From a0ec827a3c7ff6e4ab9d695c92366ad83bf4348e Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 12 Jan 2018 09:01:54 +0100
Subject: DTLS: improved data MTU calculation under CBC ciphersuites

The data MTU calculation under CBC ciphersuites takes into
account that the overhead of these ciphersuites is constant (IV +
hash + 1 byte padding), though the capacity varies due to the padding
block. That is, on 16-byte padding block, one padding byte is the
overhead but the rest 15 bytes are accounted for data MTU.

That also has the side effect that setting a data MTU using
gnutls_dtls_set_data_mtu(), is not definite, and the actual
MTU may be larger for these ciphersuites --i.e., the
return value of gnutls_dtls_get_data_mtu().

Resolves #360

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/dtls.h | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'lib/dtls.h')

diff --git a/lib/dtls.h b/lib/dtls.h
index c99fdca91c..5cea71077b 100644
--- a/lib/dtls.h
+++ b/lib/dtls.h
@@ -111,10 +111,9 @@ inline static void _dtls_async_timer_check(gnutls_session_t session)
 	}
 }
 
-int _gnutls_record_overhead(const cipher_entry_st * cipher,
-			    const mac_entry_st * mac,
-			    unsigned etm,
-			    unsigned est_data);
+unsigned _gnutls_record_overhead(const cipher_entry_st * cipher,
+				 const mac_entry_st * mac,
+				 unsigned max);
 
 /* Returns non-zero if the async timer is active */
 inline static int _dtls_async_timer_active(gnutls_session_t session)
-- 
cgit v1.2.1