First cut of renegotiation extension. (port to HEAD)

 Changes between 0.9.8l and 0.9.8m  [xx XXX xxxx]

  *) Implement

     https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt. Re-enable

     renegotiation but require the extension as needed. Unfortunately,

     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a

     bad idea. It has been replaced by

     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with

     SSL_CTX_set_options(). This is really not recommended unless you

     know what you are doing.

     [Eric Rescorla <ekr@networkresonance.com> and Ben Laurie]

  *) Fixes to stateless session resumption handling. Use initial_ctx when

     issuing and attempting to decrypt tickets in case it has changed during

     servername handling. Use a non-zero length session ID when attempting

	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \

	ssl_ciph.c ssl_stat.c ssl_rsa.c \

	ssl_asn1.c ssl_txt.c ssl_algs.c \

	bio_ssl.c ssl_err.c kssl.c

	bio_ssl.c ssl_err.c kssl.c t1_reneg.c

LIBOBJ= \

	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \

	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \

	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \

	ssl_ciph.o ssl_stat.o ssl_rsa.o \

	ssl_asn1.o ssl_txt.o ssl_algs.o \

	bio_ssl.o ssl_err.o kssl.o

	bio_ssl.o ssl_err.o kssl.o t1_reneg.o

SRC= $(LIBSRC)

		p+=i;

		l=i;

                /* Copy the finished so we can use it for

                   renegotiation checks */

                if(s->type == SSL_ST_CONNECT)

                        {

                         OPENSSL_assert(i <= EVP_MAX_MD_SIZE);

                         memcpy(s->s3->previous_client_finished, 

                             s->s3->tmp.finish_md, i);

                         s->s3->previous_client_finished_len=i;

                        }

                else

                        {

                        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);

                        memcpy(s->s3->previous_server_finished, 

                            s->s3->tmp.finish_md, i);

                        s->s3->previous_server_finished_len=i;

                        }

#ifdef OPENSSL_SYS_WIN16

		/* MSVC 1.5 does not clear the top bytes of the word unless

		 * I do this.

		goto f_err;

		}

        /* Copy the finished so we can use it for

           renegotiation checks */

        if(s->type == SSL_ST_ACCEPT)

                {

                OPENSSL_assert(i <= EVP_MAX_MD_SIZE);

                memcpy(s->s3->previous_client_finished, 

                    s->s3->tmp.peer_finish_md, i);

                s->s3->previous_client_finished_len=i;

                }

        else

                {

                OPENSSL_assert(i <= EVP_MAX_MD_SIZE);

                memcpy(s->s3->previous_server_finished, 

                    s->s3->tmp.peer_finish_md, i);

                s->s3->previous_server_finished_len=i;

                }

	return(1);

f_err:

	ssl3_send_alert(s,SSL3_AL_FATAL,al);

#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L

#define SSL_OP_TLS_D5_BUG				0x00000100L

#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L

#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	0x00000400L

/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added

 * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)

#define SSL_F_SSL3_SETUP_WRITE_BUFFER			 291

#define SSL_F_SSL3_WRITE_BYTES				 158

#define SSL_F_SSL3_WRITE_PENDING			 159

#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT	 298

#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT		 277

#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK	 215

#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK	 216

#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT	 299

#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT		 278

#define SSL_F_SSL_BAD_METHOD				 160

#define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161

#define SSL_F_SSL_INIT_WBIO_BUFFER			 184

#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185

#define SSL_F_SSL_NEW					 186

#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT	 300

#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT	 301

#define SSL_F_SSL_PEEK					 270

#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT		 281

#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT		 282

#define SSL_R_RECORD_LENGTH_MISMATCH			 213

#define SSL_R_RECORD_TOO_LARGE				 214

#define SSL_R_RECORD_TOO_SMALL				 298

#define SSL_R_RENEGOTIATE_EXT_TOO_LONG			 335

#define SSL_R_RENEGOTIATION_ENCODING_ERR		 336

#define SSL_R_RENEGOTIATION_MISMATCH			 337

#define SSL_R_REQUIRED_CIPHER_MISSING			 215

#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216

#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217

		int cert_request;

		} tmp;

        /* Connection binding to prevent renegotiation attacks */

        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];

        unsigned char previous_client_finished_len;

        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];

        unsigned char previous_server_finished_len;

        int send_connection_binding; /* TODOEKR */

	} SSL3_STATE;