serv: enable anti-replay when early data is used

Signed-off-by: Daiki Ueno <dueno@redhat.com>

1 files changed, 20 insertions, 0 deletions

diff --git a/src/serv.c b/src/serv.c
index 134b2fb8a3..684f68e4f1 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -87,6 +87,7 @@ const char **alpn_protos = NULL;
 unsigned alpn_protos_size = 0;
 
 gnutls_datum_t session_ticket_key;
+gnutls_anti_replay_t anti_replay;
 static void tcp_server(const char *name, int port);
 
 /* end of globals */
@@ -408,6 +409,14 @@ gnutls_session_t initialize_session(int dtls)
 		gnutls_session_ticket_enable_server(session,
 						    &session_ticket_key);
 
+	if (earlydata) {
+		ret = gnutls_anti_replay_enable(session, anti_replay);
+		if (ret < 0) {
+			fprintf(stderr, "Error while enabling anti-replay: %s\n", gnutls_strerror(ret));
+			exit(1);
+		}
+	}
+
 	if (sni_hostname != NULL)
 		gnutls_handshake_set_post_client_hello_function(session,
 								&post_client_hello);
@@ -1251,6 +1260,14 @@ int main(int argc, char **argv)
 	if (noticket == 0)
 		gnutls_session_ticket_key_generate(&session_ticket_key);
 
+	if (earlydata) {
+		ret = gnutls_anti_replay_init(&anti_replay);
+		if (ret < 0) {
+			fprintf(stderr, "Error while initializing anti-replay: %s\n", gnutls_strerror(ret));
+			exit(1);
+		}
+	}
+
 	if (HAVE_OPT(MTU))
 		mtu = OPT_VALUE_MTU;
 	else
@@ -1647,6 +1664,9 @@ static void tcp_server(const char *name, int port)
 	if (noticket == 0)
 		gnutls_free(session_ticket_key.data);
 
+	if (earlydata)
+		gnutls_anti_replay_deinit(anti_replay);
+
 	if (nodb == 0)
 		wrap_db_deinit();
 	gnutls_global_deinit();