Run MBEDTLS_PRIVATE wrapping script on the library.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index da741c8..e23b9ca 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -39,6 +39,7 @@
#ifndef MBEDTLS_AES_H
#define MBEDTLS_AES_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -78,9 +79,9 @@
*/
typedef struct mbedtls_aes_context
{
- int nr; /*!< The number of rounds. */
- uint32_t *rk; /*!< AES round keys. */
- uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
+ int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
+ uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */
+ uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
hold 32 extra Bytes, which can be used for
one of the following purposes:
<ul><li>Alignment if VIA padlock is
@@ -97,9 +98,9 @@
*/
typedef struct mbedtls_aes_xts_context
{
- mbedtls_aes_context crypt; /*!< The AES context to use for AES block
+ mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
encryption or decryption. */
- mbedtls_aes_context tweak; /*!< The AES context used for tweak
+ mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak
computation. */
} mbedtls_aes_xts_context;
#endif /* MBEDTLS_CIPHER_MODE_XTS */
diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h
index ada6083..6313651 100644
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@@ -25,6 +25,7 @@
*/
#ifndef MBEDTLS_ARC4_H
#define MBEDTLS_ARC4_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -51,9 +52,9 @@
*/
typedef struct mbedtls_arc4_context
{
- int x; /*!< permutation index */
- int y; /*!< permutation index */
- unsigned char m[256]; /*!< permutation table */
+ int MBEDTLS_PRIVATE(x); /*!< permutation index */
+ int MBEDTLS_PRIVATE(y); /*!< permutation index */
+ unsigned char MBEDTLS_PRIVATE(m)[256]; /*!< permutation table */
}
mbedtls_arc4_context;
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 7dd960f..cd15c70 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -28,6 +28,7 @@
#ifndef MBEDTLS_ARIA_H
#define MBEDTLS_ARIA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -64,9 +65,9 @@
*/
typedef struct mbedtls_aria_context
{
- unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
+ unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16) */
/*! The ARIA round keys. */
- uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
+ uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
}
mbedtls_aria_context;
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index d2162fe..6611981 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_ASN1_H
#define MBEDTLS_ASN1_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -148,9 +149,9 @@
*/
typedef struct mbedtls_asn1_buf
{
- int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
- size_t len; /**< ASN1 length, in octets. */
- unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
+ int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
+ size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
+ unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
}
mbedtls_asn1_buf;
@@ -159,9 +160,9 @@
*/
typedef struct mbedtls_asn1_bitstring
{
- size_t len; /**< ASN1 length, in octets. */
- unsigned char unused_bits; /**< Number of unused bits at the end of the string */
- unsigned char *p; /**< Raw ASN1 data for the bit string */
+ size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
+ unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */
+ unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
}
mbedtls_asn1_bitstring;
@@ -170,8 +171,8 @@
*/
typedef struct mbedtls_asn1_sequence
{
- mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
- struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */
+ mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */
+ struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
}
mbedtls_asn1_sequence;
@@ -180,10 +181,10 @@
*/
typedef struct mbedtls_asn1_named_data
{
- mbedtls_asn1_buf oid; /**< The object identifier. */
- mbedtls_asn1_buf val; /**< The named value. */
- struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */
- unsigned char next_merged; /**< Merge next item into the current one? */
+ mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
+ mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
+ struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
+ unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */
}
mbedtls_asn1_named_data;
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 073b4a4..47768fc 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_BIGNUM_H
#define MBEDTLS_BIGNUM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -183,9 +184,9 @@
*/
typedef struct mbedtls_mpi
{
- int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */
- size_t n; /*!< total # of limbs */
- mbedtls_mpi_uint *p; /*!< pointer to limbs */
+ int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise */
+ size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */
+ mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */
}
mbedtls_mpi;
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
index 1ade1fc..e54d491 100644
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_BLOWFISH_H
#define MBEDTLS_BLOWFISH_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -57,8 +58,8 @@
*/
typedef struct mbedtls_blowfish_context
{
- uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
- uint32_t S[4][256]; /*!< key dependent S-boxes */
+ uint32_t MBEDTLS_PRIVATE(P)[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
+ uint32_t MBEDTLS_PRIVATE(S)[4][256]; /*!< key dependent S-boxes */
}
mbedtls_blowfish_context;
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index dee5c3e..d2d4f61 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_CAMELLIA_H
#define MBEDTLS_CAMELLIA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -53,8 +54,8 @@
*/
typedef struct mbedtls_camellia_context
{
- int nr; /*!< number of rounds */
- uint32_t rk[68]; /*!< CAMELLIA round keys */
+ int MBEDTLS_PRIVATE(nr); /*!< number of rounds */
+ uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */
}
mbedtls_camellia_context;
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index f63e61b..2fa4b5b 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -46,6 +46,7 @@
#ifndef MBEDTLS_CCM_H
#define MBEDTLS_CCM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -72,7 +73,7 @@
*/
typedef struct mbedtls_ccm_context
{
- mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
}
mbedtls_ccm_context;
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index a6a8cda..441aaa4 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -31,6 +31,7 @@
#ifndef MBEDTLS_CHACHA20_H
#define MBEDTLS_CHACHA20_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -51,9 +52,9 @@
typedef struct mbedtls_chacha20_context
{
- uint32_t state[16]; /*! The state (before round operations). */
- uint8_t keystream8[64]; /*! Leftover keystream bytes. */
- size_t keystream_bytes_used; /*! Number of keystream bytes already used. */
+ uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round operations). */
+ uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */
+ size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes already used. */
}
mbedtls_chacha20_context;
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 1007f95..7c36739 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -31,6 +31,7 @@
#ifndef MBEDTLS_CHACHAPOLY_H
#define MBEDTLS_CHACHAPOLY_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -61,12 +62,12 @@
typedef struct mbedtls_chachapoly_context
{
- mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */
- mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */
- uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */
- uint64_t ciphertext_len; /**< The length (bytes) of the ciphertext. */
- int state; /**< The current state of the context. */
- mbedtls_chachapoly_mode_t mode; /**< Cipher mode (encrypt or decrypt). */
+ mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20 context. */
+ mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305 context. */
+ uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional Authenticated Data. */
+ uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the ciphertext. */
+ int MBEDTLS_PRIVATE(state); /**< The current state of the context. */
+ mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt or decrypt). */
}
mbedtls_chachapoly_context;
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index ffb20a6..97aa16c 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -26,6 +26,7 @@
#ifndef MBEDTLS_CIPHER_H
#define MBEDTLS_CIPHER_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -267,37 +268,37 @@
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
- mbedtls_cipher_type_t type;
+ mbedtls_cipher_type_t MBEDTLS_PRIVATE(type);
/** The cipher mode. For example, MBEDTLS_MODE_CBC. */
- mbedtls_cipher_mode_t mode;
+ mbedtls_cipher_mode_t MBEDTLS_PRIVATE(mode);
/** The cipher key length, in bits. This is the
* default length for variable sized ciphers.
