3 files changed, 38 insertions, 17 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index ae5ebfacb4..d6bf6dfd1b 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.63 2020/12/05 19:34:57 tb Exp $ */
+/* $OpenBSD: d1_both.c,v 1.64 2021/01/19 18:51:08 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -218,7 +218,8 @@ dtls1_do_write(SSL *s, int type)
 {
        int ret;
        int curr_mtu;
-        unsigned int len, frag_off, mac_size, blocksize;
+        unsigned int len, frag_off;
+        size_t overhead;
        /* AHA!  Figure out the MTU, and stick to the right size */
        if (D1I(s)->mtu < dtls1_min_mtu() &&
@@ -246,21 +247,13 @@ dtls1_do_write(SSL *s, int type)
                OPENSSL_assert(s->internal->init_num ==
                    (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
-        if (s->internal->write_hash)
+        if (!tls12_record_layer_write_overhead(s->internal->rl, &overhead))
-                mac_size = EVP_MD_CTX_size(s->internal->write_hash);
+                return -1;
-        else
-                mac_size = 0;
-        if (s->internal->enc_write_ctx &&
-            (EVP_CIPHER_mode( s->internal->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
-                blocksize = 2 * EVP_CIPHER_block_size(s->internal->enc_write_ctx->cipher);
-        else
-                blocksize = 0;
        frag_off = 0;
        while (s->internal->init_num) {
                curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) -
-                    DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
+                    DTLS1_RT_HEADER_LENGTH - overhead;
                if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
                        /* grr.. we could get an error if MTU picked was wrong */
@@ -268,7 +261,7 @@ dtls1_do_write(SSL *s, int type)
                        if (ret <= 0)
                                return ret;
                        curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH -
-                            mac_size - blocksize;
+                            overhead;
                }
                if (s->internal->init_num > curr_mtu)
@@ -276,7 +269,6 @@ dtls1_do_write(SSL *s, int type)
                else
                        len = s->internal->init_num;
                /* XDTLS: this function is too long.  split out the CCS part */
                if (type == SSL3_RT_HANDSHAKE) {
                        if (s->internal->init_off != 0) {
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 560fcdc1a4..e09f668121 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.312 2021/01/13 18:20:54 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.313 2021/01/19 18:51:08 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -477,6 +477,8 @@ struct tls12_record_layer *tls12_record_layer_new(void);
 void tls12_record_layer_free(struct tls12_record_layer *rl);
 void tls12_record_layer_alert(struct tls12_record_layer *rl,
    uint8_t *alert_desc);
+int tls12_record_layer_write_overhead(struct tls12_record_layer *rl,
+    size_t *overhead);
 void tls12_record_layer_set_version(struct tls12_record_layer *rl,
    uint16_t version);
 void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
index 04699f9a83..7fa31707d3 100644
--- a/src/lib/libssl/tls12_record_layer.c
+++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.10 2021/01/19 18:34:02 jsing Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.11 2021/01/19 18:51:08 jsing Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 *
@@ -168,6 +168,33 @@ tls12_record_layer_alert(struct tls12_record_layer *rl, uint8_t *alert_desc)
        *alert_desc = rl->alert_desc;
 }
+int
+tls12_record_layer_write_overhead(struct tls12_record_layer *rl,
+    size_t *overhead)
+{
+        size_t block_size, eiv_len, mac_len;
+        *overhead = 0;
+        if (rl->write->aead_ctx != NULL) {
+                *overhead = rl->write->aead_ctx->tag_len;
+        } else if (rl->write->cipher_ctx != NULL) {
+                eiv_len = 0;
+                if (rl->version != TLS1_VERSION) {
+                        if (!tls12_record_protection_eiv_len(rl->write, &eiv_len))
+                                return 0;
+                }
+                if (!tls12_record_protection_block_size(rl->write, &block_size))
+                        return 0;
+                if (!tls12_record_protection_mac_len(rl->write, &mac_len))
+                        return 0;
+                *overhead = eiv_len + block_size + mac_len;
+        }
+        return 1;
+}
 void
 tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version)
 {