- Oct 09, 2013
-
-
Nick Mathewson authored
(I'd rather use an option, but it appears that the options field is full.) Now, we send the time in the gmt_unix_time field if the appropriate one of these mode options is set, but randomize the field if the flag is not set.
-
Nick Mathewson authored
I'll be using this to make an option for randomizing the time.
-
- Sep 16, 2013
-
-
Nick Mathewson authored
Instead, send random bytes.
-
Nick Mathewson authored
Instead, send random bytes. While the gmt_unix_time record was added in an ostensible attempt to mitigate the dangers of a bad RNG, its presence leaks the host's view of the current time in the clear. This minor leak can help fingerprint TLS instances across networks and protocols... and what's worse, it's doubtful thet the gmt_unix_time record does any good at all for its intended purpose, since: * It's quite possible to open two TLS connections in one second. * If the PRNG output is prone to repeat itself, ephemeral * handshakes (and who knows what else besides) are broken.
-
- Feb 11, 2013
-
-
Dr. Stephen Henson authored
Workaround for non-compliant tar files sometimes created by "make dist".
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Lutz Jaenicke authored
-
Andy Polyakov authored
(cherry picked from commit 3caeef94)
-
- Feb 09, 2013
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Feb 08, 2013
-
-
Andy Polyakov authored
(cherry picked from commit f93a4187)
-
Andy Polyakov authored
(cherry picked from commit e9baceab)
-
Andy Polyakov authored
With previous commit it also ensures that valgrind is happy.
-
Ben Laurie authored
-
Ben Laurie authored
-
- Feb 07, 2013
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
Fix the calculation that checks there is enough room in a record after removing padding and optional explicit IV. (by Steve) For AEAD remove the correct number of padding bytes (by Andy)
-
- Feb 06, 2013
-
-
Adam Langley authored
MD5 should use little endian order. Fortunately the only ciphersuite affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which is a rarely used export grade ciphersuite.
-
Dr. Stephen Henson authored
-
- Feb 04, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Feb 03, 2013
-
-
Andy Polyakov authored
-
- Feb 02, 2013
-
-
Andy Polyakov authored
(cherry picked from commit 134c0065)
-
Andy Polyakov authored
PR: 2963 and a number of others (cherry picked from commit 4568182a)
-
Andy Polyakov authored
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
-
- Feb 01, 2013
-
-
Ben Laurie authored
-
Andy Polyakov authored
Kludge alert. This is arranged by passing padding length in unused bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
-
Andy Polyakov authored
RISCs are picky and alignment granted by compiler for md_state can be insufficient for SHA512.
-
Andy Polyakov authored
Break dependency on uint64_t. It's possible to declare bits as unsigned int, because TLS packets are limited in size and 32-bit value can't overflow.
-