Age | Commit message (Collapse) | Author |
|
|
|
Everything clang and GCC warn about, except GCC's missing-field-initializers
which are just stupid as they don't allow {} syntax to zero a field.
|
|
|
|
A random splay time of up to 5 minutes will ensure that simultaneous handshakes
with many peers are desynchronized as fast as possible.
|
|
|
|
|
|
|
|
These changes improve the performance of the AES128-GCM method by ~10% on my
Intel CPU when compiled with -O2.
Furthermore, the AES and the GHASH parts are separated now, allowing to switch
to other implementations of the algorithms more easily.
|
|
This fix prevents a potential attack using intentional packet reordering to
initialize more than one session with using the same handshake keys, leading
to more that one session to be initialized with the same key data altogether,
allowing to decrypt some packets in the worst case.
|
|
This is causing duplicate nonces in the worst case.
|
|
|
|
state can be used; remove the concept of temporary peers
These changes will fix the possibility of a TCP-SYN-Flood-like DoS attack, at the cost of another
protocol change: as we can't count request IDs when we don't know have temporary peers, request IDs
are removed completely.
|
|
|