boringssl/ssl
David Benjamin b16346b0ad Add SSL_set_reject_peer_renegotiations.
This causes any unexpected handshake records to be met with a fatal
no_renegotiation alert.

In addition, restore the redundant version sanity-checks in the handshake state
machines. Some code would zero the version field as a hacky way to break the
handshake on renego. Those will be removed when switching to this API.

The spec allows for a non-fatal no_renegotiation alert, but ssl3_read_bytes
makes it difficult to find the end of a ClientHello and skip it entirely. Given
that OpenSSL goes out of its way to map non-fatal no_renegotiation alerts to
fatal ones, this seems probably fine. This avoids needing to account for
another source of the library consuming an unbounded number of bytes without
returning data up.

Change-Id: Ie5050d9c9350c29cfe32d03a3c991bdc1da9e0e4
Reviewed-on: https://boringssl-review.googlesource.com/4300
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:38:58 +00:00
..
pqueue Fix memory leak in pqueue_test. 2015-02-11 23:18:45 +00:00
test Add SSL_set_reject_peer_renegotiations. 2015-04-13 22:38:58 +00:00
CMakeLists.txt Document everything in ssl_ciph.c, now ssl_cipher.c. 2015-04-13 22:06:55 +00:00
d1_both.c Rename ssl_locl.h to internal.h 2015-04-10 22:14:09 +00:00
d1_clnt.c Include-what-you-use ssl/internal.h. 2015-04-10 22:15:02 +00:00
d1_lib.c Tidy cipher rule processing. 2015-04-13 22:05:10 +00:00
d1_meth.c Rename ssl_locl.h to internal.h 2015-04-10 22:14:09 +00:00
d1_pkt.c Include-what-you-use ssl/internal.h. 2015-04-10 22:15:02 +00:00
d1_srtp.c Include-what-you-use ssl/internal.h. 2015-04-10 22:15:02 +00:00
d1_srvr.c Switch cipher masks to uint32_t. 2015-04-10 22:16:05 +00:00
internal.h Prune some unused constants from ssl/internal.h. 2015-04-13 22:07:38 +00:00
s3_both.c Include-what-you-use ssl/internal.h. 2015-04-10 22:15:02 +00:00
s3_clnt.c Add SSL_set_reject_peer_renegotiations. 2015-04-13 22:38:58 +00:00
s3_enc.c Document everything in ssl_ciph.c, now ssl_cipher.c. 2015-04-13 22:06:55 +00:00
s3_lib.c Remove SSL_CIPHER::valid. 2015-04-13 22:05:41 +00:00
s3_meth.c Rename ssl_locl.h to internal.h 2015-04-10 22:14:09 +00:00
s3_pkt.c Add SSL_set_reject_peer_renegotiations. 2015-04-13 22:38:58 +00:00
s3_srvr.c Add SSL_set_reject_peer_renegotiations. 2015-04-13 22:38:58 +00:00
ssl_algs.c Rename ssl_locl.h to internal.h 2015-04-10 22:14:09 +00:00
ssl_asn1.c Eliminate unnecessary includes from low-level crypto modules. 2015-04-13 20:49:18 +00:00
ssl_cert.c Include-what-you-use ssl/internal.h. 2015-04-10 22:15:02 +00:00
ssl_cipher.c Document everything in ssl_ciph.c, now ssl_cipher.c. 2015-04-13 22:06:55 +00:00
ssl_lib.c Add SSL_set_reject_peer_renegotiations. 2015-04-13 22:38:58 +00:00
ssl_rsa.c Rename ssl_locl.h to internal.h 2015-04-10 22:14:09 +00:00
ssl_sess.c Include-what-you-use ssl/internal.h. 2015-04-10 22:15:02 +00:00
ssl_stat.c Rename ssl_locl.h to internal.h 2015-04-10 22:14:09 +00:00
ssl_test.cc Tidy cipher rule processing. 2015-04-13 22:05:10 +00:00
ssl_txt.c Rename ssl_locl.h to internal.h 2015-04-10 22:14:09 +00:00
t1_enc.c Document everything in ssl_ciph.c, now ssl_cipher.c. 2015-04-13 22:06:55 +00:00
t1_lib.c Switch cipher masks to uint32_t. 2015-04-10 22:16:05 +00:00
t1_reneg.c Include-what-you-use ssl/internal.h. 2015-04-10 22:15:02 +00:00