Introduce configuration option for TLS 1.3 padding granularity

TLS 1.3 record protection allows the addition of an arbitrary amount of padding. This commit introduces a configuration option ``` MBEDTLS_SSL_TLS13_PADDING_GRANULARITY ``` The semantics of this option is that padding is chosen in a minimal way so that the padded plaintext has a length which is a multiple of MBEDTLS_SSL_TLS13_PADDING_GRANULARITY. For example, setting MBEDTLS_SSL_TLS13_PADDING_GRANULARITY to 1024 means that padded plaintexts will have length 1024, 2048, ..., while setting it to 1 means that no padding will be used. Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2025-07-29 11:41:15 +03:00 · 2020-05-28 16:15:19 +01:00
parent b54094bd7c
commit 13996927cb
3 changed files with 41 additions and 8 deletions
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -3554,6 +3554,22 @@
 */
 //#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16

+/** \def MBEDTLS_SSL_TLS13_PADDING_GRANULARITY
+ *
+ * This option controls the use of record plaintext padding
+ * in TLS 1.3.
+ *
+ * The padding will always be chosen so that the length of the
+ * padded plaintext is a multiple of the value of this option.
+ *
+ * Note: A value of \c 1 means that no padding will be used
+ *       for outgoing records.
+ *
+ * Note: On systems lacking division instructions,
+ *       a power of two should be preferred.
+ */
+//#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 16
+
 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN
 *
 * Maximum length (in bytes) of outgoing plaintext fragments.
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -277,6 +277,10 @@
 #define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
 #endif

+#if !defined(MBEDTLS_SSL_TLS13_PADDING_GRANULARITY)
+#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 16
+#endif
+
 /* \} name SECTION: Module settings */

 /*