Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in
DTLS 1.2 mode too.

Since this is always called from DTLS code it is safe to assume the header
length should be the DTLS value. This avoids the need to check the version
number and should work with any version of DTLS (not just 1.0).

Revise DTLS code. There was a *lot* of code duplication in the
DTLS code that generates records. This makes it harder to maintain and
sometimes a TLS update is omitted by accident from the DTLS code.

Specifically almost all of the record generation functions have code like
this:

some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
... Record creation stuff ...
set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);

...

write_handshake_message(ssl);

Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
in some cases has very minor differences.

By adding a few fields to SSL3_ENC to include the header length, some flags
and function pointers for handshake header setting and handshake writing the
code can cope with both cases.

Note: although this passes "make test" and some simple DTLS tests there may
be some minor differences in the DTLS code that have to be accounted for.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix padding bugs in Heartbeat support.

certificate chain instead of an X509 structure.

This makes it easier to enhance code in future and the chain
output functions have access to the CERT_PKEY structure being
used.

New function ssl_add_cert_chain which adds a certificate chain to
SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain
and dtls1_output_cert_chain instead of partly duplicating code.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Add SCTP support for DTLS (RFC 6083).

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS fragment reassembly bug.

Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix bug in bitmask macros and stop warnings.

Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix various DTLS fragment reassembly bugs.

Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Fragment size bug fix.

Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_ctrl error handling

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.

PR: 1587

Submitted by: Victor B. Wagner <vitus@cryptocom.ru>