feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

Merge branch 'contrib/github_pr_12177_v5.0' into 'release/v5.0'

Browse Source 
mbedtls: define MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding (GitHub PR) (v5.0)

See merge request espressif/esp-idf!28210
This commit is contained in:
Mahavir Jain
2024-01-03 16:52:10 +08:00
parent dfdbf4aba4 3ef1cf7edb
commit 471ca6a6bf
2 changed files with 21 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
components/mbedtls/Kconfig
View File

@@ -252,6 +252,22 @@ menu "mbedTLS"
help help
Enable PKCS #7 core for using PKCS #7-formatted signatures. Enable PKCS #7 core for using PKCS #7-formatted signatures.
config MBEDTLS_SSL_CID_PADDING_GRANULARITY
int "Record plaintext padding"
default 16
range 0 32
depends on MBEDTLS_SSL_PROTO_TLS1_3 || MBEDTLS_SSL_DTLS_CONNECTION_ID
help
Controls the use of record plaintext padding in TLS 1.3 and
when using the Connection ID extension in DTLS 1.2.
The padding will always be chosen so that the length of the
padded plaintext is a multiple of the value of this option.
Notes:
A value of 1 means that no padding will be used for outgoing records.
On systems lacking division instructions, a power of two should be preferred.
menu "DTLS-based configurations" menu "DTLS-based configurations"
depends on MBEDTLS_SSL_PROTO_DTLS depends on MBEDTLS_SSL_PROTO_DTLS
@@ -278,22 +294,6 @@ menu "mbedTLS"
help help
Maximum length of CIDs used for outgoing DTLS messages Maximum length of CIDs used for outgoing DTLS messages
config MBEDTLS_SSL_CID_PADDING_GRANULARITY
int "Record plaintext padding (for DTLS 1.2)"
default 16
range 0 32
depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
help
Controls the use of record plaintext padding when
using the Connection ID extension in DTLS 1.2.
The padding will always be chosen so that the length of the
padded plaintext is a multiple of the value of this option.
Notes:
A value of 1 means that no padding will be used for outgoing records.
On systems lacking division instructions, a power of two should be preferred.
config MBEDTLS_SSL_DTLS_SRTP config MBEDTLS_SSL_DTLS_SRTP
bool "Enable support for negotiation of DTLS-SRTP (RFC 5764)" bool "Enable support for negotiation of DTLS-SRTP (RFC 5764)"
default n default n

10
components/mbedtls/port/include/mbedtls/esp_config.h
View File

@@ -2843,10 +2843,10 @@
#undef MBEDTLS_SSL_CID_OUT_LEN_MAX #undef MBEDTLS_SSL_CID_OUT_LEN_MAX
#endif #endif
/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY /** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
* *
* This option controls the use of record plaintext padding * This option controls the use of record plaintext padding
* when using the Connection ID extension in DTLS 1.2. * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
* *
* The padding will always be chosen so that the length of the * The padding will always be chosen so that the length of the
* padded plaintext is a multiple of the value of this option. * padded plaintext is a multiple of the value of this option.
@@ -2858,10 +2858,10 @@
* a power of two should be preferred. * a power of two should be preferred.
* *
*/ */
#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID #ifdef CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
#define MBEDTLS_SSL_CID_PADDING_GRANULARITY CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY #define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
#else #else
#undef MBEDTLS_SSL_CID_PADDING_GRANULARITY #undef MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
#endif #endif