Merge branch 'contrib/github_pr_12177_v5.0' into 'release/v5.0'

mbedtls: define MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding (GitHub PR) (v5.0) See merge request espressif/esp-idf!28210
2024-10-05 20:47:46 -04:00 · 2024-01-03 16:52:10 +08:00 · 2024-01-03 16:52:10 +08:00 · 471ca6a6bf
commit 471ca6a6bf
parent dfdbf4aba4 3ef1cf7edb
2 changed files with 21 additions and 21 deletions
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@ -252,6 +252,22 @@ menu "mbedTLS"
            help
                Enable PKCS #7 core for using PKCS #7-formatted signatures.

+        config MBEDTLS_SSL_CID_PADDING_GRANULARITY
+            int "Record plaintext padding"
+            default 16
+            range 0 32
+            depends on MBEDTLS_SSL_PROTO_TLS1_3 || MBEDTLS_SSL_DTLS_CONNECTION_ID
+            help
+                Controls the use of record plaintext padding in TLS 1.3 and
+                when using the Connection ID extension in DTLS 1.2.
+
+                The padding will always be chosen so that the length of the
+                padded plaintext is a multiple of the value of this option.
+
+                Notes:
+                    A value of 1 means that no padding will be used for outgoing records.
+                    On systems lacking division instructions, a power of two should be preferred.
+
        menu "DTLS-based configurations"
            depends on MBEDTLS_SSL_PROTO_DTLS

@ -278,22 +294,6 @@ menu "mbedTLS"
                help
                    Maximum length of CIDs used for outgoing DTLS messages

-            config MBEDTLS_SSL_CID_PADDING_GRANULARITY
-                int "Record plaintext padding (for DTLS 1.2)"
-                default 16
-                range 0 32
-                depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
-                help
-                    Controls the use of record plaintext padding when
-                    using the Connection ID extension in DTLS 1.2.
-
-                    The padding will always be chosen so that the length of the
-                    padded plaintext is a multiple of the value of this option.
-
-                    Notes:
-                        A value of 1 means that no padding will be used for outgoing records.
-                        On systems lacking division instructions, a power of two should be preferred.
-
            config MBEDTLS_SSL_DTLS_SRTP
                bool "Enable support for negotiation of DTLS-SRTP (RFC 5764)"
                default n
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@ -2843,10 +2843,10 @@
 #undef MBEDTLS_SSL_CID_OUT_LEN_MAX
 #endif

-/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
+/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
 *
 * This option controls the use of record plaintext padding
- * when using the Connection ID extension in DTLS 1.2.
+ * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
 *
 * The padding will always be chosen so that the length of the
 * padded plaintext is a multiple of the value of this option.
@ -2858,10 +2858,10 @@
 *       a power of two should be preferred.
 *
 */
-#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID
-#define MBEDTLS_SSL_CID_PADDING_GRANULARITY    CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#ifdef CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY    CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
 #else
-#undef MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#undef MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
 #endif