diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2016-10-06 00:44:59 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-11-02 14:00:10 +0000 |
commit | 045bd04706d2a798d5fb4b3ccf7fd56e6e09b082 (patch) | |
tree | f9ada1f08e5d69c3d760f96d945dcddc1ca28b6a /ssl/d1_lib.c | |
parent | ca0b75ade0e89d1d3782ed6b1a4ae0fab72251ec (diff) | |
download | openssl-045bd04706d2a798d5fb4b3ccf7fd56e6e09b082.zip openssl-045bd04706d2a798d5fb4b3ccf7fd56e6e09b082.tar.gz openssl-045bd04706d2a798d5fb4b3ccf7fd56e6e09b082.tar.bz2 |
Add DTLS_get_data_mtu() function
We add ssl_cipher_get_overhead() as an internal function, to avoid
having too much ciphersuite-specific knowledge in DTLS_get_data_mtu()
itself. It's going to need adjustment for TLSv1.3... but then again, so
is fairly much *all* of the SSL_CIPHER handling. This bit is in the noise.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/d1_lib.c')
-rw-r--r-- | ssl/d1_lib.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 112c699..e7a6650 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -1088,3 +1088,39 @@ unsigned int dtls1_min_mtu(SSL *s) { return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); } + +size_t DTLS_get_data_mtu(const SSL *s) +{ + size_t mac_overhead, int_overhead, blocksize, ext_overhead; + const SSL_CIPHER *ciph = SSL_get_current_cipher(s); + size_t mtu = s->d1->mtu; + + if (ciph == NULL) + return 0; + + if (!ssl_cipher_get_overhead(ciph, &mac_overhead, &int_overhead, + &blocksize, &ext_overhead)) + return 0; + + if (SSL_USE_ETM(s)) + ext_overhead += mac_overhead; + else + int_overhead += mac_overhead; + + /* Subtract external overhead (e.g. IV/nonce, separate MAC) */ + if (ext_overhead + DTLS1_RT_HEADER_LENGTH >= mtu) + return 0; + mtu -= ext_overhead + DTLS1_RT_HEADER_LENGTH; + + /* Round encrypted payload down to cipher block size (for CBC etc.) + * No check for overflow since 'mtu % blocksize' cannot exceed mtu. */ + if (blocksize) + mtu -= (mtu % blocksize); + + /* Subtract internal overhead (e.g. CBC padding len byte) */ + if (int_overhead >= mtu) + return 0; + mtu -= int_overhead; + + return mtu; +} |