Allow the configuration of padding when using CID extension

include/mbedtls/config.h

@@ -3354,6 +3354,22 @@
  */
 //#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
 
+/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
+ *
+ * This option controls the use of record plaintext padding
+ * when using the Connection ID extension in DTLS 1.2.
+ *
+ * The padding will always be chosen so that the length of the
+ * padded plaintext is a multiple of the value of this option.
+ *
+ * Note: A value of \c 1 means that no padding will be used
+ *       for outgoing records.
+ *
+ * The value MUST be a power of 2.
+ *
+ */
+//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
+
 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN
  *
  * Maximum length (in bytes) of outgoing plaintext fragments.

include/mbedtls/ssl.h

@@ -270,6 +270,10 @@
 #define MBEDTLS_SSL_CID_OUT_LEN_MAX         32
 #endif
 
+#if !defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
+#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
+#endif
+
 /* \} name SECTION: Module settings */
 
 /*

include/mbedtls/ssl_internal.h

@@ -176,9 +176,7 @@
 #endif
 
 #if defined(MBEDTLS_SSL_CID)
-#define MBEDTLS_SSL_MAX_CID_EXPANSION       16 /* Currently, we pad records
-                                                * to lengths which are multiples
-                                                * of 16 Bytes. */
+#define MBEDTLS_SSL_MAX_CID_EXPANSION      MBEDTLS_SSL_CID_PADDING_GRANULARITY
 #else
 #define MBEDTLS_SSL_MAX_CID_EXPANSION        0
 #endif