mbedtls: select MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding

Updates config to select the new MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY option, which replaced the previously used MBEDTLS_SSL_CID_PADDING_GRANULARITY. The old option is continuing to be used as the new one exceeds the maximum length for an option name in esp-idf. See Mbed-TLS/mbedtls#4490 for more information. Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
espressif · Sep 6, 2023 · c531a18 · c531a18
1 parent 62ee413
commit c531a18
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
@@ -280,13 +280,14 @@ menu "mbedTLS"
                     Maximum length of CIDs used for outgoing DTLS messages
 
             config MBEDTLS_SSL_CID_PADDING_GRANULARITY
-                int "Record plaintext padding (for DTLS 1.2)"
+                int "Record plaintext padding"
                 default 16
                 range 0 32
                 depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
+                select MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
                 help
-                    Controls the use of record plaintext padding when
-                    using the Connection ID extension in DTLS 1.2.
+                    Controls the use of record plaintext padding in TLS 1.3 and
+                    when using the Connection ID extension in DTLS 1.2.
 
                     The padding will always be chosen so that the length of the
                     padded plaintext is a multiple of the value of this option.

diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -2856,10 +2856,10 @@
 #undef MBEDTLS_SSL_CID_OUT_LEN_MAX
 #endif
 
-/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
+/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
  *
  * This option controls the use of record plaintext padding
- * when using the Connection ID extension in DTLS 1.2.
+ * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
  *
  * The padding will always be chosen so that the length of the
  * padded plaintext is a multiple of the value of this option.
@@ -2872,9 +2872,9 @@
  *
  */
 #ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID
-#define MBEDTLS_SSL_CID_PADDING_GRANULARITY    CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY    CONFIG_MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
 #else
-#undef MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#undef MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
 #endif