ext/record_size_limit: distinguish sending and receiving limitstmp-record-sizes

The previous behavior was that both sending and receiving limits are
negotiated to be the same value.  It was problematic when:

- client sends a record_size_limit with a large value in CH
- server sends a record_size_limit with a smaller value in EE
- client updates the limit for both sending and receiving, upon
  receiving EE
- server sends a Certificate message larger than the limit

With this patch, each peer maintains the sending / receiving limits
separately so not to confuse with the contradicting settings.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

2 files changed, 10 insertions, 2 deletions

diff --git a/devel/libgnutls-latest-x86_64.abi b/devel/libgnutls-latest-x86_64.abi
index c4659d954b..511f61d47b 100644
--- a/devel/libgnutls-latest-x86_64.abi
+++ b/devel/libgnutls-latest-x86_64.abi
@@ -587,7 +587,7 @@
     <elf-symbol name='gnutls_pkcs_schema_get_name' version='GNUTLS_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='gnutls_pkcs_schema_get_oid' version='GNUTLS_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='gnutls_prf' version='GNUTLS_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
-    <elf-symbol name='gnutls_prf_early' version='GNUTLS_3_6_6' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
+    <elf-symbol name='gnutls_prf_early' version='GNUTLS_3_6_8' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='gnutls_prf_raw' version='GNUTLS_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='gnutls_prf_rfc5705' version='GNUTLS_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='gnutls_priority_certificate_type_list2' version='GNUTLS_3_6_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
@@ -738,6 +738,7 @@
     <elf-symbol name='gnutls_record_send_early_data' version='GNUTLS_3_6_5' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='gnutls_record_send_range' version='GNUTLS_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='gnutls_record_set_max_early_data_size' version='GNUTLS_3_6_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
+    <elf-symbol name='gnutls_record_set_max_recv_size' version='GNUTLS_3_6_8' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='gnutls_record_set_max_size' version='GNUTLS_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='gnutls_record_set_state' version='GNUTLS_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='gnutls_record_set_timeout' version='GNUTLS_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
@@ -17228,6 +17229,11 @@
     <typedef-decl name='hello_ext_entry_st' type-id='type-id-296' id='type-id-1075'/>
     <qualified-type-def type-id='type-id-1075' const='yes' id='type-id-1076'/>
     <var-decl name='ext_mod_max_record_size' type-id='type-id-1076' visibility='default'/>
+    <function-decl name='gnutls_record_set_max_recv_size' mangled-name='gnutls_record_set_max_recv_size' visibility='default' binding='global' size-in-bits='64' elf-symbol-id='gnutls_record_set_max_recv_size@@GNUTLS_3_6_6'>
+      <parameter type-id='type-id-236' name='session'/>
+      <parameter type-id='type-id-100' name='size'/>
+      <return type-id='type-id-3'/>
+    </function-decl>
     <function-decl name='gnutls_record_set_max_size' mangled-name='gnutls_record_set_max_size' visibility='default' binding='global' size-in-bits='64' elf-symbol-id='gnutls_record_set_max_size@@GNUTLS_3_4'>
       <parameter type-id='type-id-236' name='session'/>
       <parameter type-id='type-id-100' name='size'/>
diff --git a/devel/symbols.last b/devel/symbols.last
index d9dedea09c..7449e9acc7 100644
--- a/devel/symbols.last
+++ b/devel/symbols.last
@@ -5,6 +5,7 @@ GNUTLS_3_6_3@GNUTLS_3_6_3
 GNUTLS_3_6_4@GNUTLS_3_6_4
 GNUTLS_3_6_5@GNUTLS_3_6_5
 GNUTLS_3_6_6@GNUTLS_3_6_6
+GNUTLS_3_6_8@GNUTLS_3_6_8
 _gnutls_global_init_skip@GNUTLS_3_4
 gnutls_aead_cipher_decrypt@GNUTLS_3_4
 gnutls_aead_cipher_deinit@GNUTLS_3_4
@@ -553,7 +554,7 @@ gnutls_pkcs8_info@GNUTLS_3_4
 gnutls_pkcs_schema_get_name@GNUTLS_3_4
 gnutls_pkcs_schema_get_oid@GNUTLS_3_4
 gnutls_prf@GNUTLS_3_4
-gnutls_prf_early@GNUTLS_3_6_6
+gnutls_prf_early@GNUTLS_3_6_8
 gnutls_prf_raw@GNUTLS_3_4
 gnutls_prf_rfc5705@GNUTLS_3_4
 gnutls_priority_certificate_type_list2@GNUTLS_3_6_4
@@ -705,6 +706,7 @@ gnutls_record_send@GNUTLS_3_4
 gnutls_record_send_early_data@GNUTLS_3_6_5
 gnutls_record_send_range@GNUTLS_3_4
 gnutls_record_set_max_early_data_size@GNUTLS_3_6_4
+gnutls_record_set_max_recv_size@GNUTLS_3_6_8
 gnutls_record_set_max_size@GNUTLS_3_4
 gnutls_record_set_state@GNUTLS_3_4
 gnutls_record_set_timeout@GNUTLS_3_4