* Includes parity bits for ciphers like DES.
*/
- unsigned int key_bitlen;
+ unsigned int MBEDTLS_PRIVATE(key_bitlen);
/** Name of the cipher. */
- const char * name;
+ const char * MBEDTLS_PRIVATE(name);
/** IV or nonce size, in Bytes.
* For ciphers that accept variable IV sizes,
* this is the recommended size.
*/
- unsigned int iv_size;
+ unsigned int MBEDTLS_PRIVATE(iv_size);
/** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
* MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
* cipher supports variable IV or variable key sizes, respectively.
*/
- int flags;
+ int MBEDTLS_PRIVATE(flags);
/** The block size, in Bytes. */
- unsigned int block_size;
+ unsigned int MBEDTLS_PRIVATE(block_size);
/** Struct for base cipher information and functions. */
- const mbedtls_cipher_base_t *base;
+ const mbedtls_cipher_base_t *MBEDTLS_PRIVATE(base);
} mbedtls_cipher_info_t;
@@ -307,43 +308,43 @@
typedef struct mbedtls_cipher_context_t
{
/** Information about the associated cipher. */
- const mbedtls_cipher_info_t *cipher_info;
+ const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
/** Key length to use. */
- int key_bitlen;
+ int MBEDTLS_PRIVATE(key_bitlen);
/** Operation that the key of the context has been
* initialized for.
*/
- mbedtls_operation_t operation;
+ mbedtls_operation_t MBEDTLS_PRIVATE(operation);
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/** Padding functions to use, if relevant for
* the specific cipher mode.
*/
- void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
- int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
+ void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len );
+ int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len );
#endif
/** Buffer for input that has not been processed yet. */
- unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
+ unsigned char MBEDTLS_PRIVATE(unprocessed_data)[MBEDTLS_MAX_BLOCK_LENGTH];
/** Number of Bytes that have not been processed yet. */
- size_t unprocessed_len;
+ size_t MBEDTLS_PRIVATE(unprocessed_len);
/** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
* for XTS-mode. */
- unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
+ unsigned char MBEDTLS_PRIVATE(iv)[MBEDTLS_MAX_IV_LENGTH];
/** IV size in Bytes, for ciphers with variable-length IVs. */
- size_t iv_size;
+ size_t MBEDTLS_PRIVATE(iv_size);
/** The cipher-specific context. */
- void *cipher_ctx;
+ void *MBEDTLS_PRIVATE(cipher_ctx);
#if defined(MBEDTLS_CMAC_C)
/** CMAC-specific context. */
- mbedtls_cmac_context_t *cmac_ctx;
+ mbedtls_cmac_context_t *MBEDTLS_PRIVATE(cmac_ctx);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -354,7 +355,7 @@
* mbedtls_cipher_setup(), and set if it was established through
* mbedtls_cipher_setup_psa().
*/
- unsigned char psa_enabled;
+ unsigned char MBEDTLS_PRIVATE(psa_enabled);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
} mbedtls_cipher_context_t;
@@ -495,10 +496,10 @@
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0;
- return ctx->cipher_info->block_size;
+ return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
}
/**
@@ -514,10 +515,10 @@
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_MODE_NONE;
- return ctx->cipher_info->mode;
+ return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
}
/**
@@ -534,13 +535,13 @@
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0;
- if( ctx->iv_size != 0 )
- return (int) ctx->iv_size;
+ if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 )
+ return (int) ctx->MBEDTLS_PRIVATE(iv_size);
- return (int) ctx->cipher_info->iv_size;
+ return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
}
/**
@@ -556,10 +557,10 @@
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_CIPHER_NONE );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_CIPHER_NONE;
- return ctx->cipher_info->type;
+ return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
}
/**
@@ -575,10 +576,10 @@
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0;
- return ctx->cipher_info->name;
+ return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
}
/**
@@ -595,10 +596,10 @@
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_KEY_LENGTH_NONE;
- return (int) ctx->cipher_info->key_bitlen;
+ return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
}
/**
@@ -614,10 +615,10 @@
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_OPERATION_NONE );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_OPERATION_NONE;
- return ctx->operation;
+ return ctx->MBEDTLS_PRIVATE(operation);
}
/**
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index a0563b1..65c831c 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -25,6 +25,7 @@
#ifndef MBEDTLS_CMAC_H
#define MBEDTLS_CMAC_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -55,14 +56,14 @@
struct mbedtls_cmac_context_t
{
/** The internal state of the CMAC algorithm. */
- unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** Unprocessed data - either data that was not block aligned and is still
* pending processing, or the final block. */
- unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** The length of data pending processing. */
- size_t unprocessed_len;
+ size_t MBEDTLS_PRIVATE(unprocessed_len);
};
#else /* !MBEDTLS_CMAC_ALT */
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 0f2c551..6a8d5c6 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -40,6 +40,7 @@
#ifndef MBEDTLS_CTR_DRBG_H
#define MBEDTLS_CTR_DRBG_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -168,8 +169,8 @@
*/
typedef struct mbedtls_ctr_drbg_context
{
- unsigned char counter[16]; /*!< The counter (V). */
- int reseed_counter; /*!< The reseed counter.
+ unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
+ int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
* This is the number of requests that have
* been made since the last (re)seeding,
* minus one.
@@ -179,25 +180,25 @@
* or -1 if no nonce length has been explicitly
* set (see mbedtls_ctr_drbg_set_nonce_len()).
*/
- int prediction_resistance; /*!< This determines whether prediction
+ int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction
resistance is enabled, that is
whether to systematically reseed before
each random generation. */
- size_t entropy_len; /*!< The amount of entropy grabbed on each
+ size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each
seed or reseed operation, in bytes. */
- int reseed_interval; /*!< The reseed interval.
+ int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
* This is the maximum number of requests
* that can be made between reseedings. */
- mbedtls_aes_context aes_ctx; /*!< The AES context. */
+ mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
/*
* Callbacks (Entropy)
*/
- int (*f_entropy)(void *, unsigned char *, size_t);
+ int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
/*!< The entropy callback function. */
- void *p_entropy; /*!< The context for the entropy function. */
+ void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if f_entropy != NULL.
@@ -207,7 +208,7 @@
* Note that this invariant may change without notice. Do not rely on it
* and do not access the mutex directly in application code.
*/
- mbedtls_threading_mutex_t mutex;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
}
mbedtls_ctr_drbg_context;
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 92da73f..24d2402 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -26,6 +26,7 @@
*/
#ifndef MBEDTLS_DES_H
#define MBEDTLS_DES_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -60,7 +61,7 @@
*/
typedef struct mbedtls_des_context
{
- uint32_t sk[32]; /*!< DES subkeys */
+ uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */
}
mbedtls_des_context;
@@ -69,7 +70,7 @@
*/
typedef struct mbedtls_des3_context
{
- uint32_t sk[96]; /*!< 3DES subkeys */
+ uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */
}
mbedtls_des3_context;
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 0e8892e..6c8ca03 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -62,6 +62,7 @@
#ifndef MBEDTLS_DHM_H
#define MBEDTLS_DHM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -95,17 +96,17 @@
*/
typedef struct mbedtls_dhm_context
{
- size_t len; /*!< The size of \p P in Bytes. */
- mbedtls_mpi P; /*!< The prime modulus. */
- mbedtls_mpi G; /*!< The generator. */
- mbedtls_mpi X; /*!< Our secret value. */
- mbedtls_mpi GX; /*!< Our public key = \c G^X mod \c P. */
- mbedtls_mpi GY; /*!< The public key of the peer = \c G^Y mod \c P. */
- mbedtls_mpi K; /*!< The shared secret = \c G^(XY) mod \c P. */
- mbedtls_mpi RP; /*!< The cached value = \c R^2 mod \c P. */
- mbedtls_mpi Vi; /*!< The blinding value. */
- mbedtls_mpi Vf; /*!< The unblinding value. */
- mbedtls_mpi pX; /*!< The previous \c X. */
+ size_t MBEDTLS_PRIVATE(len); /*!< The size of \p P in Bytes. */
+ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus. */
+ mbedtls_mpi MBEDTLS_PRIVATE(G); /*!< The generator. */
+ mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< Our secret value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(GX); /*!< Our public key = \c G^X mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(GY); /*!< The public key of the peer = \c G^Y mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(K); /*!< The shared secret = \c G^(XY) mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< The cached value = \c R^2 mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(pX); /*!< The previous \c X. */
}
mbedtls_dhm_context;
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 05855cd..874b4ee 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -31,6 +31,7 @@
#ifndef MBEDTLS_ECDH_H
#define MBEDTLS_ECDH_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -104,15 +105,15 @@
typedef struct mbedtls_ecdh_context
{
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- mbedtls_ecp_group grp; /*!< The elliptic curve used. */
- mbedtls_mpi d; /*!< The private key. */
- mbedtls_ecp_point Q; /*!< The public key. */
- mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
- mbedtls_mpi z; /*!< The shared secret. */
- int point_format; /*!< The format of point export in TLS messages. */
- mbedtls_ecp_point Vi; /*!< The blinding value. */
- mbedtls_ecp_point Vf; /*!< The unblinding value. */
- mbedtls_mpi _d; /*!< The previous \p d. */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
+ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
+ mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
+ int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
int restart_enabled; /*!< The flag for restartable mode. */
mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index 891705d..0c8e8c9 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_ECJPAKE_H
#define MBEDTLS_ECJPAKE_H
+#include "mbedtls/private_access.h"
/*
* J-PAKE is a password-authenticated key exchange that allows deriving a
@@ -73,21 +74,21 @@
*/
typedef struct mbedtls_ecjpake_context
{
- const mbedtls_md_info_t *md_info; /**< Hash to use */
- mbedtls_ecp_group grp; /**< Elliptic curve */
- mbedtls_ecjpake_role role; /**< Are we client or server? */
- int point_format; /**< Format for point export */
+ const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */
+ mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */
+ int MBEDTLS_PRIVATE(point_format); /**< Format for point export */
- mbedtls_ecp_point Xm1; /**< My public key 1 C: X1, S: X3 */
- mbedtls_ecp_point Xm2; /**< My public key 2 C: X2, S: X4 */
- mbedtls_ecp_point Xp1; /**< Peer public key 1 C: X3, S: X1 */
- mbedtls_ecp_point Xp2; /**< Peer public key 2 C: X4, S: X2 */
- mbedtls_ecp_point Xp; /**< Peer public key C: Xs, S: Xc */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1 C: X1, S: X3 */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2 C: X2, S: X4 */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1 */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2 */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key C: Xs, S: Xc */
- mbedtls_mpi xm1; /**< My private key 1 C: x1, S: x3 */
- mbedtls_mpi xm2; /**< My private key 2 C: x2, S: x4 */
+ mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1 C: x1, S: x3 */
+ mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2 C: x2, S: x4 */
- mbedtls_mpi s; /**< Pre-shared secret (passphrase) */
+ mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */
} mbedtls_ecjpake_context;
#else /* MBEDTLS_ECJPAKE_ALT */
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index dd400a0..913e323 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -33,6 +33,7 @@
#ifndef MBEDTLS_ECP_H
#define MBEDTLS_ECP_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -142,10 +143,10 @@
*/
typedef struct mbedtls_ecp_curve_info
{
- mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
- uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
- uint16_t bit_size; /*!< The curve size in bits. */
- const char *name; /*!< A human-friendly name. */
+ mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */
+ uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
+ uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
+ const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
} mbedtls_ecp_curve_info;
/**
@@ -161,9 +162,9 @@
*/
typedef struct mbedtls_ecp_point
