summaryrefslogtreecommitdiffstats
path: root/src/method_xsalsa20_poly1305.c
AgeCommit message (Collapse)Author
2013-08-20Fix lots of -Wextra warningsMatthias Schiffer
Everything clang and GCC warn about, except GCC's missing-field-initializers which are just stupid as they don't allow {} syntax to zero a field.
2013-03-02Print error message on aborts due to buffer push/pull errorsMatthias Schiffer
2013-02-23Subtract splay time to key refresh intervalMatthias Schiffer
A random splay time of up to 5 minutes will ensure that simultaneous handshakes with many peers are desynchronized as fast as possible.
2013-01-21Add error message for OOM on buffer allocMatthias Schiffer
2013-01-05Adjust copyright yearsMatthias Schiffer
2012-12-18Convert type names to _t conventionMatthias Schiffer
2012-09-15Rework some parts of the AES128-GCM methodMatthias Schiffer
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily.
2012-06-15Avoid using the same handshake key to establish more than one sessionMatthias Schiffer
This fix prevents a potential attack using intentional packet reordering to initialize more than one session with using the same handshake keys, leading to more that one session to be initialized with the same key data altogether, allowing to decrypt some packets in the worst case.
2012-06-05Fix possible duplicate session establishmentMatthias Schiffer
This is causing duplicate nonces in the worst case.
2012-06-05Add support for receiving reordered packetsMatthias Schiffer
2012-04-19Don't regenerate session handshake keypair for every handshake so a global ↵Matthias Schiffer
state can be used; remove the concept of temporary peers These changes will fix the possibility of a TCP-SYN-Flood-like DoS attack, at the cost of another protocol change: as we can't count request IDs when we don't know have temporary peers, request IDs are removed completely.
2012-04-14Separate handshake from encryption methodMatthias Schiffer