@1145 61 } else
adamc@1145 62 random_password();
adamc@1104 63 }
adamc@1104 64
adam@1368 65 void uw_sign(const char *in, unsigned char *out) {
adam@1368 66 SHA256_CTX c;
adamc@1104 67
adam@1368 68 SHA256_Init(&c);
adam@1368 69 SHA256_Update(&c, password, sizeof password);
adam@1368 70 SHA256_Update(&c, in, strlen(in));
adam@1368 71 SHA256_Final(out, &c);
adamc@1104 72 }