From ff80a58656b75fa6ec1e51736112d1ca83864453 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Sat, 6 Feb 2021 12:26:57 +0100 Subject: [PATCH] Squashed 'cgilite/' changes from a1caf91..a836764 a836764 prefer hmac for session security git-subtree-dir: cgilite git-subtree-split: a836764660cf5db4cc02ffd9ea1ddb30aaa432f5 --- session.sh | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/session.sh b/session.sh index 12788d3..0a2a2e8 100755 --- a/session.sh +++ b/session.sh @@ -24,6 +24,14 @@ slopecode(){ ' } +session_mac(){ + if which openssl >/dev/null; then + openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode + else + { cat; server_key; } |sha256sum |cut -d\ -f1 + fi +} + randomid(){ dd bs=12 count=1 if=/dev/urandom 2>&- \ | slopecode @@ -49,8 +57,7 @@ transid(){ local file="$1" { stat -c %F%i%n%N%s%Y "$file" 2>&- printf %s "$SESSION_ID" - server_key - } | sha256sum | cut -d\ -f1 + } | session_mac } update_session(){ @@ -61,8 +68,7 @@ update_session(){ END serverkey="$(server_key)" - checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)" - checksig="${checksig%% *}" + checksig="$(printf %s "$sid" "$time" |session_mac)" if ! [ "$checksig" = "$sig" \ -a "$time" -ge "$_DATE" \ @@ -73,8 +79,7 @@ update_session(){ fi time=$(( $_DATE + $SESSION_TIMEOUT )) - sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)" - sig="${sig%% *}" + sig="$(printf %s "$sid" "$time" |session_mac)" printf %s\\n "${sid}-${time}-${sig}" } -- 2.39.2