X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/a50f9a0eaed03dfe85ff3d7a4c24da20ac705dae..383a9d7197f7a2c86d1f4267789ea3599314baf8:/server/keyset.c

diff --git a/server/keyset.c b/server/keyset.c
index 9dd17fac..99fad2f5 100644
--- a/server/keyset.c
+++ b/server/keyset.c
@@ -30,18 +30,8 @@
 
 /*----- Tunable parameters ------------------------------------------------*/
 
-/* --- Note on size limits --- *
- *
- * For a 64-bit block cipher (e.g., Blowfish), the probability of a collision
- * occurring after 32 MB is less than %$2^{-21}$%, and the probability of a
- * collision occurring after 64 MB is less than %$2^{-19}$%.  These could be
- * adjusted dependent on the encryption scheme, but it's too much pain.
- */
-
 #define T_EXP MIN(60)			/* Expiry time for a key */
 #define T_REGEN MIN(45)			/* Regeneration time for a key */
-#define SZ_EXP MEG(64)			/* Expiry data size for a key */
-#define SZ_REGEN MEG(32)		/* Data size threshold for regen */
 
 /*----- Handy macros ------------------------------------------------------*/
 
@@ -153,7 +143,7 @@ static int doencrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
     nsz = osz - sz;
   else
     nsz = 0;
-  if (osz >= SZ_REGEN && nsz < SZ_REGEN) {
+  if (osz >= ks->sz_regen && ks->sz_regen > nsz) {
     T( trace(T_KEYSET, "keyset: keyset %u data regen limit exceeded -- "
 	     "forcing exchange", ks->seq); )
     rc = KSERR_REGEN;
@@ -357,7 +347,8 @@ keyset *ks_gen(const void *k, size_t x, size_t y, size_t z, peer *p)
   T( ks->seq = seq++; )
   ks->ref = 1;
   ks->t_exp = now + T_EXP;
-  ks->sz_exp = SZ_EXP;
+  ks->sz_exp = algs.expsz;
+  ks->sz_regen = algs.expsz/2;
   ks->oseq = 0;
   seq_reset(&ks->iseq);
   ks->next = 0;