> >> On 5/1/2011 1:34 AM, derleader mail wrote: >> >> > I'm going to use stream protocol - TCP/IP. Here is the >> template source >> > code of the server without the encryption part >> >> We mean application protocol. >> >> > while (1) { >> > sock = accept(listensock, NULL, NULL); >> > printf("client connected to child thread %i with pid %i.\n", >> > pthread_self(), getpid()); > >pthread_t and pid_t are not required to be int and sometimes aren't. >I don't think they're even required to be any integers. > >> > nread = recv(sock, buffer, 25, 0); >> > buffer[nread] = '\0'; > >Where buffer is char[25]. If the client always sends 25 bytes >(or more) this will write outside the space allocated for buffer[]. >This is undefined behavior in C and the program can fail arbitrarily. >On today's systems usually this will 'accidentally' work, >but you have no confidence of that in the future. >Either make maximum read at least one byte smaller than buffer, >or buffer at least one byte larger than maximum read. > >Also, recv() returns -1 if error; storing to buffer[-1] >is also undefined and more likely to actually screw up. > >For that matter, accept() can fail and return not a valid socket, >in which case the recv() and send() can't succeed. > >> > printf("%s\n", buffer); > >If this is the only reason you wanted null termination, >you could do printf("%.*s\n",nread,buffer) instead. > >> > send(sock, buffer, nread, 0); >> > close(sock); >> > printf("client disconnected from child thread %i with pid %i.\n", >> > pthread_self(), getpid()); >> > } >> > } >> >> This code isn't very helpful. It just reads and writes the very same >> data. Nothing in this code tells us, for example, how to identify a >> complete message. >> >Unless the messages are fixed-length 25 bytes. I've seen crazier. > >> You could interpose an encryption protocol that also imposed no such >> requirements. You would need to work out your own padding though. >> Blowfish is a block encryption algorithm and cannot encrypt just a >> single byte. So if you only read one byte, you'd need to pad >> it before >> encryption and then you'd need some way to remove the padding on the >> other end. >> >Not quite; OP's earlier code had Blowfish *CFB*, >a stream mode that can handle any number of bytes. >(The mode itself can handle any number of bits, but >the OpenSSL API doesn't handle sub-byte amounts.) > >However a stream mode is generally more vulnerable to >bit-flipping unless authenticated, which the OP didn't. > >Also his 'test' had a fixed IV (and key), >but maybe that was only a test. > >> I would strongly urge you to just use SSL. It is designed for >> *exactly* >> this purpose. >> >Agree there. > >Also it should be noted session caching only helps >if both ends support (and allow) it; it is optional. >If you write both programs and use OpenSSL, it's easy, >but in some other situations it might not be. >
Ok, I agree I will use SSL. Do you know where I can find multithreaded source code of SSL server and client? Have you see benchmark tests of the latest OpenSSL library? Regards Peter ----------------------------------------------------------------- Дизайнерски обувки с до -70%. Регистрирай се и пазарувай. http://clk.tradedoubler.com/click?p=191500&a=1875689&g=19425934