{
- mbedtls_mpi X; /*!< The X coordinate of the ECP point. */
- mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */
- mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */
+ mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
}
mbedtls_ecp_point;
@@ -210,26 +211,26 @@
*/
typedef struct mbedtls_ecp_group
{
- mbedtls_ecp_group_id id; /*!< An internal group identifier. */
- mbedtls_mpi P; /*!< The prime modulus of the base field. */
- mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
+ mbedtls_ecp_group_id MBEDTLS_PRIVATE(id); /*!< An internal group identifier. */
+ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus of the base field. */
+ mbedtls_mpi MBEDTLS_PRIVATE(A); /*!< For Short Weierstrass: \p A in the equation. For
Montgomery curves: <code>(A + 2) / 4</code>. */
- mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
+ mbedtls_mpi MBEDTLS_PRIVATE(B); /*!< For Short Weierstrass: \p B in the equation.
For Montgomery curves: unused. */
- mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
- mbedtls_mpi N; /*!< The order of \p G. */
- size_t pbits; /*!< The number of bits in \p P.*/
- size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
+ mbedtls_ecp_point MBEDTLS_PRIVATE(G); /*!< The generator of the subgroup used. */
+ mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The order of \p G. */
+ size_t MBEDTLS_PRIVATE(pbits); /*!< The number of bits in \p P.*/
+ size_t MBEDTLS_PRIVATE(nbits); /*!< For Short Weierstrass: The number of bits in \p P.
For Montgomery curves: the number of bits in the
private keys. */
- unsigned int h; /*!< \internal 1 if the constants are static. */
- int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
+ unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */
+ int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
mod \p P (see above).*/
- int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */
- int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */
- void *t_data; /*!< Unused. */
- mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */
- size_t T_size; /*!< The number of pre-computed points. */
+ int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
+ int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */
+ void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
+ mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */
+ size_t MBEDTLS_PRIVATE(T_size); /*!< The number of pre-computed points. */
}
mbedtls_ecp_group;
@@ -369,9 +370,9 @@
*/
typedef struct mbedtls_ecp_keypair
{
- mbedtls_ecp_group grp; /*!< Elliptic curve and base point */
- mbedtls_mpi d; /*!< our secret value */
- mbedtls_ecp_point Q; /*!< our public value */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point */
+ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */
}
mbedtls_ecp_keypair;
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index c51e641..d707bdd 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_ENTROPY_H
#define MBEDTLS_ENTROPY_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -104,11 +105,11 @@
*/
typedef struct mbedtls_entropy_source_state
{
- mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */
- void * p_source; /**< The callback data pointer */
- size_t size; /**< Amount received in bytes */
- size_t threshold; /**< Minimum bytes required before release */
- int strong; /**< Is the source strong? */
+ mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy source callback */
+ void * MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
+ size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
+ size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before release */
+ int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
}
mbedtls_entropy_source_state;
@@ -117,21 +118,21 @@
*/
typedef struct mbedtls_entropy_context
{
- int accumulator_started; /* 0 after init.
+ int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
* 1 after the first update.
* -1 after free. */
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- mbedtls_sha512_context accumulator;
+ mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator);
#else
mbedtls_sha256_context accumulator;
#endif
- int source_count; /* Number of entries used in source. */
- mbedtls_entropy_source_state source[MBEDTLS_ENTROPY_MAX_SOURCES];
+ int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
+ mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex; /*!< mutex */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
- int initial_entropy_run;
+ int MBEDTLS_PRIVATE(initial_entropy_run);
#endif
}
mbedtls_entropy_context;
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index a2fc2ab..c8e384a 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -30,6 +30,7 @@
#ifndef MBEDTLS_GCM_H
#define MBEDTLS_GCM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -58,15 +59,15 @@
*/
typedef struct mbedtls_gcm_context
{
- mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
- uint64_t HL[16]; /*!< Precalculated HTable low. */
- uint64_t HH[16]; /*!< Precalculated HTable high. */
- uint64_t len; /*!< The total length of the encrypted data. */
- uint64_t add_len; /*!< The total length of the additional data. */
- unsigned char base_ectr[16]; /*!< The first ECTR for tag. */
- unsigned char y[16]; /*!< The Y working value. */
- unsigned char buf[16]; /*!< The buf working value. */
- int mode; /*!< The operation to perform:
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
+ uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
+ uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
+ uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */
+ uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */
+ unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */
+ unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
+ unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
+ int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
#MBEDTLS_GCM_ENCRYPT or
#MBEDTLS_GCM_DECRYPT. */
}
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 1ab3422..2f81158 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -25,6 +25,7 @@
*/
#ifndef MBEDTLS_HMAC_DRBG_H
#define MBEDTLS_HMAC_DRBG_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -86,19 +87,19 @@
{
/* Working state: the key K is not stored explicitly,
* but is implied by the HMAC context */
- mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */
- unsigned char V[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
- int reseed_counter; /*!< reseed counter */
+ mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */
+ unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
+ int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter */
/* Administrative state */
- size_t entropy_len; /*!< entropy bytes grabbed on each (re)seed */
- int prediction_resistance; /*!< enable prediction resistance (Automatic
+ size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each (re)seed */
+ int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction resistance (Automatic
reseed before every random generation) */
- int reseed_interval; /*!< reseed interval */
+ int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval */
/* Callbacks */
- int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
- void *p_entropy; /*!< context for the entropy function */
+ int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); /*!< entropy function */
+ void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if
@@ -109,7 +110,7 @@
* Note that this invariant may change without notice. Do not rely on it
* and do not access the mutex directly in application code.
