aboutsummaryrefslogtreecommitdiff
path: root/ssl/d1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/d1_lib.c')
-rw-r--r--ssl/d1_lib.c36
1 files changed, 36 insertions, 0 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 112c699..e7a6650 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -1088,3 +1088,39 @@ unsigned int dtls1_min_mtu(SSL *s)
{
return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
}
+
+size_t DTLS_get_data_mtu(const SSL *s)
+{
+ size_t mac_overhead, int_overhead, blocksize, ext_overhead;
+ const SSL_CIPHER *ciph = SSL_get_current_cipher(s);
+ size_t mtu = s->d1->mtu;
+
+ if (ciph == NULL)
+ return 0;
+
+ if (!ssl_cipher_get_overhead(ciph, &mac_overhead, &int_overhead,
+ &blocksize, &ext_overhead))
+ return 0;
+
+ if (SSL_USE_ETM(s))
+ ext_overhead += mac_overhead;
+ else
+ int_overhead += mac_overhead;
+
+ /* Subtract external overhead (e.g. IV/nonce, separate MAC) */
+ if (ext_overhead + DTLS1_RT_HEADER_LENGTH >= mtu)
+ return 0;
+ mtu -= ext_overhead + DTLS1_RT_HEADER_LENGTH;
+
+ /* Round encrypted payload down to cipher block size (for CBC etc.)
+ * No check for overflow since 'mtu % blocksize' cannot exceed mtu. */
+ if (blocksize)
+ mtu -= (mtu % blocksize);
+
+ /* Subtract internal overhead (e.g. CBC padding len byte) */
+ if (int_overhead >= mtu)
+ return 0;
+ mtu -= int_overhead;
+
+ return mtu;
+}
generated by cgit v1.1 at 2024-08-11 06:14:18 +0000