1. 13 Mar, 2014 2 commits
  2. 06 Feb, 2014 6 commits
  3. 14 Jan, 2014 1 commit
  4. 30 Dec, 2013 1 commit
    • Paul Bakker's avatar
      Reduced the input / output overhead with 200+ bytes and covered corner · 956c9e06
      Paul Bakker authored
      case
      
      The actual input / output buffer overhead is only 301 instead of 512.
      This requires a proper check on the padding_idx to prevent out of bounds
      reads.
      
      Previously a remote party could potentially trigger an access error and
      thus stop the application when sending a malicious packet having
      MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
      This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
      for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
      buffer length.
      
      We now reset padding_idx to 0, if it's clear that it will never be a
      valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
      956c9e06
  5. 17 Dec, 2013 1 commit
  6. 21 Nov, 2013 1 commit
  7. 20 Nov, 2013 1 commit
  8. 31 Oct, 2013 1 commit
  9. 30 Oct, 2013 5 commits
  10. 29 Oct, 2013 1 commit
  11. 28 Oct, 2013 1 commit
  12. 27 Oct, 2013 1 commit
  13. 14 Oct, 2013 3 commits
  14. 11 Oct, 2013 1 commit
  15. 30 Sep, 2013 1 commit
  16. 24 Sep, 2013 6 commits
  17. 20 Sep, 2013 1 commit
  18. 19 Sep, 2013 1 commit
  19. 18 Sep, 2013 2 commits
  20. 16 Sep, 2013 1 commit
  21. 10 Sep, 2013 1 commit
  22. 05 Sep, 2013 1 commit