Expose SSL_max_seal_overhead.
Change-Id: I0626f926cad033a19eeb977e454f3c9293f01fd6
Reviewed-on: https://boringssl-review.googlesource.com/12106
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 7bb2de2..eae657c 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -527,10 +527,10 @@
/* dtls1_max_record_size returns the maximum record body length that may be
* written without exceeding the MTU. It accounts for any buffering installed on
* the write BIO. If no record may be written, it returns zero. */
-static size_t dtls1_max_record_size(SSL *ssl) {
+static size_t dtls1_max_record_size(const SSL *ssl) {
size_t ret = ssl->d1->mtu;
- size_t overhead = ssl_max_seal_overhead(ssl);
+ size_t overhead = SSL_max_seal_overhead(ssl);
if (ret <= overhead) {
return 0;
}
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 099de5d..155359c 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -377,7 +377,7 @@
return -1;
}
- size_t max_out = len + ssl_max_seal_overhead(ssl);
+ size_t max_out = len + SSL_max_seal_overhead(ssl);
uint8_t *out;
size_t ciphertext_len;
if (!ssl_write_buffer_init(ssl, &out, max_out) ||
diff --git a/ssl/internal.h b/ssl/internal.h
index ecf2d0c..a054bbf 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -418,13 +418,6 @@
* buffer-free APIs are available. */
size_t ssl_seal_align_prefix_len(const SSL *ssl);
-/* ssl_max_seal_overhead returns the maximum overhead of sealing a record with
- * |ssl|.
- *
- * TODO(davidben): Expose this as part of public API once the high-level
- * buffer-free APIs are available. */
-size_t ssl_max_seal_overhead(const SSL *ssl);
-
/* tls_seal_record seals a new record of type |type| and body |in| and writes it
* to |out|. At most |max_out| bytes will be written. It returns one on success
* and zero on error. If enabled, |tls_seal_record| implements TLS 1.0 CBC 1/n-1
@@ -432,7 +425,7 @@
*
* For a large record, the bulk of the ciphertext will begin
* |ssl_seal_align_prefix_len| bytes into out. Aligning |out| appropriately may
- * improve performance. It writes at most |in_len| + |ssl_max_seal_overhead|
+ * improve performance. It writes at most |in_len| + |SSL_max_seal_overhead|
* bytes to |out|.
*
* |in| and |out| may not alias. */
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 3cf18b7..e4116fb 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -284,7 +284,7 @@
return 0;
}
- size_t max_out = len + ssl_max_seal_overhead(ssl);
+ size_t max_out = len + SSL_max_seal_overhead(ssl);
if (max_out < len) {
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
return -1;
diff --git a/ssl/tls_record.c b/ssl/tls_record.c
index 7041ce3..a2ed2ec 100644
--- a/ssl/tls_record.c
+++ b/ssl/tls_record.c
@@ -174,7 +174,7 @@
}
}
-size_t ssl_max_seal_overhead(const SSL *ssl) {
+size_t SSL_max_seal_overhead(const SSL *ssl) {
size_t ret = SSL_AEAD_CTX_max_overhead(ssl->s3->aead_write_ctx);
if (SSL_is_dtls(ssl)) {
ret += DTLS1_RT_HEADER_LENGTH;
