diff options
| author | Daiki Ueno <dueno@redhat.com> | 2018-10-19 17:52:48 +0200 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2018-11-12 14:08:45 +0100 |
| commit | 79f2f1cf5b91491be5f0e3486c416594ec522b25 (patch) | |
| tree | eec06e9a96e5c64449e3469c477fc1d332953d12 /lib/includes | |
| parent | 8ada9c280c9044644dfad1f234e3da32f0df86a0 (diff) | |
| download | gnutls-79f2f1cf5b91491be5f0e3486c416594ec522b25.tar.gz | |
TLS 1.3: implement anti-replay measure using ClientHello recording
This implements ClientHello recording outlined in section 8.2 of RFC
8446.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/includes')
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 3a4d01d442..2af09bb24a 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2991,6 +2991,17 @@ void gnutls_supplemental_recv(gnutls_session_t session, unsigned do_recv_supplem void gnutls_supplemental_send(gnutls_session_t session, unsigned do_send_supplemental); +/* Anti-replay related functions */ + +typedef struct gnutls_anti_replay_st *gnutls_anti_replay_t; + +int gnutls_anti_replay_init(gnutls_anti_replay_t *anti_replay); +void gnutls_anti_replay_deinit(gnutls_anti_replay_t anti_replay); +void gnutls_anti_replay_set_window(gnutls_anti_replay_t anti_replay, + unsigned int window); +void gnutls_anti_replay_enable(gnutls_session_t session, + gnutls_anti_replay_t anti_replay); + /* FIPS140-2 related functions */ unsigned gnutls_fips140_mode_enabled(void); @@ -3270,6 +3281,7 @@ void gnutls_fips140_set_mode(gnutls_fips_mode_t mode, unsigned flags); #define GNUTLS_E_CRL_VERIFICATION_ERROR -426 #define GNUTLS_E_MISSING_EXTENSION -427 #define GNUTLS_E_DB_ENTRY_EXISTS -428 +#define GNUTLS_E_EARLY_DATA_REJECTED -429 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 |