Forbid initiating renegotiate in DTLS.

We will not support any form of DTLS renego. Change-Id: I6eab4ed12a131ad27fdb9b5ea7cc1f35d872cd43 Reviewed-on: https://boringssl-review.googlesource.com/3230 Reviewed-by: Adam Langley <agl@google.com>
2015-01-24 13:30:02 -05:00 · 2015-01-24 13:30:02 -05:00 · 2cdace913e
commit 2cdace913e
parent d4f924c4b1
3 changed files with 8 additions and 0 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -2433,6 +2433,7 @@ OPENSSL_EXPORT int SSL_set_session_ticket_ext_cb(SSL *s, void *cb, void *arg);
 #define SSL_F_tls1_enc 297
 #define SSL_F_ssl3_prf 298
 #define SSL_F_dtls1_do_write 299
+#define SSL_F_SSL_renegotiate 300
 #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 100
 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 101
 #define SSL_R_INVALID_NULL_CMD_NAME 102
--- a/ssl/ssl_error.c
+++ b/ssl/ssl_error.c
@ -51,6 +51,7 @@ const ERR_STRING_DATA SSL_error_string_data[] = {
  {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_new, 0), "SSL_new"},
  {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_peek, 0), "SSL_peek"},
  {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_read, 0), "SSL_read"},
+  {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_renegotiate, 0), "SSL_renegotiate"},
  {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_cipher_list, 0), "SSL_set_cipher_list"},
  {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_fd, 0), "SSL_set_fd"},
  {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_set_rfd, 0), "SSL_set_rfd"},
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1005,6 +1005,12 @@ int SSL_shutdown(SSL *s) {
 }

 int SSL_renegotiate(SSL *s) {
+  if (SSL_IS_DTLS(s)) {
+    /* Renegotiation is not supported for DTLS. */
+    OPENSSL_PUT_ERROR(SSL, SSL_renegotiate, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return 0;
+  }
+
  if (s->renegotiate == 0) {
    s->renegotiate = 1;
  }