cipher: made TLS1.3 safe padding check optional

This patch introduces the gnutls_init() flag GNUTLS_SAFE_PADDING_CHECK
which makes the TLS1.3 safe padding check optional. That way applications
which do not utilize the TLS1.3 padding do not get penalized by the performance
drop in TLS1.3 packet processing. This addresses a regression in TLS1.3
packet processing performance.

Resolves: #466

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 7 insertions, 1 deletions

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index be350ecb15..41389a39af 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -375,6 +375,11 @@ typedef enum {
  * @GNUTLS_POST_HANDSHAKE_AUTH: Enable post handshake authentication for server and client. When set and
  *   a server requests authentication after handshake %GNUTLS_E_REAUTH_REQUEST will be returned
  *   by gnutls_record_recv(). A client should then call gnutls_reauth() to re-authenticate.
+ * @GNUTLS_SAFE_PADDING_CHECK: Flag to indicate that the TLS 1.3 padding check will be done in a
+ *   safe way which doesn't leak the pad size based on GnuTLS processing time. This is of use to
+ *   applications which hide the length of transferred data via the TLS1.3 padding mechanism and
+ *   are already taking steps to hide the data processing time. This comes at a performance
+ *   penalty.
  *
  * Enumeration of different flags for gnutls_init() function. All the flags
  * can be combined except @GNUTLS_SERVER and @GNUTLS_CLIENT which are mutually
@@ -400,7 +405,8 @@ typedef enum {
 	GNUTLS_KEY_SHARE_TOP2 = (1<<12),
 	GNUTLS_KEY_SHARE_TOP3 = (1<<13),
 	GNUTLS_POST_HANDSHAKE_AUTH = (1<<14),
-	GNUTLS_NO_AUTO_REKEY = (1<<15)
+	GNUTLS_NO_AUTO_REKEY = (1<<15),
+	GNUTLS_SAFE_PADDING_CHECK = (1<<16)
 } gnutls_init_flags_t;
 
 /* compatibility defines (previous versions of gnutls