yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #4490 from TRodziewicz/Combine__SSL_<CID-TLS1_3>_PADDING_GRANULARITY_options

Browse source 
Combine _SSL_<CID-TLS1_3>_PADDING_GRANULARITY options
This commit is contained in:
Manuel Pégourié-Gonnard 2021-06-02 13:47:48 +02:00 committed by GitHub
commit df77624ab5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 34 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog.d/issue4335.txt Normal file
View file

@ -0,0 +1,4 @@
Changes
* Replace MBEDTLS_SSL_CID_PADDING_GRANULARITY and
MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY with a new single unified option
MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY. Fixes #4335.

14
docs/3.0-migration-guide.d/combine_SSL_CID-TLS1_3_PADDING_GRANULARITY_options.md Normal file
View file

@ -0,0 +1,14 @@
Combine the `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and `MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` options
--
This change affects users who modified the default `config.h` padding granularity
settings, i.e. enabled at least one of the options.
The `config.h` options `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and
`MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` were combined into one option because
they used exactly the same padding mechanism and hence their respective padding
granularities can be used in exactly the same way. This change simplifies the
code maintenance.
The new single option `MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY` can be used
for both DTLS-CID and TLS 1.3.

8
include/mbedtls/check_config.h
View file

@ -836,6 +836,14 @@
#error "MBEDTLS_SSL_PROTO_TLS1_1 (TLS v1.1 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286" #error "MBEDTLS_SSL_PROTO_TLS1_1 (TLS v1.1 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
#endif #endif
#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
#endif
#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names
#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
#endif
/* /*
* Avoid warning from -pedantic. This is a convenient place for this * Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the * workaround since this is included by every single file before the

23
include/mbedtls/config.h
View file

@ -3443,27 +3443,10 @@
*/ */
//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 //#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY /** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
* *
* This option controls the use of record plaintext padding * This option controls the use of record plaintext padding
* when using the Connection ID extension in DTLS 1.2. * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
*
* The padding will always be chosen so that the length of the
* padded plaintext is a multiple of the value of this option.
*
* Note: A value of \c 1 means that no padding will be used
* for outgoing records.
*
* Note: On systems lacking division instructions,
* a power of two should be preferred.
*
*/
//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
/** \def MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY
*
* This option controls the use of record plaintext padding
* in TLS 1.3.
* *
* The padding will always be chosen so that the length of the * The padding will always be chosen so that the length of the
* padded plaintext is a multiple of the value of this option. * padded plaintext is a multiple of the value of this option.
@ -3474,7 +3457,7 @@
* Note: On systems lacking division instructions, * Note: On systems lacking division instructions,
* a power of two should be preferred. * a power of two should be preferred.
*/ */
//#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1 //#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN /** \def MBEDTLS_SSL_OUT_CONTENT_LEN
* *

8
include/mbedtls/ssl.h
View file

@ -257,12 +257,8 @@
#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 #define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
#endif #endif
#if !defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) #if !defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY)
#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16 #define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
#endif
#if !defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY)
#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
#endif #endif
/* \} name SECTION: Module settings */ /* \} name SECTION: Module settings */

2
library/ssl_misc.h
View file

@ -164,7 +164,7 @@
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_PADDING_GRANULARITY #define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
#else #else
#define MBEDTLS_SSL_MAX_CID_EXPANSION 0 #define MBEDTLS_SSL_MAX_CID_EXPANSION 0
#endif #endif

4
library/ssl_msg.c
View file

@ -579,7 +579,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
{ {
size_t padding = size_t padding =
ssl_compute_padding_length( rec->data_len, ssl_compute_padding_length( rec->data_len,
MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY ); MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY );
if( ssl_build_inner_plaintext( data, if( ssl_build_inner_plaintext( data,
&rec->data_len, &rec->data_len,
post_avail, post_avail,
@ -605,7 +605,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
{ {
size_t padding = size_t padding =
ssl_compute_padding_length( rec->data_len, ssl_compute_padding_length( rec->data_len,
MBEDTLS_SSL_CID_PADDING_GRANULARITY ); MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY );
/* /*
* Wrap plaintext into DTLSInnerPlaintext structure. * Wrap plaintext into DTLSInnerPlaintext structure.
* See ssl_build_inner_plaintext() for more information. * See ssl_build_inner_plaintext() for more information.