Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-02-27 | Don't set the peer address for temporary peers before the session is ↵ | Matthias Schiffer | |
actually established Doing so could lead to duplicate address entries in different peers, causing very strange behaviour. Add additional parameters for the local and the peer address to fastd_shell_exec() to allow the on-verify script to use this information nevertheless. | |||
2013-02-26 | Experimental support for accepting connections from unknown peers | Matthias Schiffer | |
2013-02-25 | Add public keys to shell environment | Matthias Schiffer | |
2013-02-23 | Differentiate between reasons for ignoring a handshake | Matthias Schiffer | |
2013-02-23 | Use fastd_peer_t instead of fastd_peer_config_t in handshake code | Matthias Schiffer | |
Directly using the peers allows us to get rid of the inefficient get_peer() function and is necessary for adding support for unknown peers. | |||
2013-01-21 | Add error message for OOM on buffer alloc | Matthias Schiffer | |
2013-01-09 | Improve checking of received handshake keys | Matthias Schiffer | |
2013-01-09 | Update to libuecc v3, check EC points for validity | Matthias Schiffer | |
2013-01-05 | Adjust copyright years | Matthias Schiffer | |
2012-12-23 | Fix up all usage of deprecated libuecc API | Matthias Schiffer | |
2012-12-18 | Convert type names to _t convention | Matthias Schiffer | |
2012-11-05 | Implement peer limit constraints | Matthias Schiffer | |
2012-11-02 | Improve handling of associated sockets in key matching | Matthias Schiffer | |
2012-11-01 | Dynamically create and destroy sockets without fixed binds | Matthias Schiffer | |
2012-10-29 | Add support for multiple binds | Matthias Schiffer | |
2012-09-15 | Use inline function for alignment | Matthias Schiffer | |
2012-09-15 | Rework some parts of the AES128-GCM method | Matthias Schiffer | |
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily. | |||
2012-07-01 | Add support for multiple crypto methods without reconfiguration | Matthias Schiffer | |
2012-06-15 | Avoid using the same handshake key to establish more than one session | Matthias Schiffer | |
This fix prevents a potential attack using intentional packet reordering to initialize more than one session with using the same handshake keys, leading to more that one session to be initialized with the same key data altogether, allowing to decrypt some packets in the worst case. | |||
2012-06-07 | Limit handshake frequency where possible | Matthias Schiffer | |
2012-06-06 | Limit resolve frequency | Matthias Schiffer | |
2012-06-06 | Improve some log levels | Matthias Schiffer | |
2012-06-05 | Fix possible duplicate session establishment | Matthias Schiffer | |
This is causing duplicate nonces in the worst case. | |||
2012-06-05 | Add support for receiving reordered packets | Matthias Schiffer | |
2012-06-04 | Make sure refresh handshakes aren't cleaned | Matthias Schiffer | |
2012-06-04 | Fix key invalidation order on key refresh | Matthias Schiffer | |
2012-06-04 | Add version string to handshake | Matthias Schiffer | |
2012-06-04 | Improve handshake logging | Matthias Schiffer | |
2012-05-03 | Fix critical error introduced by copy-and-pasting, another possible NULL ↵ | Matthias Schiffer | |
dereference | |||
2012-05-03 | Critical fix: ignore disabled peers when searching peer key to avoid NULL ↵v0.4-rc6 | Matthias Schiffer | |
dereference | |||
2012-04-22 | Ignore handshakes for 15 seconds after session establishment to avoid ↵v0.4-rc2 | Matthias Schiffer | |
excessive and concurrent handshakes | |||
2012-04-22 | Add --show-key and --machine-readable options | Matthias Schiffer | |
2012-04-22 | Ignore peers with own key | Matthias Schiffer | |
2012-04-19 | Don't regenerate session handshake keypair for every handshake so a global ↵ | Matthias Schiffer | |
state can be used; remove the concept of temporary peers These changes will fix the possibility of a TCP-SYN-Flood-like DoS attack, at the cost of another protocol change: as we can't count request IDs when we don't know have temporary peers, request IDs are removed completely. | |||
2012-04-16 | Lots of fixes and improvements on the resolver code | Matthias Schiffer | |
2012-04-14 | Reduce task queue usage | Matthias Schiffer | |
2012-04-14 | Separate handshake from encryption method | Matthias Schiffer | |