commit 2739313cea0bfb897594a4d67c6299a053b10948
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Sep 24 14:41:11 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:32:35 2014 +0200
tree 0d6c2a7d429fd3ca27485e77d55bccdb6029e9e9
parent 8464a46b6b1303246b8cb1708ba0479e45c54491

Make anti-replay a runtime option

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 1707ef0..7c1a60c 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -122,6 +122,7 @@
 #define DFL_DHM_FILE            NULL
 #define DFL_TRANSPORT           SSL_TRANSPORT_STREAM
 #define DFL_COOKIES             1
+#define DFL_ANTI_REPLAY         -1
 
 #define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
     "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
@@ -184,6 +185,7 @@
     const char *dhm_file;       /* the file with the DH parameters          */
     int transport;              /* TLS or DTLS?                             */
     int cookies;                /* Use cookies for DTLS? -1 to break them   */
+    int anti_replay;            /* Use anti-replay for DTLS? -1 for default */
 } opt;
 
 static void my_debug( void *ctx, int level, const char *str )
@@ -310,11 +312,18 @@
 #if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
 #define USAGE_COOKIES \
     "    cookies=0/1/-1      default: 1 (enabled)\n"        \
-    "                        0: disabled, -1: broken\n"
+    "                        0: disabled, -1: library default (broken)\n"
 #else
 #define USAGE_COOKIES ""
 #endif
 
+#if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
+#define USAGE_ANTI_REPLAY \
+    "    anti_replay=0/1      default: (library default = enabled)\n"
+#else
+#define USAGE_ANTI_REPLAY ""
+#endif
+
 #define USAGE \
     "\n usage: ssl_server2 param=<>...\n"                   \
     "\n acceptable parameters:\n"                           \
@@ -340,6 +349,7 @@
     USAGE_TICKETS                                           \
     USAGE_CACHE                                             \
     USAGE_COOKIES                                           \
+    USAGE_ANTI_REPLAY                                       \
     USAGE_MAX_FRAG_LEN                                      \
     USAGE_ALPN                                              \
     "\n"                                                    \
@@ -740,6 +750,7 @@
     opt.dhm_file            = DFL_DHM_FILE;
     opt.transport           = DFL_TRANSPORT;
     opt.cookies             = DFL_COOKIES;
+    opt.anti_replay         = DFL_ANTI_REPLAY;
 
     for( i = 1; i < argc; i++ )
     {
@@ -963,6 +974,12 @@
             if( opt.cookies < -1 || opt.cookies > 1)
                 goto usage;
         }
+        else if( strcmp( p, "anti_replay" ) == 0 )
+        {
+            opt.anti_replay = atoi( q );
+            if( opt.anti_replay < 0 || opt.anti_replay > 1)
+                goto usage;
+        }
         else if( strcmp( p, "sni" ) == 0 )
         {
             opt.sni = q;
@@ -1400,6 +1417,13 @@
         {
             ; /* Nothing to do */
         }
+
+#if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
+        if( opt.anti_replay != DFL_ANTI_REPLAY )
+        {
+            ssl_set_dtls_anti_replay( &ssl, opt.anti_replay );
+        }
+#endif
     }
 #endif /* POLARSSL_SSL_PROTO_DTLS */