*/
- mbedtls_threading_mutex_t mutex;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
} mbedtls_hmac_drbg_context;
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index fbc3b47..21dc7c4 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -24,6 +24,7 @@
#ifndef MBEDTLS_MD_H
#define MBEDTLS_MD_H
+#include "mbedtls/private_access.h"
#include <stddef.h>
@@ -93,13 +94,13 @@
typedef struct mbedtls_md_context_t
{
/** Information about the associated message digest. */
- const mbedtls_md_info_t *md_info;
+ const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);
/** The digest-specific context. */
- void *md_ctx;
+ void *MBEDTLS_PRIVATE(md_ctx);
/** The HMAC part of the context. */
- void *hmac_ctx;
+ void *MBEDTLS_PRIVATE(hmac_ctx);
} mbedtls_md_context_t;
/**
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
index 950afa2..8d8d1e5 100644
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@@ -26,6 +26,7 @@
*/
#ifndef MBEDTLS_MD2_H
#define MBEDTLS_MD2_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -53,10 +54,10 @@
*/
typedef struct mbedtls_md2_context
{
- unsigned char cksum[16]; /*!< checksum of the data block */
- unsigned char state[48]; /*!< intermediate digest state */
- unsigned char buffer[16]; /*!< data block being processed */
- size_t left; /*!< amount of data in buffer */
+ unsigned char MBEDTLS_PRIVATE(cksum)[16]; /*!< checksum of the data block */
+ unsigned char MBEDTLS_PRIVATE(state)[48]; /*!< intermediate digest state */
+ unsigned char MBEDTLS_PRIVATE(buffer)[16]; /*!< data block being processed */
+ size_t MBEDTLS_PRIVATE(left); /*!< amount of data in buffer */
}
mbedtls_md2_context;
diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h
index f9e3987..ac28d29 100644
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@@ -26,6 +26,7 @@
*/
#ifndef MBEDTLS_MD4_H
#define MBEDTLS_MD4_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -54,9 +55,9 @@
*/
typedef struct mbedtls_md4_context
{
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[4]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
+ uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_md4_context;
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 71a41dc..27bc409 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -25,6 +25,7 @@
*/
#ifndef MBEDTLS_MD5_H
#define MBEDTLS_MD5_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -53,9 +54,9 @@
*/
typedef struct mbedtls_md5_context
{
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[4]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
+ uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_md5_context;
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 319f4be..502b9f4 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -37,6 +37,7 @@
*/
#ifndef MBEDTLS_NET_SOCKETS_H
#define MBEDTLS_NET_SOCKETS_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -84,7 +85,7 @@
*/
typedef struct mbedtls_net_context
{
- int fd; /**< The underlying file descriptor */
+ int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
}
mbedtls_net_context;
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
index 7f3e64a..c537b58 100644
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@@ -34,6 +34,7 @@
#ifndef MBEDTLS_NIST_KW_H
#define MBEDTLS_NIST_KW_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -65,7 +66,7 @@
* Don't make any assumptions on this context!
*/
typedef struct {
- mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
} mbedtls_nist_kw_context;
#else /* MBEDTLS_NIST_key wrapping_ALT */
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 4198eb1..dd3ade6 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_OID_H
#define MBEDTLS_OID_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -439,11 +440,11 @@
*/
typedef struct mbedtls_oid_descriptor_t
{
- const char *asn1; /*!< OID ASN.1 representation */
- size_t asn1_len; /*!< length of asn1 */
+ const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */
+ size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
- const char *name; /*!< official name (e.g. from RFC) */
- const char *description; /*!< human friendly description */
+ const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */
+ const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
#endif
} mbedtls_oid_descriptor_t;
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index 4769bec..9242da6 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_PEM_H
#define MBEDTLS_PEM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -57,9 +58,9 @@
*/
typedef struct mbedtls_pem_context
{
- unsigned char *buf; /*!< buffer for decoded data */
- size_t buflen; /*!< length of the buffer */
- unsigned char *info; /*!< buffer for extra header information */
+ unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */
+ size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */
+ unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header information */
}
mbedtls_pem_context;
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 093b3bc..06da076 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -22,6 +22,7 @@
#ifndef MBEDTLS_PK_H
#define MBEDTLS_PK_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -91,8 +92,8 @@
*/
typedef struct mbedtls_pk_rsassa_pss_options
{
- mbedtls_md_type_t mgf1_hash_id;
- int expected_salt_len;
+ mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id);
+ int MBEDTLS_PRIVATE(expected_salt_len);
} mbedtls_pk_rsassa_pss_options;
@@ -163,9 +164,9 @@
*/
typedef struct mbedtls_pk_debug_item
{
- mbedtls_pk_debug_type type;
- const char *name;
- void *value;
+ mbedtls_pk_debug_type MBEDTLS_PRIVATE(type);
+ const char *MBEDTLS_PRIVATE(name);
+ void *MBEDTLS_PRIVATE(value);
} mbedtls_pk_debug_item;
/** Maximum number of item send for debugging, plus 1 */
@@ -181,8 +182,8 @@
*/
typedef struct mbedtls_pk_context
{
- const mbedtls_pk_info_t * pk_info; /**< Public key information */
- void * pk_ctx; /**< Underlying public key context */
+ const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
+ void * MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
} mbedtls_pk_context;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index c944732..c50d7d2 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -30,6 +30,7 @@
*/
#ifndef MBEDTLS_PLATFORM_H
#define MBEDTLS_PLATFORM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -367,7 +368,7 @@
*/
typedef struct mbedtls_platform_context
{
- char dummy; /**< A placeholder member, as empty structs are not portable. */
+ char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */
}
mbedtls_platform_context;
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 1767f58..4d25385 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -31,6 +31,7 @@
#ifndef MBEDTLS_POLY1305_H
#define MBEDTLS_POLY1305_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -51,11 +52,11 @@
typedef struct mbedtls_poly1305_context
{
- uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */
- uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */
- uint32_t acc[5]; /** The accumulator number. */
- uint8_t queue[16]; /** The current partial block of data. */
- size_t queue_len; /** The number of bytes stored in 'queue'. */
+ uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the key). */
+ uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the key). */
+ uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */
+ uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data. */
+ size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in 'queue'. */
}
mbedtls_poly1305_context;
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 75fcdac..d5feecb 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -25,6 +25,7 @@
#ifndef MBEDTLS_PSA_UTIL_H
#define MBEDTLS_PSA_UTIL_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -380,7 +381,7 @@
if( curve_info == NULL )
return( 0 );
return( PSA_KEY_TYPE_ECC_KEY_PAIR(
- mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
+ mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) );
}
#endif /* MBEDTLS_ECP_C */
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index 1c72d60..62570c2 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_RIPEMD160_H
#define MBEDTLS_RIPEMD160_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -44,9 +45,9 @@
*/
typedef struct mbedtls_ripemd160_context
{
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[5]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
+ uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_ripemd160_context;
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index a54ac4d..945050c 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -27,6 +27,7 @@
*/
#ifndef MBEDTLS_RSA_H
#define MBEDTLS_RSA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -90,41 +91,41 @@
*/
typedef struct mbedtls_rsa_context
{
- int ver; /*!< Reserved for internal purposes.
+ int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes.
* Do not set this field in application
* code. Its meaning might change without
* notice. */
- size_t len; /*!< The size of \p N in Bytes. */
+ size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
- mbedtls_mpi N; /*!< The public modulus. */
- mbedtls_mpi E; /*!< The public exponent. */
+ mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
+ mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
- mbedtls_mpi D; /*!< The private exponent. */
- mbedtls_mpi P; /*!< The first prime factor. */
- mbedtls_mpi Q; /*!< The second prime factor. */
+ mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
+ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
- mbedtls_mpi DP; /*!< <code>D % (P - 1)</code>. */
- mbedtls_mpi DQ; /*!< <code>D % (Q - 1)</code>. */
- mbedtls_mpi QP; /*!< <code>1 / (Q % P)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< <code>D % (P - 1)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< <code>D % (Q - 1)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< <code>1 / (Q % P)</code>. */
- mbedtls_mpi RN; /*!< cached <code>R^2 mod N</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached <code>R^2 mod N</code>. */
- mbedtls_mpi RP; /*!< cached <code>R^2 mod P</code>. */
- mbedtls_mpi RQ; /*!< cached <code>R^2 mod Q</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached <code>R^2 mod P</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached <code>R^2 mod Q</code>. */
- mbedtls_mpi Vi; /*!< The cached blinding value. */
- mbedtls_mpi Vf; /*!< The cached un-blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
- int padding; /*!< Selects padding mode:
+ int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
#MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
#MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
- int hash_id; /*!< Hash identifier of mbedtls_md_type_t type,
+ int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type,
as specified in md.h for use in the MGF
mask generating function used in the
EME-OAEP and EMSA-PSS encodings. */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized iff ver != 0. */
- mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */
#endif
}
mbedtls_rsa_context;
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index 56ff948..5a42e5c 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -28,6 +28,7 @@
*/
#ifndef MBEDTLS_SHA1_H
#define MBEDTLS_SHA1_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -58,9 +59,9 @@
*/
typedef struct mbedtls_sha1_context
{
- uint32_t total[2]; /*!< The number of Bytes processed. */
- uint32_t state[5]; /*!< The intermediate digest state. */
- unsigned char buffer[64]; /*!< The data block being processed. */
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+ uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state. */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
}
mbedtls_sha1_context;
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 22c2c7d..2b982ff 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -24,6 +24,7 @@
*/
#ifndef MBEDTLS_SHA256_H
#define MBEDTLS_SHA256_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -53,10 +54,10 @@
*/
typedef struct mbedtls_sha256_context
{
- uint32_t total[2]; /*!< The number of Bytes processed. */
- uint32_t state[8]; /*!< The intermediate digest state. */
- unsigned char buffer[64]; /*!< The data block being processed. */
- int is224; /*!< Determines which function to use:
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+ uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
+ int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
0: Use SHA-256, or 1: Use SHA-224. */
}
mbedtls_sha256_context;
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index 04222f4..3f1af17 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -23,6 +23,7 @@
*/
#ifndef MBEDTLS_SHA512_H
#define MBEDTLS_SHA512_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -52,12 +53,12 @@
*/
typedef struct mbedtls_sha512_context
{
- uint64_t total[2]; /*!< The number of Bytes processed. */
- uint64_t state[8]; /*!< The intermediate digest state. */
- unsigned char buffer[128]; /*!< The data block being processed. */
+ uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+ uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
+ unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being processed. */
#if defined(MBEDTLS_SHA384_C)
- int is384; /*!< Determines which function to use:
- 0: Use SHA-512, or 1: Use SHA-384. */
+ int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
+ 0: Use SHA-512, or 1: Use SHA-384. */
#endif
}
mbedtls_sha512_context;
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 88a599c..e6a3ff5 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -912,11 +913,11 @@
typedef struct mbedtls_dtls_srtp_info_t
{
/*! The SRTP profile that was negotiated. */
- mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
+ mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile);
/*! The length of mki_value. */
- uint16_t mki_len;
+ uint16_t MBEDTLS_PRIVATE(mki_len);
/*! The mki_value used, with max size of 256 bytes. */
- unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
+ unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
}
mbedtls_dtls_srtp_info;
@@ -936,17 +937,17 @@
struct mbedtls_ssl_session
{
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t start; /*!< starting time */
+ mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
#endif
- int ciphersuite; /*!< chosen ciphersuite */
