mbedtls: define MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding

Updates config to define the new MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY option, which replaced the previously used MBEDTLS_SSL_CID_PADDING_GRANULARITY. The old option is continuing to be used as the new one exceeds the maximum length for an option name in esp-idf. See Mbed-TLS/mbedtls#4490 for more information. Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
espressif · Jan 2, 2024 · f9569bd · f9569bd
1 parent bc23890
commit f9569bd
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 21 deletions.
diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
@@ -252,6 +252,22 @@ menu "mbedTLS"
             help
                 Enable PKCS #7 core for using PKCS #7-formatted signatures.
 
+        config MBEDTLS_SSL_CID_PADDING_GRANULARITY
+            int "Record plaintext padding"
+            default 16
+            range 0 32
+            depends on MBEDTLS_SSL_PROTO_TLS1_3 || MBEDTLS_SSL_DTLS_CONNECTION_ID
+            help
+                Controls the use of record plaintext padding in TLS 1.3 and
+                when using the Connection ID extension in DTLS 1.2.
+
+                The padding will always be chosen so that the length of the
+                padded plaintext is a multiple of the value of this option.
+
+                Notes:
+                    A value of 1 means that no padding will be used for outgoing records.
+                    On systems lacking division instructions, a power of two should be preferred.
+
         menu "DTLS-based configurations"
             depends on MBEDTLS_SSL_PROTO_DTLS
 
@@ -278,22 +294,6 @@ menu "mbedTLS"
                 help
                     Maximum length of CIDs used for outgoing DTLS messages
 
-            config MBEDTLS_SSL_CID_PADDING_GRANULARITY
-                int "Record plaintext padding (for DTLS 1.2)"
-                default 16
-                range 0 32
-                depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
-                help
-                    Controls the use of record plaintext padding when
-                    using the Connection ID extension in DTLS 1.2.
-
-                    The padding will always be chosen so that the length of the
-                    padded plaintext is a multiple of the value of this option.
-
-                    Notes:
-                        A value of 1 means that no padding will be used for outgoing records.
-                        On systems lacking division instructions, a power of two should be preferred.
-
             config MBEDTLS_SSL_DTLS_SRTP
                 bool "Enable support for negotiation of DTLS-SRTP (RFC 5764)"
                 default n

diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -2844,10 +2844,10 @@
 #undef MBEDTLS_SSL_CID_OUT_LEN_MAX
 #endif
 
-/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
+/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
  *
  * This option controls the use of record plaintext padding
- * when using the Connection ID extension in DTLS 1.2.
+ * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
  *
  * The padding will always be chosen so that the length of the
  * padded plaintext is a multiple of the value of this option.
@@ -2859,10 +2859,10 @@
  *       a power of two should be preferred.
  *
  */
-#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID
-#define MBEDTLS_SSL_CID_PADDING_GRANULARITY    CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#ifdef CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY    CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
 #else
-#undef MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#undef MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
 #endif