Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-11-02 | Improve handling of associated sockets in key matching | Matthias Schiffer | |
2012-11-01 | Dynamically create and destroy sockets without fixed binds | Matthias Schiffer | |
2012-10-29 | Add support for multiple binds | Matthias Schiffer | |
2012-09-15 | Use inline function for alignment | Matthias Schiffer | |
2012-09-15 | Rework some parts of the AES128-GCM method | Matthias Schiffer | |
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily. | |||
2012-07-01 | Add support for multiple crypto methods without reconfiguration | Matthias Schiffer | |
2012-06-15 | Avoid using the same handshake key to establish more than one session | Matthias Schiffer | |
This fix prevents a potential attack using intentional packet reordering to initialize more than one session with using the same handshake keys, leading to more that one session to be initialized with the same key data altogether, allowing to decrypt some packets in the worst case. | |||
2012-06-07 | Limit handshake frequency where possible | Matthias Schiffer | |
2012-06-06 | Limit resolve frequency | Matthias Schiffer | |
2012-06-06 | Improve some log levels | Matthias Schiffer | |
2012-06-05 | Fix possible duplicate session establishment | Matthias Schiffer | |
This is causing duplicate nonces in the worst case. | |||
2012-06-05 | Add support for receiving reordered packets | Matthias Schiffer | |
2012-06-04 | Make sure refresh handshakes aren't cleaned | Matthias Schiffer | |
2012-06-04 | Fix key invalidation order on key refresh | Matthias Schiffer | |
2012-06-04 | Add version string to handshake | Matthias Schiffer | |
2012-06-04 | Improve handshake logging | Matthias Schiffer | |
2012-05-03 | Fix critical error introduced by copy-and-pasting, another possible NULL ↵ | Matthias Schiffer | |
dereference | |||
2012-05-03 | Critical fix: ignore disabled peers when searching peer key to avoid NULL ↵v0.4-rc6 | Matthias Schiffer | |
dereference | |||
2012-04-22 | Ignore handshakes for 15 seconds after session establishment to avoid ↵v0.4-rc2 | Matthias Schiffer | |
excessive and concurrent handshakes | |||
2012-04-22 | Add --show-key and --machine-readable options | Matthias Schiffer | |
2012-04-22 | Ignore peers with own key | Matthias Schiffer | |
2012-04-19 | Don't regenerate session handshake keypair for every handshake so a global ↵ | Matthias Schiffer | |
state can be used; remove the concept of temporary peers These changes will fix the possibility of a TCP-SYN-Flood-like DoS attack, at the cost of another protocol change: as we can't count request IDs when we don't know have temporary peers, request IDs are removed completely. | |||
2012-04-16 | Lots of fixes and improvements on the resolver code | Matthias Schiffer | |
2012-04-14 | Reduce task queue usage | Matthias Schiffer | |
2012-04-14 | Separate handshake from encryption method | Matthias Schiffer | |