Merge pull request #4490 from TRodziewicz/Combine__SSL_<CID-TLS1_3>_PADDING_GRANULARITY_options
Combine _SSL_<CID-TLS1_3>_PADDING_GRANULARITY options
This commit is contained in:
commit
df77624ab5
7 changed files with 34 additions and 29 deletions
4
ChangeLog.d/issue4335.txt
Normal file
4
ChangeLog.d/issue4335.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
Changes
|
||||
* Replace MBEDTLS_SSL_CID_PADDING_GRANULARITY and
|
||||
MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY with a new single unified option
|
||||
MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY. Fixes #4335.
|
|
@ -0,0 +1,14 @@
|
|||
Combine the `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and `MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` options
|
||||
--
|
||||
|
||||
This change affects users who modified the default `config.h` padding granularity
|
||||
settings, i.e. enabled at least one of the options.
|
||||
|
||||
The `config.h` options `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and
|
||||
`MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` were combined into one option because
|
||||
they used exactly the same padding mechanism and hence their respective padding
|
||||
granularities can be used in exactly the same way. This change simplifies the
|
||||
code maintenance.
|
||||
|
||||
The new single option `MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY` can be used
|
||||
for both DTLS-CID and TLS 1.3.
|
|
@ -836,6 +836,14 @@
|
|||
#error "MBEDTLS_SSL_PROTO_TLS1_1 (TLS v1.1 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
|
||||
#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names
|
||||
#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Avoid warning from -pedantic. This is a convenient place for this
|
||||
* workaround since this is included by every single file before the
|
||||
|
|
|
@ -3443,27 +3443,10 @@
|
|||
*/
|
||||
//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
|
||||
|
||||
/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
|
||||
/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
|
||||
*
|
||||
* This option controls the use of record plaintext padding
|
||||
* when using the Connection ID extension in DTLS 1.2.
|
||||
*
|
||||
* The padding will always be chosen so that the length of the
|
||||
* padded plaintext is a multiple of the value of this option.
|
||||
*
|
||||
* Note: A value of \c 1 means that no padding will be used
|
||||
* for outgoing records.
|
||||
*
|
||||
* Note: On systems lacking division instructions,
|
||||
* a power of two should be preferred.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
|
||||
|
||||
/** \def MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY
|
||||
*
|
||||
* This option controls the use of record plaintext padding
|
||||
* in TLS 1.3.
|
||||
* in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
|
||||
*
|
||||
* The padding will always be chosen so that the length of the
|
||||
* padded plaintext is a multiple of the value of this option.
|
||||
|
@ -3474,7 +3457,7 @@
|
|||
* Note: On systems lacking division instructions,
|
||||
* a power of two should be preferred.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
|
||||
//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
|
||||
|
||||
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
|
||||
*
|
||||
|
|
|
@ -257,12 +257,8 @@
|
|||
#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
|
||||
#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY)
|
||||
#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
|
||||
#if !defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY)
|
||||
#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
|
||||
#endif
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
|
|
@ -164,7 +164,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_PADDING_GRANULARITY
|
||||
#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
|
||||
#else
|
||||
#define MBEDTLS_SSL_MAX_CID_EXPANSION 0
|
||||
#endif
|
||||
|
|
|
@ -579,7 +579,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
size_t padding =
|
||||
ssl_compute_padding_length( rec->data_len,
|
||||
MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY );
|
||||
MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY );
|
||||
if( ssl_build_inner_plaintext( data,
|
||||
&rec->data_len,
|
||||
post_avail,
|
||||
|
@ -605,7 +605,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
size_t padding =
|
||||
ssl_compute_padding_length( rec->data_len,
|
||||
MBEDTLS_SSL_CID_PADDING_GRANULARITY );
|
||||
MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY );
|
||||
/*
|
||||
* Wrap plaintext into DTLSInnerPlaintext structure.
|
||||
* See ssl_build_inner_plaintext() for more information.
|
||||
|
|
Loading…
Reference in a new issue