Allow the configuration of padding when using CID extension

2024-10-19 03:41:22 +00:00 · 2019-05-08 17:37:58 +01:00 · 2019-05-08 17:37:58 +01:00 · b1aa1b3616
parent 4c3eb7c919
commit b1aa1b3616
5 changed files with 32 additions and 4 deletions
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -3354,6 +3354,22 @@
 */
 //#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32

+/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
+ *
+ * This option controls the use of record plaintext padding
+ * when using the Connection ID extension in DTLS 1.2.
+ *
+ * The padding will always be chosen so that the length of the
+ * padded plaintext is a multiple of the value of this option.
+ *
+ * Note: A value of \c 1 means that no padding will be used
+ *       for outgoing records.
+ *
+ * The value MUST be a power of 2.
+ *
+ */
+//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
+
 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN
 *
 * Maximum length (in bytes) of outgoing plaintext fragments.
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -270,6 +270,10 @@
 #define MBEDTLS_SSL_CID_OUT_LEN_MAX         32
 #endif

+#if !defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
+#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
+#endif
+
 /* \} name SECTION: Module settings */

 /*
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -176,9 +176,7 @@
 #endif

 #if defined(MBEDTLS_SSL_CID)
-#define MBEDTLS_SSL_MAX_CID_EXPANSION       16 /* Currently, we pad records
-                                                * to lengths which are multiples
-                                                * of 16 Bytes. */
+#define MBEDTLS_SSL_MAX_CID_EXPANSION      MBEDTLS_SSL_CID_PADDING_GRANULARITY
 #else
 #define MBEDTLS_SSL_MAX_CID_EXPANSION        0
 #endif
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2013,7 +2013,9 @@ static int ssl_cid_build_inner_plaintext( unsigned char *content,
                                          uint8_t rec_type )
 {
    size_t len = *content_size;
-    size_t pad = ~len & 0xF; /* Pad to a multiple of 16 */
+
+    /* MBEDTLS_SSL_CID_PADDING_GRANULARITY must be a power of 2. */
+    size_t pad = ~len & ( MBEDTLS_SSL_CID_PADDING_GRANULARITY - 1 );

    /* Write real content type */
    if( remaining == 0 )
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@ -2530,6 +2530,14 @@ int query_config( const char *config )
    }
 #endif /* MBEDTLS_SSL_CID_OUT_LEN_MAX */

+#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
+    if( strcmp( "MBEDTLS_SSL_CID_PADDING_GRANULARITY", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_PADDING_GRANULARITY );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CID_PADDING_GRANULARITY */
+
 #if defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
    if( strcmp( "MBEDTLS_SSL_OUT_CONTENT_LEN", config ) == 0 )
    {