Mercurial > dropbear
annotate libtommath/gen.pl @ 1790:42745af83b7d
Introduce extra delay before closing unauthenticated sessions
To make it harder for attackers, introduce a delay to keep an
unauthenticated session open a bit longer, thus blocking a connection
slot until after the delay.
Without this, while there is a limit on the amount of attempts an attacker
can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to
handle one attempt is still short and thus for each of the allowed parallel
attempts many attempts can be chained one after the other. The attempt rate
is then:
"MAX_UNAUTH_PER_IP / <process time of one attempt>".
With the delay, this rate becomes:
"MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
| author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
|---|---|
| date | Wed, 15 Feb 2017 13:53:04 +0100 |
| parents | 8bba51a55704 |
| children |
| rev | line source |
|---|---|
|
284
eed26cff980b
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 6c790cad5a7fa866ad062cb3a0c279f7ba788583)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 #!/usr/bin/perl -w |
|
eed26cff980b
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 6c790cad5a7fa866ad062cb3a0c279f7ba788583)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 # |
|
eed26cff980b
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 6c790cad5a7fa866ad062cb3a0c279f7ba788583)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 # Generates a "single file" you can use to quickly |
|
eed26cff980b
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 6c790cad5a7fa866ad062cb3a0c279f7ba788583)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 # add the whole source without any makefile troubles |
|
eed26cff980b
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 6c790cad5a7fa866ad062cb3a0c279f7ba788583)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 # |
|
eed26cff980b
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 6c790cad5a7fa866ad062cb3a0c279f7ba788583)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 use strict; |
|
1470
8bba51a55704
Update to libtommath v1.0.1
Matt Johnston <matt@ucc.asn.au>
parents:
1436
diff
changeset
|
7 use warnings; |
|
284
eed26cff980b
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 6c790cad5a7fa866ad062cb3a0c279f7ba788583)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 |
|
1470
8bba51a55704
Update to libtommath v1.0.1
Matt Johnston <matt@ucc.asn.au>
parents:
1436
diff
changeset
|
9 open(my $out, '>', 'mpi.c') or die "Couldn't open mpi.c for writing: $!"; |
|
8bba51a55704
Update to libtommath v1.0.1
Matt Johnston <matt@ucc.asn.au>
parents:
1436
diff
changeset
|
10 foreach my $filename (glob 'bn*.c') { |
|
8bba51a55704
Update to libtommath v1.0.1
Matt Johnston <matt@ucc.asn.au>
parents:
1436
diff
changeset
|
11 open(my $src, '<', $filename) or die "Couldn't open $filename for reading: $!"; |
|
8bba51a55704
Update to libtommath v1.0.1
Matt Johnston <matt@ucc.asn.au>
parents:
1436
diff
changeset
|
12 print {$out} "/* Start: $filename */\n"; |
|
8bba51a55704
Update to libtommath v1.0.1
Matt Johnston <matt@ucc.asn.au>
parents:
1436
diff
changeset
|
13 print {$out} $_ while <$src>; |
|
8bba51a55704
Update to libtommath v1.0.1
Matt Johnston <matt@ucc.asn.au>
parents:
1436
diff
changeset
|
14 print {$out} "\n/* End: $filename */\n\n"; |
|
8bba51a55704
Update to libtommath v1.0.1
Matt Johnston <matt@ucc.asn.au>
parents:
1436
diff
changeset
|
15 close $src or die "Error closing $filename after reading: $!"; |
|
284
eed26cff980b
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 6c790cad5a7fa866ad062cb3a0c279f7ba788583)
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 } |
|
1470
8bba51a55704
Update to libtommath v1.0.1
Matt Johnston <matt@ucc.asn.au>
parents:
1436
diff
changeset
|
17 print {$out} "\n/* EOF */\n"; |
|
8bba51a55704
Update to libtommath v1.0.1
Matt Johnston <matt@ucc.asn.au>
parents:
1436
diff
changeset
|
18 close $out or die "Error closing mpi.c after writing: $!"; |
| 1436 | 19 |
| 20 system('perl -pli -e "s/\s*$//" mpi.c'); |