Combine MBEDTLS_SSL_<CID-TLS1_3>_PADDING_GRANULARITY options

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>

ChangeLog.d/issue4335.txt

@@ -0,0 +1,4 @@
+Changes
+   * Replace MBEDTLS_SSL_CID_PADDING_GRANULARITY and
+     MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY with a single unified option
+     MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY. Fixes #4335.

include/mbedtls/config.h

@@ -3497,27 +3497,10 @@
  */
 //#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
 
-/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
+/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
  *
  * This option controls the use of record plaintext padding
- * when using the Connection ID extension in DTLS 1.2.
- *
- * The padding will always be chosen so that the length of the
- * padded plaintext is a multiple of the value of this option.
- *
- * Note: A value of \c 1 means that no padding will be used
- *       for outgoing records.
- *
- * Note: On systems lacking division instructions,
- *       a power of two should be preferred.
- *
- */
-//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
-
-/** \def MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY
- *
- * This option controls the use of record plaintext padding
- * in TLS 1.3.
+ * when using the Connection ID extension in DTLS 1.2 and TLS 1.3.
  *
  * The padding will always be chosen so that the length of the
  * padded plaintext is a multiple of the value of this option.
@@ -3528,7 +3511,7 @@
  * Note: On systems lacking division instructions,
  *       a power of two should be preferred.
  */
-//#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
+//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
 
 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN
  *

include/mbedtls/ssl.h

@@ -257,12 +257,8 @@
 #define MBEDTLS_SSL_CID_OUT_LEN_MAX         32
 #endif
 
-#if !defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
-#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
-#endif
-
-#if !defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY)
-#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
+#if !defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY)
+#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
 #endif
 
 /* \} name SECTION: Module settings */

library/ssl_misc.h

@@ -164,7 +164,7 @@
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_MAX_CID_EXPANSION      MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#define MBEDTLS_SSL_MAX_CID_EXPANSION      MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
 #else
 #define MBEDTLS_SSL_MAX_CID_EXPANSION        0
 #endif

library/ssl_msg.c

@@ -579,7 +579,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
     {
         size_t padding =
             ssl_compute_padding_length( rec->data_len,
-                                        MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY );
+                                        MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY );
         if( ssl_build_inner_plaintext( data,
                                        &rec->data_len,
                                        post_avail,
@@ -605,7 +605,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
     {
         size_t padding =
             ssl_compute_padding_length( rec->data_len,
-                                        MBEDTLS_SSL_CID_PADDING_GRANULARITY );
+                                        MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY );
         /*
          * Wrap plaintext into DTLSInnerPlaintext structure.
          * See ssl_build_inner_plaintext() for more information.