]> git.plutz.net Git - confetti/commitdiff
Squashed 'cgilite/' changes from a1caf91..a836764
authorPaul Hänsch <paul@plutz.net>
Sat, 6 Feb 2021 11:24:58 +0000 (12:24 +0100)
committerPaul Hänsch <paul@plutz.net>
Sat, 6 Feb 2021 11:24:58 +0000 (12:24 +0100)
a836764 prefer hmac for session security

git-subtree-dir: cgilite
git-subtree-split: a836764660cf5db4cc02ffd9ea1ddb30aaa432f5

session.sh

index 12788d3eb534292349b8146ac1c50db80118398b..0a2a2e8b6583ad95c1d95735de392f9d64e35615 100755 (executable)
@@ -24,6 +24,14 @@ slopecode(){
   '
 }
 
+session_mac(){
+  if which openssl >/dev/null; then
+    openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode
+  else
+    { cat; server_key; } |sha256sum |cut -d\  -f1
+  fi
+}
+
 randomid(){
   dd bs=12 count=1 if=/dev/urandom 2>&- \
   | slopecode
@@ -49,8 +57,7 @@ transid(){
   local file="$1"
   { stat -c %F%i%n%N%s%Y "$file" 2>&-
     printf %s "$SESSION_ID"
-    server_key
-  } | sha256sum | cut -d\  -f1
+  } | session_mac
 }
 
 update_session(){
@@ -61,8 +68,7 @@ update_session(){
        END
   serverkey="$(server_key)"
   
-  checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)"
-  checksig="${checksig%% *}"
+  checksig="$(printf %s "$sid" "$time" |session_mac)"
   
   if ! [ "$checksig" = "$sig" \
     -a "$time" -ge "$_DATE" \
@@ -73,8 +79,7 @@ update_session(){
   fi
 
   time=$(( $_DATE + $SESSION_TIMEOUT ))
-  sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)"
-  sig="${sig%% *}"
+  sig="$(printf %s "$sid" "$time" |session_mac)"
   printf %s\\n "${sid}-${time}-${sig}"
 }