/*----- Tunable parameters ------------------------------------------------*/
-/* --- Note on size limits --- *
- *
- * For a 64-bit block cipher (e.g., Blowfish), the probability of a collision
- * occurring after 32 MB is less than %$2^{-21}$%, and the probability of a
- * collision occurring after 64 MB is less than %$2^{-19}$%. These could be
- * adjusted dependent on the encryption scheme, but it's too much pain.
- */
-
#define T_EXP MIN(60) /* Expiry time for a key */
#define T_REGEN MIN(45) /* Regeneration time for a key */
-#define SZ_EXP MEG(64) /* Expiry data size for a key */
-#define SZ_REGEN MEG(32) /* Data size threshold for regen */
/*----- Handy macros ------------------------------------------------------*/
nsz = osz - sz;
else
nsz = 0;
- if (osz >= SZ_REGEN && nsz < SZ_REGEN) {
+ if (osz >= ks->sz_regen && ks->sz_regen > nsz) {
T( trace(T_KEYSET, "keyset: keyset %u data regen limit exceeded -- "
"forcing exchange", ks->seq); )
rc = KSERR_REGEN;
T( ks->seq = seq++; )
ks->ref = 1;
ks->t_exp = now + T_EXP;
- ks->sz_exp = SZ_EXP;
+ ks->sz_exp = algs.expsz;
+ ks->sz_regen = algs.expsz/2;
ks->oseq = 0;
seq_reset(&ks->iseq);
ks->next = 0;