From: Nikos Mavrogiannopoulos Date: Mon, 10 Jun 2013 23:04:07 +0000 (+0200) Subject: avoid the introduction of a new function to disable replay protection. X-Git-Tag: gnutls_3_2_2~56 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5f0c3edcc2b7fed22cff17f9386b0c2963364ef8;p=thirdparty%2Fgnutls.git avoid the introduction of a new function to disable replay protection. --- diff --git a/NEWS b/NEWS index 1c1c760fa7..eaa5708620 100644 --- a/NEWS +++ b/NEWS @@ -10,9 +10,9 @@ subsystems. ** libgnutls: DTLS replay protection can now be disabled. ** API and ABI modifications: +GNUTLS_NO_REPLAY_PROTECTION: Added gnutls_certificate_set_trust_list: Added gnutls_cipher_get_tag_size: Added -gnutls_record_disable_replay_protection: Added gnutls_record_overhead_size: Added gnutls_record_overhead_size2: Added diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c index 9455ee7189..c29105f888 100644 --- a/lib/gnutls_dtls.c +++ b/lib/gnutls_dtls.c @@ -1082,18 +1082,3 @@ unsigned int gnutls_record_get_discarded (gnutls_session_t session) { return session->internals.dtls.packets_dropped; } - -/** - * gnutls_record_disable_replay_protection: - * @session: is a #gnutls_session_t structure. - * - * This function will disable any replay protection in DTLS mode. - * That must only used when replay protection is achieved using - * other means. - * - **/ -void -gnutls_record_disable_replay_protection (gnutls_session_t session) -{ - session->internals.no_replay_protection = 1; -} diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 36169de63a..412a151101 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -292,6 +292,10 @@ _gnutls_handshake_internal_state_clear (gnutls_session_t session) * also available. The latter flag will enable a non-blocking * operation of the DTLS timers. * + * The flag %GNUTLS_NO_REPLAY_PROTECTION will disable any + * replay protection in DTLS mode. That must only used when + * replay protection is achieved using other means. + * * Note that since version 3.1.2 this function enables some common * TLS extensions such as session tickets and OCSP certificate status * request in client side by default. To prevent that use the %GNUTLS_NO_EXTENSIONS @@ -402,6 +406,9 @@ gnutls_init (gnutls_session_t * session, unsigned int flags) gnutls_ocsp_status_request_enable_client(*session, NULL, 0, NULL); } + if (flags & GNUTLS_NO_REPLAY_PROTECTION) + (*session)->internals.no_replay_protection = 1; + return 0; } diff --git a/lib/includes/gnutls/dtls.h b/lib/includes/gnutls/dtls.h index 2ee71fc3ca..ec5782ab86 100644 --- a/lib/includes/gnutls/dtls.h +++ b/lib/includes/gnutls/dtls.h @@ -81,8 +81,7 @@ unsigned int gnutls_dtls_get_timeout (gnutls_session_t session); gnutls_dtls_prestate_st* prestate); unsigned int gnutls_record_get_discarded (gnutls_session_t session); - - void gnutls_record_disable_replay_protection (gnutls_session_t session); + #ifdef __cplusplus } #endif diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 7010cf01b6..b539b10b40 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -300,6 +300,7 @@ extern "C" * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). * @GNUTLS_NONBLOCK: Connection should not block (DTLS). * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default. + * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. * */ #define GNUTLS_SERVER 1 @@ -307,6 +308,7 @@ extern "C" #define GNUTLS_DATAGRAM (1<<2) #define GNUTLS_NONBLOCK (1<<3) #define GNUTLS_NO_EXTENSIONS (1<<4) +#define GNUTLS_NO_REPLAY_PROTECTION (1<<5) /** * gnutls_alert_level_t: diff --git a/lib/libgnutls.map b/lib/libgnutls.map index bcee7d447c..41b3a83541 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -913,7 +913,6 @@ GNUTLS_3_1_0 { gnutls_session_set_id; gnutls_certificate_set_trust_list; gnutls_cipher_get_tag_size; - gnutls_record_disable_replay_protection; gnutls_record_overhead_size; gnutls_record_overhead_size2; } GNUTLS_3_0_0;