Ensure that, when generating small primes, the result is actually of the
requested size. Fixes OpenSSL #2701.
This change does not address the cases of generating safe primes, or
where the |add| parameter is non-NULL.
This change adds functions to check membership of various cipher
families. Clients and servers need this in order to optimise the size of
records because different families have different amounts of prefix and
postfix overhead.
Limit the number of empty records that will be processed consecutively
in order to prevent ssl3_get_record from never returning.
Reported by "oftc_must_be_destroyed" and George Kadianakis.
(The issue was reported by Shay Gueron.)
The final reduction in Montgomery multiplication computes if (X >= m) then X =
X - m else X = X
In OpenSSL, this was done by computing T = X - m, doing a constant-time
selection of the *addresses* of X and T, and loading from the resulting
address. But this is not cache-neutral.
This patch changes the behaviour by loading both X and T into registers, and
doing a constant-time selection of the *values*.
TODO(fork): only some of the fixes from the original patch still apply to
the 1.0.2 code.
(Called "cut through" for historical reasons in this patch.)
Enables SSL3+ clients to send application data immediately following the
Finished message even when negotiating full-handshakes. With this
patch, clients can negotiate SSL connections in 1-RTT even when
performing full-handshakes.
Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta).
(This change contains substantial changes from the original and
effectively starts a new history.)