1 files changed, 15 insertions, 11 deletions

diff --git a/lib/dtls.c b/lib/dtls.c
index 002c7145ef..f5b4a0a4c9 100644
--- a/lib/dtls.c
+++ b/lib/dtls.c
@@ -586,7 +586,10 @@ size_t gnutls_est_record_overhead_size(gnutls_protocol_t version,
 	if (v->transport == GNUTLS_STREAM)
 		total = TLS_RECORD_HEADER_SIZE;
 	else
-		total = DTLS_RECORD_HEADER_SIZE;
+		if (cipher == GNUTLS_CIPHER_NULL)
+			total = DTLS_RECORD_HEADER_SIZE;
+		else
+			total = DTLS13_RECORD_HEADER_SIZE;
 
 	total += _gnutls_record_overhead(v, c, m, 1);
 
@@ -629,14 +632,8 @@ static int record_overhead_rt(gnutls_session_t session)
  **/
 size_t gnutls_record_overhead_size(gnutls_session_t session)
 {
-	const version_entry_st *v = get_version(session);
 	int ret;
-	size_t total;
-
-	if (v->transport == GNUTLS_STREAM)
-		total = TLS_RECORD_HEADER_SIZE;
-	else
-		total = DTLS_RECORD_HEADER_SIZE;
+	size_t total = RECORD_HEADER_SIZE(session);
 
 	ret = record_overhead_rt(session);
 	if (ret >= 0)
@@ -667,13 +664,20 @@ unsigned int gnutls_dtls_get_data_mtu(gnutls_session_t session)
 
 	mtu -= RECORD_HEADER_SIZE(session);
 
-	if (session->internals.initial_negotiation_completed == 0)
-		return mtu;
-
 	ret = _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT, &params);
 	if (ret < 0)
 		return mtu;
 
+	if (session->internals.initial_negotiation_completed == 0){
+		if (session->security_parameters.pversion->tls13_sem)
+			return (mtu - params->write.aead_tag_size - 1); //Tag + content_type
+		return mtu;
+	}
+
+	if (session->security_parameters.pversion->tls13_sem &&
+			params->cipher->id != GNUTLS_CIPHER_NULL)
+		mtu -= params->write.aead_tag_size + 1; //Tag + content_type
+
 	if (params->cipher->type == CIPHER_AEAD || params->cipher->type == CIPHER_STREAM)
 		return mtu-_gnutls_record_overhead(get_version(session), params->cipher, params->mac, 0);