Forbid initiating renegotiate in DTLS.

We will not support any form of DTLS renego.

Change-Id: I6eab4ed12a131ad27fdb9b5ea7cc1f35d872cd43
Reviewed-on: https://boringssl-review.googlesource.com/3230
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/ssl.h

@@ -2433,6 +2433,7 @@ OPENSSL_EXPORT int SSL_set_session_ticket_ext_cb(SSL *s, void *cb, void *arg);
 #define SSL_F_tls1_enc 297
 #define SSL_F_ssl3_prf 298
 #define SSL_F_dtls1_do_write 299
+#define SSL_F_SSL_renegotiate 300
 #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 100
 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 101
 #define SSL_R_INVALID_NULL_CMD_NAME 102

ssl/ssl_error.c

@@ -51,6 +51,7 @@ const ERR_STRING_DATA SSL_error_string_data[] = {
   {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_new, 0), "SSL_new"},
   {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_peek, 0), "SSL_peek"},
   {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_read, 0), "SSL_read"},
+  {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_renegotiate, 0), "SSL_renegotiate"},
   {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_cipher_list, 0), "SSL_set_cipher_list"},
   {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_fd, 0), "SSL_set_fd"},
   {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_rfd, 0), "SSL_set_rfd"},

ssl/ssl_lib.c

@@ -1005,6 +1005,12 @@ int SSL_shutdown(SSL *s) {
 }
 
 int SSL_renegotiate(SSL *s) {
+  if (SSL_IS_DTLS(s)) {
+    /* Renegotiation is not supported for DTLS. */
+    OPENSSL_PUT_ERROR(SSL, SSL_renegotiate, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return 0;
+  }
+
   if (s->renegotiate == 0) {
     s->renegotiate = 1;
   }