From 3ef1cf7edb1dfaeeb843df82720292c1ec280b4f Mon Sep 17 00:00:00 2001 From: Daniel Mangum Date: Fri, 1 Sep 2023 14:08:14 -0400 Subject: [PATCH] mbedtls: define MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding Updates config to define the new MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY option, which replaced the previously used MBEDTLS_SSL_CID_PADDING_GRANULARITY. The old option is continuing to be used as the new one exceeds the maximum length for an option name in esp-idf. See https://github.com/Mbed-TLS/mbedtls/pull/4490 for more information. Signed-off-by: Daniel Mangum --- components/mbedtls/Kconfig | 32 +++++++++---------- .../mbedtls/port/include/mbedtls/esp_config.h | 10 +++--- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index 86c91e1fd5..74837a7d29 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -252,6 +252,22 @@ menu "mbedTLS" help Enable PKCS #7 core for using PKCS #7-formatted signatures. + config MBEDTLS_SSL_CID_PADDING_GRANULARITY + int "Record plaintext padding" + default 16 + range 0 32 + depends on MBEDTLS_SSL_PROTO_TLS1_3 || MBEDTLS_SSL_DTLS_CONNECTION_ID + help + Controls the use of record plaintext padding in TLS 1.3 and + when using the Connection ID extension in DTLS 1.2. + + The padding will always be chosen so that the length of the + padded plaintext is a multiple of the value of this option. + + Notes: + A value of 1 means that no padding will be used for outgoing records. + On systems lacking division instructions, a power of two should be preferred. + menu "DTLS-based configurations" depends on MBEDTLS_SSL_PROTO_DTLS @@ -278,22 +294,6 @@ menu "mbedTLS" help Maximum length of CIDs used for outgoing DTLS messages - config MBEDTLS_SSL_CID_PADDING_GRANULARITY - int "Record plaintext padding (for DTLS 1.2)" - default 16 - range 0 32 - depends on MBEDTLS_SSL_DTLS_CONNECTION_ID - help - Controls the use of record plaintext padding when - using the Connection ID extension in DTLS 1.2. - - The padding will always be chosen so that the length of the - padded plaintext is a multiple of the value of this option. - - Notes: - A value of 1 means that no padding will be used for outgoing records. - On systems lacking division instructions, a power of two should be preferred. - config MBEDTLS_SSL_DTLS_SRTP bool "Enable support for negotiation of DTLS-SRTP (RFC 5764)" default n diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index 7e5f307678..2eeb73b904 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -2843,10 +2843,10 @@ #undef MBEDTLS_SSL_CID_OUT_LEN_MAX #endif -/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY +/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY * * This option controls the use of record plaintext padding - * when using the Connection ID extension in DTLS 1.2. + * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2. * * The padding will always be chosen so that the length of the * padded plaintext is a multiple of the value of this option. @@ -2858,10 +2858,10 @@ * a power of two should be preferred. * */ -#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID -#define MBEDTLS_SSL_CID_PADDING_GRANULARITY CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY +#ifdef CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY +#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY #else -#undef MBEDTLS_SSL_CID_PADDING_GRANULARITY +#undef MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY #endif