Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-10-28 | Organize method and protocol source files into distinct source directories | Matthias Schiffer | |
2013-08-28 | ec25519: ensure old sessions are invalidated quickly after a new one has ↵ | Matthias Schiffer | |
been established | |||
2013-08-27 | Introduce new log level debug2 for potentially very frequent messages | Matthias Schiffer | |
2013-08-20 | Prevent zero-before-free operations from being optimized out | Matthias Schiffer | |
2013-08-20 | Fix lots of -Wextra warnings | Matthias Schiffer | |
Everything clang and GCC warn about, except GCC's missing-field-initializers which are just stupid as they don't allow {} syntax to zero a field. | |||
2013-03-02 | Print error message on aborts due to buffer push/pull errors | Matthias Schiffer | |
2013-02-23 | Subtract splay time to key refresh interval | Matthias Schiffer | |
A random splay time of up to 5 minutes will ensure that simultaneous handshakes with many peers are desynchronized as fast as possible. | |||
2013-01-21 | Add error message for OOM on buffer alloc | Matthias Schiffer | |
2013-01-05 | Adjust copyright years | Matthias Schiffer | |
2012-12-18 | Convert type names to _t convention | Matthias Schiffer | |
2012-09-15 | Rework some parts of the AES128-GCM method | Matthias Schiffer | |
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily. | |||
2012-06-15 | Avoid using the same handshake key to establish more than one session | Matthias Schiffer | |
This fix prevents a potential attack using intentional packet reordering to initialize more than one session with using the same handshake keys, leading to more that one session to be initialized with the same key data altogether, allowing to decrypt some packets in the worst case. | |||
2012-06-05 | Fix possible duplicate session establishment | Matthias Schiffer | |
This is causing duplicate nonces in the worst case. | |||
2012-06-05 | Add support for receiving reordered packets | Matthias Schiffer | |
2012-04-19 | Don't regenerate session handshake keypair for every handshake so a global ↵ | Matthias Schiffer | |
state can be used; remove the concept of temporary peers These changes will fix the possibility of a TCP-SYN-Flood-like DoS attack, at the cost of another protocol change: as we can't count request IDs when we don't know have temporary peers, request IDs are removed completely. | |||
2012-04-14 | Separate handshake from encryption method | Matthias Schiffer | |