diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-01-12 09:01:54 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-01-16 08:54:19 +0100 |
| commit | a0ec827a3c7ff6e4ab9d695c92366ad83bf4348e (patch) | |
| tree | 9fcbddcc3f1b9e7f91e4e3bc6fef1defb0fe5357 /lib/dtls.h | |
| parent | 1b212c04c8ec51aaa06b9daf525ea64c92053db6 (diff) | |
| download | gnutls-a0ec827a3c7ff6e4ab9d695c92366ad83bf4348e.tar.gz | |
DTLS: improved data MTU calculation under CBC ciphersuites
The data MTU calculation under CBC ciphersuites takes into
account that the overhead of these ciphersuites is constant (IV +
hash + 1 byte padding), though the capacity varies due to the padding
block. That is, on 16-byte padding block, one padding byte is the
overhead but the rest 15 bytes are accounted for data MTU.
That also has the side effect that setting a data MTU using
gnutls_dtls_set_data_mtu(), is not definite, and the actual
MTU may be larger for these ciphersuites --i.e., the
return value of gnutls_dtls_get_data_mtu().
Resolves #360
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/dtls.h')
| -rw-r--r-- | lib/dtls.h | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/lib/dtls.h b/lib/dtls.h index c99fdca91c..5cea71077b 100644 --- a/lib/dtls.h +++ b/lib/dtls.h @@ -111,10 +111,9 @@ inline static void _dtls_async_timer_check(gnutls_session_t session) } } -int _gnutls_record_overhead(const cipher_entry_st * cipher, - const mac_entry_st * mac, - unsigned etm, - unsigned est_data); +unsigned _gnutls_record_overhead(const cipher_entry_st * cipher, + const mac_entry_st * mac, + unsigned max); /* Returns non-zero if the async timer is active */ inline static int _dtls_async_timer_active(gnutls_session_t session) |