Skip to content

Instantly share code, notes, and snippets.

Filippo Valsorda FiloSottile

Block or report user

Report or block FiloSottile

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
FiloSottile / gist:d3839775bda8e6649372a6e5efea7c38
Created May 4, 2016
Hosts in the Alexa Top 30k vulnerable to CVE-2016-2107 as of 2016-05-04Z00:00.
View gist:d3839775bda8e6649372a6e5efea7c38
View aesni_cbc_hmac_sha1_cipher.c
// clang -L/usr/local/opt/openssl/lib -I/usr/local/opt/openssl/include -lssl -lcrypto -O0 -g aesni_cbc_hmac_sha1_cipher.c && ./a.out
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
View 20160503.txt
OpenSSL Security Advisory [3rd May 2016]
Memory corruption in the ASN.1 encoder (CVE-2016-2108)
Severity: High
This issue affected versions of OpenSSL prior to April 2015. The bug
causing the vulnerability was fixed on April 18th 2015, and released
#! /bin/sh
GOOS=linux go build -o $2 "$1"
GOOS=linux go build -ldflags="-s -w" -o $2.-sw "$1"
upx -f --brute -o $2.upx $2
upx -f --brute -o $2.-sw.upx $2.-sw
GOOS=linux gotip build -o $2.tip "$1"
GOOS=linux gotip build -ldflags="-s -w" -o $2.tip.-sw "$1"
upx -f --brute -o $2.tip.upx $2.tip
View gist:d308789cc7a8f1de8f36a127ecfbff19
$ pip freeze
View gist:9326dbcd7dfe73431961
$ tail -n +210868 whosthere/log.jsonl | while read line; do echo "$line" | jq -r .ClientVersion | xxd -r -p; echo; done | sort | uniq -c | sort -n
1 SSH-2.0-dropbear_2015.67
1 SSH-2.0-nsssh2_5.0.0029 NetSarang Computer, Inc.
1 SSH-2.0-OpenSSH_3.9p1
1 SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
1 SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7.1
1 SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308
1 SSH-2.0-OpenSSH_5.8
1 SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
1 SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
View TestHMACTotalTiming.go
func TestHMACTotalTiming(t *testing.T) {
sumData := make(plotter.XYs, 256)
constData := make(plotter.XYs, 256)
naiveData := make(plotter.XYs, 256)
data := []byte("0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789")
sumBuf := make([]byte, 0, 100)
for n := 0; n < 256; n++ {
var res1, res2 []byte
ns := testing.Benchmark(func(b *testing.B) {
View cipher_suites_test.go
// Copyright 2010 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package tls
import (
View python-rsa verify BB'06.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View 0001-crypto-tls-support-SSLv2-compatibility-handshakes.patch
From 6ec6e3f7b176547783b2c464d54bc1a1f7d884f7 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <>
Date: Mon, 7 Dec 2015 15:44:34 +0000
Subject: [PATCH] crypto/tls: support SSLv2 compatibility handshakes
src/crypto/tls/conn.go | 103 ++++++++++++++++++++++++++++++++++++-
src/crypto/tls/handshake_server.go | 7 ++-
2 files changed, 107 insertions(+), 3 deletions(-)
You can’t perform that action at this time.