- 09 Oct, 2013 2 commits
-
-
Nick Mathewson authored
(I'd rather use an option, but it appears that the options field is full.) Now, we send the time in the gmt_unix_time field if the appropriate one of these mode options is set, but randomize the field if the flag is not set.
-
Nick Mathewson authored
I'll be using this to make an option for randomizing the time.
-
- 16 Sep, 2013 2 commits
-
-
Nick Mathewson authored
Instead, send random bytes.
-
Nick Mathewson authored
Instead, send random bytes. While the gmt_unix_time record was added in an ostensible attempt to mitigate the dangers of a bad RNG, its presence leaks the host's view of the current time in the clear. This minor leak can help fingerprint TLS instances across networks and protocols... and what's worse, it's doubtful thet the gmt_unix_time record does any good at all for its intended purpose, since: * It's quite possible to open two TLS connections in one second. * If the PRNG output is prone to repeat itself, ephemeral * handshakes (and who knows what else besides) are broken.
-
- 11 Feb, 2013 5 commits
-
-
Dr. Stephen Henson authored
Workaround for non-compliant tar files sometimes created by "make dist".
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Lutz Jaenicke authored
-
Andy Polyakov authored
(cherry picked from commit 3caeef94)
-
- 09 Feb, 2013 2 commits
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- 08 Feb, 2013 5 commits
-
-
Andy Polyakov authored
(cherry picked from commit f93a4187)
-
Andy Polyakov authored
(cherry picked from commit e9baceab)
-
Andy Polyakov authored
With previous commit it also ensures that valgrind is happy.
-
Ben Laurie authored
-
Ben Laurie authored
-
- 07 Feb, 2013 3 commits
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
Fix the calculation that checks there is enough room in a record after removing padding and optional explicit IV. (by Steve) For AEAD remove the correct number of padding bytes (by Andy)
-
- 06 Feb, 2013 2 commits
-
-
Adam Langley authored
MD5 should use little endian order. Fortunately the only ciphersuite affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which is a rarely used export grade ciphersuite.
-
Dr. Stephen Henson authored
-
- 04 Feb, 2013 8 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- 03 Feb, 2013 1 commit
-
-
Andy Polyakov authored
-
- 02 Feb, 2013 3 commits
-
-
Andy Polyakov authored
(cherry picked from commit 134c0065)
-
Andy Polyakov authored
PR: 2963 and a number of others (cherry picked from commit 4568182a)
-
Andy Polyakov authored
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
-
- 01 Feb, 2013 7 commits
-
-
Ben Laurie authored
-
Andy Polyakov authored
Kludge alert. This is arranged by passing padding length in unused bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
-
Andy Polyakov authored
RISCs are picky and alignment granted by compiler for md_state can be insufficient for SHA512.
-
Andy Polyakov authored
Break dependency on uint64_t. It's possible to declare bits as unsigned int, because TLS packets are limited in size and 32-bit value can't overflow.
-