build: Use new separate auto-version tool.

[tripe] / server / keyset.c

diff --git a/server/keyset.c b/server/keyset.c
index 9dd17facc3af65fa364905f595a71f26cd6cb944..99fad2f52aa35803a592d20fd3a743b9e9d7f2a1 100644 (file)
--- a/server/keyset.c
+++ b/server/keyset.c
@@ -30,18 +30,8 @@
 
 /*----- Tunable parameters ------------------------------------------------*/
 
-/* --- Note on size limits --- *
- *
- * For a 64-bit block cipher (e.g., Blowfish), the probability of a collision
- * occurring after 32 MB is less than %$2^{-21}$%, and the probability of a
- * collision occurring after 64 MB is less than %$2^{-19}$%.  These could be
- * adjusted dependent on the encryption scheme, but it's too much pain.
- */
-
 #define T_EXP MIN(60)                  /* Expiry time for a key */
 #define T_REGEN MIN(45)                        /* Regeneration time for a key */
-#define SZ_EXP MEG(64)                 /* Expiry data size for a key */
-#define SZ_REGEN MEG(32)               /* Data size threshold for regen */
 
 /*----- Handy macros ------------------------------------------------------*/
 
@@ -153,7 +143,7 @@ static int doencrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
     nsz = osz - sz;
   else
     nsz = 0;
-  if (osz >= SZ_REGEN && nsz < SZ_REGEN) {
+  if (osz >= ks->sz_regen && ks->sz_regen > nsz) {
     T( trace(T_KEYSET, "keyset: keyset %u data regen limit exceeded -- "
             "forcing exchange", ks->seq); )
     rc = KSERR_REGEN;
@@ -357,7 +347,8 @@ keyset *ks_gen(const void *k, size_t x, size_t y, size_t z, peer *p)
   T( ks->seq = seq++; )
   ks->ref = 1;
   ks->t_exp = now + T_EXP;
-  ks->sz_exp = SZ_EXP;
+  ks->sz_exp = algs.expsz;
+  ks->sz_regen = algs.expsz/2;
   ks->oseq = 0;
   seq_reset(&ks->iseq);
   ks->next = 0;