Introduce configuration option for TLS 1.3 padding granularity
TLS 1.3 record protection allows the addition of an arbitrary amount of padding. This commit introduces a configuration option ``` MBEDTLS_SSL_TLS13_PADDING_GRANULARITY ``` The semantics of this option is that padding is chosen in a minimal way so that the padded plaintext has a length which is a multiple of MBEDTLS_SSL_TLS13_PADDING_GRANULARITY. For example, setting MBEDTLS_SSL_TLS13_PADDING_GRANULARITY to 1024 means that padded plaintexts will have length 1024, 2048, ..., while setting it to 1 means that no padding will be used. Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
Hanno Becker
parent
b54094bd7c
commit
13996927cb
3 changed files with 41 additions and 8 deletions
|
|
@ -3554,6 +3554,22 @@
|
|||
*/
|
||||
//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
|
||||
|
||||
/** \def MBEDTLS_SSL_TLS13_PADDING_GRANULARITY
|
||||
*
|
||||
* This option controls the use of record plaintext padding
|
||||
* in TLS 1.3.
|
||||
*
|
||||
* The padding will always be chosen so that the length of the
|
||||
* padded plaintext is a multiple of the value of this option.
|
||||
*
|
||||
* Note: A value of \c 1 means that no padding will be used
|
||||
* for outgoing records.
|
||||
*
|
||||
* Note: On systems lacking division instructions,
|
||||
* a power of two should be preferred.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 16
|
||||
|
||||
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
|
||||
*
|
||||
* Maximum length (in bytes) of outgoing plaintext fragments.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue