commit 2739313cea0bfb897594a4d67c6299a053b10948
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Sep 24 14:41:11 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:32:35 2014 +0200
tree 0d6c2a7d429fd3ca27485e77d55bccdb6029e9e9
parent 8464a46b6b1303246b8cb1708ba0479e45c54491

Make anti-replay a runtime option

include/polarssl/ssl.h

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index d4d9474..f0b1ec1 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -229,6 +229,9 @@
 #define SSL_RENEGOTIATION_DISABLED      0
 #define SSL_RENEGOTIATION_ENABLED       1
 
+#define SSL_ANTI_REPLAY_DISABLED        0
+#define SSL_ANTI_REPLAY_ENABLED         1
+
 #define SSL_RENEGOTIATION_NOT_ENFORCED  -1
 #define SSL_RENEGO_MAX_RECORDS_DEFAULT  16
 
@@ -828,6 +831,7 @@
 #if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
     uint64_t in_window_top;     /*!< last validated record seq_num    */
     uint64_t in_window;         /*!< bitmask for replay detection     */
+    char anti_replay;           /*!< is anti-replay on?               */
 #endif
 
     size_t in_hslen;            /*!< current handshake message length,
@@ -1246,6 +1250,19 @@
                            void *p_cookie );
 #endif /* POLARSSL_SSL_DTLS_HELLO_VERIFY */
 
+#if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
+/**
+ * \brief          Enable or disable anti-replay protection for DTLS.
+ *                 (DTLS only, no effect on TLS.)
+ *                 Default: enebled.
+ *
+ * \param ssl      SSL context
+ * \param mode     SSL_ANTI_REPLAY_ENABLED or SSL_ANTI_REPLAY_DISABLED.
+ */
+void ssl_set_dtls_anti_replay( ssl_context *ssl, char mode );
+#endif /* POLARSSL_SSL_DTLS_ANTI_REPLAY */
+
+
 /**
  * \brief          Set the session cache callbacks (server-side only)
  *                 If not set, no session resuming is done.