Google Git
Sign in
boringssl/boringssl/da863608528c451b72d6ad3f1a330c38c0372f13^!/.
commit
da863608528c451b72d6ad3f1a330c38c0372f13
[log]
author
David Benjamin <davidben@google.com>
Fri Nov 04 15:44:28 2016 -0400
committer
Adam Langley <agl@google.com>
Wed Nov 09 16:51:46 2016 +0000
tree
cfdce704178360d981586e1f451ffce7866853a5
parent
864c88799bd1601c027088dde9ed968952632855 [diff]
Expose SSL_max_seal_overhead.

Change-Id: I0626f926cad033a19eeb977e454f3c9293f01fd6
Reviewed-on: https://boringssl-review.googlesource.com/12106
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index c83299a..56280a6 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -3127,6 +3127,10 @@
  * GREASE. See draft-davidben-tls-grease-01. */
 OPENSSL_EXPORT void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled);
 
+/* SSL_max_seal_overhead returns the maximum overhead, in bytes, of sealing a
+ * record with |ssl|. */
+OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl);
+
 
 /* Deprecated functions. */
 

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 7bb2de2..eae657c 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c

@@ -527,10 +527,10 @@
 /* dtls1_max_record_size returns the maximum record body length that may be
  * written without exceeding the MTU. It accounts for any buffering installed on
  * the write BIO. If no record may be written, it returns zero. */
-static size_t dtls1_max_record_size(SSL *ssl) {
+static size_t dtls1_max_record_size(const SSL *ssl) {
   size_t ret = ssl->d1->mtu;
 
-  size_t overhead = ssl_max_seal_overhead(ssl);
+  size_t overhead = SSL_max_seal_overhead(ssl);
   if (ret <= overhead) {
     return 0;
   }

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 099de5d..155359c 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c

@@ -377,7 +377,7 @@
     return -1;
   }
 
-  size_t max_out = len + ssl_max_seal_overhead(ssl);
+  size_t max_out = len + SSL_max_seal_overhead(ssl);
   uint8_t *out;
   size_t ciphertext_len;
   if (!ssl_write_buffer_init(ssl, &out, max_out) ||

diff --git a/ssl/internal.h b/ssl/internal.h
index ecf2d0c..a054bbf 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -418,13 +418,6 @@
  * buffer-free APIs are available. */
 size_t ssl_seal_align_prefix_len(const SSL *ssl);
 
-/* ssl_max_seal_overhead returns the maximum overhead of sealing a record with
- * |ssl|.
- *
- * TODO(davidben): Expose this as part of public API once the high-level
- * buffer-free APIs are available. */
-size_t ssl_max_seal_overhead(const SSL *ssl);
-
 /* tls_seal_record seals a new record of type |type| and body |in| and writes it
  * to |out|. At most |max_out| bytes will be written. It returns one on success
  * and zero on error. If enabled, |tls_seal_record| implements TLS 1.0 CBC 1/n-1
@@ -432,7 +425,7 @@
  *
  * For a large record, the bulk of the ciphertext will begin
  * |ssl_seal_align_prefix_len| bytes into out. Aligning |out| appropriately may
- * improve performance. It writes at most |in_len| + |ssl_max_seal_overhead|
+ * improve performance. It writes at most |in_len| + |SSL_max_seal_overhead|
  * bytes to |out|.
  *
  * |in| and |out| may not alias. */

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 3cf18b7..e4116fb 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c

@@ -284,7 +284,7 @@
     return 0;
   }
 
-  size_t max_out = len + ssl_max_seal_overhead(ssl);
+  size_t max_out = len + SSL_max_seal_overhead(ssl);
   if (max_out < len) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
     return -1;

diff --git a/ssl/tls_record.c b/ssl/tls_record.c
index 7041ce3..a2ed2ec 100644
--- a/ssl/tls_record.c
+++ b/ssl/tls_record.c

@@ -174,7 +174,7 @@
   }
 }
 
-size_t ssl_max_seal_overhead(const SSL *ssl) {
+size_t SSL_max_seal_overhead(const SSL *ssl) {
   size_t ret = SSL_AEAD_CTX_max_overhead(ssl->s3->aead_write_ctx);
   if (SSL_is_dtls(ssl)) {
     ret += DTLS1_RT_HEADER_LENGTH;