Mercurial > dropbear
annotate libtomcrypt/build.sh @ 1790:42745af83b7d
Introduce extra delay before closing unauthenticated sessions
To make it harder for attackers, introduce a delay to keep an
unauthenticated session open a bit longer, thus blocking a connection
slot until after the delay.
Without this, while there is a limit on the amount of attempts an attacker
can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to
handle one attempt is still short and thus for each of the allowed parallel
attempts many attempts can be chained one after the other. The attempt rate
is then:
"MAX_UNAUTH_PER_IP / <process time of one attempt>".
With the delay, this rate becomes:
"MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
| author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
|---|---|
| date | Wed, 15 Feb 2017 13:53:04 +0100 |
| parents | 6dba84798cd5 |
| children |
| rev | line source |
|---|---|
|
285
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 #!/bin/bash |
|
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 echo "$1 ($2, $3)..." |
|
1471
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
3 |
|
285
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 make clean 1>/dev/null 2>/dev/null |
|
1471
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
5 |
|
285
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 echo -n "building..." |
|
1471
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
7 |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
8 if [ -f /proc/cpuinfo ] |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
9 then |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
10 MAKE_JOBS=$(( ($(cat /proc/cpuinfo | grep -E '^processor[[:space:]]*:' | tail -n -1 | cut -d':' -f2) + 1) * 2 + 1 )) |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
11 else |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
12 MAKE_JOBS=8 |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
13 fi |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
14 |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
15 CFLAGS="$2 $CFLAGS $4" EXTRALIBS="$5" make -j$MAKE_JOBS -f $3 all_test 1>gcc_1.txt 2>gcc_2.txt |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
16 mret=$? |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
17 cnt=$(wc -l < gcc_2.txt) |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
18 # ignore 1 line since ar prints to stderr instead of stdout and ar is called for |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
19 # $(LIBNAME) |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
20 if [[ $mret -ne 0 ]] || [[ $cnt -gt 1 ]]; then |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
21 echo "build $1 failed! printing gcc_2.txt now for convenience" |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
22 cat gcc_2.txt |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
23 exit 1 |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
24 fi |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
25 |
|
285
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 echo -n "testing..." |
|
1471
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
27 |
|
285
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 if [ -a test ] && [ -f test ] && [ -x test ]; then |
|
1471
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
29 ((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed, look at test_err.txt or tv.txt" && exit 1) |
|
285
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 if find *_tv.txt -type f 1>/dev/null 2>/dev/null ; then |
|
1471
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
31 for f in *_tv.txt; do |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
32 # check for lines starting with '<' ($f might be a subset of notes/$f) |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
33 difftroubles=$(diff -i -w -B $f notes/$f | grep '^<') |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
34 if [ -n "$difftroubles" ]; then |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
35 echo "FAILURE: $f" |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
36 diff -i -w -B $f notes/$f |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
37 echo "tv_gen $f failed" && rm -f testok.txt && exit 1 |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
38 else |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
39 true |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
40 fi |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
41 done |
|
285
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 fi |
|
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 fi |
|
1471
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
44 |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
45 |
|
285
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 if [ -a testok.txt ] && [ -f testok.txt ]; then |
|
1471
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
47 if [ "$LTC_COVERAGE" != "" ]; then |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
48 ./coverage_more.sh > test_coverage_more.txt || exit 1 |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
49 lcov_opts="--capture --no-external --directory src -q" |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
50 lcov_out=$(echo coverage_$1_$2_$3 | tr ' -=+' '_')".info" |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
51 lcov $lcov_opts --output-file $lcov_out |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
52 fi |
|
285
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 exit 0 |
|
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 fi |
|
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 exit 1 |
|
1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 |
|
1471
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
57 # ref: $Format:%D$ |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
58 # git commit: $Format:%H$ |
|
6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Matt Johnston <matt@ucc.asn.au>
parents:
382
diff
changeset
|
59 # commit time: $Format:%ai$ |