Provide record layer overhead for DTLS.

Rather than manually calculating the maximum record layer overhead in the
DTLS code, have the record layer provide this information. This also makes
it work correctly with AEAD ciphersuites.

ok inoguchi@ tb@

1 files changed, 28 insertions, 1 deletions

diff --git a/lib/libssl/tls12_record_layer.c b/lib/libssl/tls12_record_layer.c
index 04699f9a834..7fa31707d3b 100644
--- a/lib/libssl/tls12_record_layer.c
+++ b/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.10 2021/01/19 18:34:02 jsing Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.11 2021/01/19 18:51:08 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -168,6 +168,33 @@ tls12_record_layer_alert(struct tls12_record_layer *rl, uint8_t *alert_desc)
 	*alert_desc = rl->alert_desc;
 }
 
+int
+tls12_record_layer_write_overhead(struct tls12_record_layer *rl,
+    size_t *overhead)
+{
+	size_t block_size, eiv_len, mac_len;
+
+	*overhead = 0;
+
+	if (rl->write->aead_ctx != NULL) {
+		*overhead = rl->write->aead_ctx->tag_len;
+	} else if (rl->write->cipher_ctx != NULL) {
+		eiv_len = 0;
+		if (rl->version != TLS1_VERSION) {
+			if (!tls12_record_protection_eiv_len(rl->write, &eiv_len))
+				return 0;
+		}
+		if (!tls12_record_protection_block_size(rl->write, &block_size))
+			return 0;
+		if (!tls12_record_protection_mac_len(rl->write, &mac_len))
+			return 0;
+
+		*overhead = eiv_len + block_size + mac_len;
+	}
+
+	return 1;
+}
+
 void
 tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version)
 {