-/* $OpenBSD: d1_both.c,v 1.63 2020/12/05 19:34:57 tb Exp $ */
+/* $OpenBSD: d1_both.c,v 1.64 2021/01/19 18:51:08 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
{
int ret;
int curr_mtu;
- unsigned int len, frag_off, mac_size, blocksize;
+ unsigned int len, frag_off;
+ size_t overhead;
/* AHA! Figure out the MTU, and stick to the right size */
if (D1I(s)->mtu < dtls1_min_mtu() &&
OPENSSL_assert(s->internal->init_num ==
(int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
- if (s->internal->write_hash)
- mac_size = EVP_MD_CTX_size(s->internal->write_hash);
- else
- mac_size = 0;
-
- if (s->internal->enc_write_ctx &&
- (EVP_CIPHER_mode( s->internal->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
- blocksize = 2 * EVP_CIPHER_block_size(s->internal->enc_write_ctx->cipher);
- else
- blocksize = 0;
+ if (!tls12_record_layer_write_overhead(s->internal->rl, &overhead))
+ return -1;
frag_off = 0;
while (s->internal->init_num) {
curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) -
- DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
+ DTLS1_RT_HEADER_LENGTH - overhead;
if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
/* grr.. we could get an error if MTU picked was wrong */
if (ret <= 0)
return ret;
curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH -
- mac_size - blocksize;
+ overhead;
}
if (s->internal->init_num > curr_mtu)
else
len = s->internal->init_num;
-
/* XDTLS: this function is too long. split out the CCS part */
if (type == SSL3_RT_HANDSHAKE) {
if (s->internal->init_off != 0) {
-/* $OpenBSD: ssl_locl.h,v 1.312 2021/01/13 18:20:54 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.313 2021/01/19 18:51:08 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
void tls12_record_layer_free(struct tls12_record_layer *rl);
void tls12_record_layer_alert(struct tls12_record_layer *rl,
uint8_t *alert_desc);
+int tls12_record_layer_write_overhead(struct tls12_record_layer *rl,
+ size_t *overhead);
void tls12_record_layer_set_version(struct tls12_record_layer *rl,
uint16_t version);
void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,
-/* $OpenBSD: tls12_record_layer.c,v 1.10 2021/01/19 18:34:02 jsing Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.11 2021/01/19 18:51:08 jsing Exp $ */
/*
* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
*
*alert_desc = rl->alert_desc;
}
+int
+tls12_record_layer_write_overhead(struct tls12_record_layer *rl,
+ size_t *overhead)
+{
+ size_t block_size, eiv_len, mac_len;
+
+ *overhead = 0;
+
+ if (rl->write->aead_ctx != NULL) {
+ *overhead = rl->write->aead_ctx->tag_len;
+ } else if (rl->write->cipher_ctx != NULL) {
+ eiv_len = 0;
+ if (rl->version != TLS1_VERSION) {
+ if (!tls12_record_protection_eiv_len(rl->write, &eiv_len))
+ return 0;
+ }
+ if (!tls12_record_protection_block_size(rl->write, &block_size))
+ return 0;
+ if (!tls12_record_protection_mac_len(rl->write, &mac_len))
+ return 0;
+
+ *overhead = eiv_len + block_size + mac_len;
+ }
+
+ return 1;
+}
+
void
tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version)
{
projects / openbsd / commitdiff