- int compression; /*!< chosen compression */
- size_t id_len; /*!< session id length */
- unsigned char id[32]; /*!< session identifier */
- unsigned char master[48]; /*!< the master secret */
+ int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
+ int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
+ size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
+ unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
+ unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*! The digest of the peer's end-CRT. This must be kept to detect CRT
* changes during renegotiation, mitigating the triple handshake attack. */
@@ -955,24 +956,24 @@
mbedtls_md_type_t peer_cert_digest_type;
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- uint32_t verify_result; /*!< verification result */
+ uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- unsigned char *ticket; /*!< RFC 5077 session ticket */
- size_t ticket_len; /*!< session ticket length */
- uint32_t ticket_lifetime; /*!< ticket lifetime hint */
+ unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
+ size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */
+ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
+ unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- int trunc_hmac; /*!< flag for truncated hmac activation */
+ int MBEDTLS_PRIVATE(trunc_hmac); /*!< flag for truncated hmac activation */
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- int encrypt_then_mac; /*!< flag for EtM activation */
+ int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
};
@@ -990,114 +991,114 @@
/** Allowed ciphersuites per version. To access list's elements, please use
* \c mbedtls_ssl_get_protocol_version_ciphersuites
*/
- const int *ciphersuite_list[3];
+ const int *MBEDTLS_PRIVATE(ciphersuite_list)[3];
/** Callback for printing debug output */
- void (*f_dbg)(void *, int, const char *, int, const char *);
- void *p_dbg; /*!< context for the debug function */
+ void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
+ void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
/** Callback for getting (pseudo-)random numbers */
- int (*f_rng)(void *, unsigned char *, size_t);
- void *p_rng; /*!< context for the RNG function */
+ int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
/** Callback to retrieve a session from the cache */
- mbedtls_ssl_cache_get_t *f_get_cache;
+ mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
/** Callback to store a session into the cache */
- mbedtls_ssl_cache_set_t *f_set_cache;
- void *p_cache; /*!< context for cache callbacks */
+ mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache);
+ void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
- int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *p_sni; /*!< context for SNI callback */
+ int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *p_vrfy; /*!< context for X.509 verify calllback */
+ int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/** Callback to retrieve PSK key from identity */
- int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *p_psk; /*!< context for PSK callback */
+ int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a cookie for ClientHello veirifcation */
- int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
+ int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *,
const unsigned char *, size_t );
/** Callback to verify validity of a ClientHello cookie */
- int (*f_cookie_check)( void *, const unsigned char *, size_t,
+ int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t,
const unsigned char *, size_t );
- void *p_cookie; /*!< context for the cookie callbacks */
+ void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a session ticket */
- int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
+ int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *,
unsigned char *, const unsigned char *, size_t *, uint32_t * );
/** Callback to parse a session ticket into a session structure */
- int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
- void *p_ticket; /*!< context for the ticket callbacks */
+ int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/** Callback to export key block and master secret */
- int (*f_export_keys)( void *, const unsigned char *,
+ int (*MBEDTLS_PRIVATE(f_export_keys))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t );
/** Callback to export key block, master secret,
* tls_prf and random bytes. Should replace f_export_keys */
- int (*f_export_keys_ext)( void *, const unsigned char *,
+ int (*MBEDTLS_PRIVATE(f_export_keys_ext))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t,
const unsigned char[32], const unsigned char[32],
mbedtls_tls_prf_types );
- void *p_export_keys; /*!< context for key export callback */
+ void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */
+ size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
- mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
- mbedtls_x509_crt *ca_chain; /*!< trusted CAs */
- mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
+ const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */
+ mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
+ mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- mbedtls_x509_crt_ca_cb_t f_ca_cb;
- void *p_ca_cb;
+ mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb);
+ void *MBEDTLS_PRIVATE(p_ca_cb);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */
- mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */
+ mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
+ mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */
- mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */
- void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
+ mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
+ mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
+ void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- const int *sig_hashes; /*!< allowed signature hashes */
+ const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#endif
#if defined(MBEDTLS_ECP_C)
- const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */
+ const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
#endif
#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi dhm_P; /*!< prime modulus for DHM */
- mbedtls_mpi dhm_G; /*!< generator for DHM */
+ mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
+ mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field
+ psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
* should only be set via
* mbedtls_ssl_conf_psk_opaque().
* If either no PSK or a raw PSK have been
@@ -1105,22 +1106,22 @@
*/
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- unsigned char *psk; /*!< The raw pre-shared key. This field should
+ unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
* only be set via mbedtls_ssl_conf_psk().
* If either no PSK or an opaque PSK
* have been configured, this has value NULL. */
- size_t psk_len; /*!< The length of the raw pre-shared key.
+ size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if
* \c psk is not \c NULL. */
- unsigned char *psk_identity; /*!< The PSK identity for PSK negotiation.
+ unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* This is set if and only if either
* \c psk or \c psk_opaque are set. */
- size_t psk_identity_len;/*!< The length of PSK identity.
+ size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if
@@ -1129,279 +1130,279 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
- const char **alpn_list; /*!< ordered list of protocols */
+ const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*! ordered list of supported srtp profile */
- const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list;
+ const mbedtls_ssl_srtp_profile *MBEDTLS_PRIVATE(dtls_srtp_profile_list);
/*! number of supported profiles */
- size_t dtls_srtp_profile_list_len;
+ size_t MBEDTLS_PRIVATE(dtls_srtp_profile_list_len);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Numerical settings (int then char)
*/
- uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
+ uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint32_t hs_timeout_min; /*!< initial value of the handshake
+ uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake
retransmission timeout (ms) */
- uint32_t hs_timeout_max; /*!< maximum value of the handshake
+ uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake
retransmission timeout (ms) */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int renego_max_records; /*!< grace period for renegotiation */
- unsigned char renego_period[8]; /*!< value of the record counters
+ int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */
+ unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters
that triggers renegotiation */
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
- unsigned int badmac_limit; /*!< limit of records with a bad MAC */
+ unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
- unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
+ unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
#endif
- unsigned char max_major_ver; /*!< max. major version used */
- unsigned char max_minor_ver; /*!< max. minor version used */
- unsigned char min_major_ver; /*!< min. major version used */
- unsigned char min_minor_ver; /*!< min. minor version used */
+ unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
+ unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
+ unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
+ unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
/*
* Flags (bitfields)
*/
- unsigned int endpoint : 1; /*!< 0: client, 1: server */
- unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */
- unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
+ unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
+ unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */
+ unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
- unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */
+ unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned int mfl_code : 3; /*!< desired fragment length */
+ unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */
+ unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- unsigned int extended_ms : 1; /*!< negotiate extended master secret? */
+ unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- unsigned int anti_replay : 1; /*!< detect and prevent replay? */
+ unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- unsigned int cbc_record_splitting : 1; /*!< do cbc record splitting */
+ unsigned int MBEDTLS_PRIVATE(cbc_record_splitting) : 1; /*!< do cbc record splitting */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- unsigned int disable_renegotiation : 1; /*!< disable renegotiation? */
+ unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- unsigned int trunc_hmac : 1; /*!< negotiate truncated hmac? */
+ unsigned int MBEDTLS_PRIVATE(trunc_hmac) : 1; /*!< negotiate truncated hmac? */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- unsigned int session_tickets : 1; /*!< use session tickets? */
+ unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
#endif
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
- unsigned int fallback : 1; /*!< is this a fallback? */
+ unsigned int MBEDTLS_PRIVATE(fallback) : 1; /*!< is this a fallback? */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
- unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in
+ unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
Certificate Request messages? */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
+ unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
* record with unexpected CID
* should lead to failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- unsigned int dtls_srtp_mki_support : 1; /* support having mki_value
+ unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
in the use_srtp extension */
#endif
};
struct mbedtls_ssl_context
{
- const mbedtls_ssl_config *conf; /*!< configuration information */
+ const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */
/*
* Miscellaneous
*/
- int state; /*!< SSL handshake: current state */
+ int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int renego_status; /*!< Initial, in progress, pending? */
- int renego_records_seen; /*!< Records since renego request, or with DTLS,
+ int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */
+ int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
- int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
- int minor_ver; /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
+ int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
+ int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
- unsigned badmac_seen; /*!< records with a bad MAC received */
+ unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *p_vrfy; /*!< context for X.509 verify callback */
+ int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
#endif
- mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
- mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
- mbedtls_ssl_recv_timeout_t *f_recv_timeout;
+ mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */
+ mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */
+ mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout);
/*!< Callback for network receive with timeout */
- void *p_bio; /*!< context for I/O operations */
+ void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */
/*
* Session layer
*/
- mbedtls_ssl_session *session_in; /*!< current session data (in) */
- mbedtls_ssl_session *session_out; /*!< current session data (out) */
- mbedtls_ssl_session *session; /*!< negotiated session data */
- mbedtls_ssl_session *session_negotiate; /*!< session data in negotiation */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */
- mbedtls_ssl_handshake_params *handshake; /*!< params required only during
+ mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during
the handshake process */
/*
* Record layer transformations
*/
- mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */
- mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */
- mbedtls_ssl_transform *transform; /*!< negotiated transform params */
- mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */
/*
* Timers
*/
- void *p_timer; /*!< context for the timer callbacks */
+ void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
- mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */
- mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */
+ mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */
+ mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */
/*
* Record layer (incoming data)
*/
- unsigned char *in_buf; /*!< input buffer */
- unsigned char *in_ctr; /*!< 64-bit incoming message counter
+ unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
+ unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
TLS: maintained by us
DTLS: read from peer */
- unsigned char *in_hdr; /*!< start of record header */
+ unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *in_cid; /*!< The start of the CID;
+ unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *in_len; /*!< two-bytes message length field */
- unsigned char *in_iv; /*!< ivlen-byte IV */
- unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
- unsigned char *in_offt; /*!< read offset in application data */
+ unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */
+ unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
+ unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */
+ unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */
- int in_msgtype; /*!< record header: message type */
- size_t in_msglen; /*!< record header: message length */
- size_t in_left; /*!< amount of data read so far */
+ int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */
+ size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */
+ size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t in_buf_len; /*!< length of input buffer */
+ size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t in_epoch; /*!< DTLS epoch for incoming records */
- size_t next_record_offset; /*!< offset of the next record in datagram
+ uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */
+ size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram
(equal to in_left if none) */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- uint64_t in_window_top; /*!< last validated record seq_num */
- uint64_t in_window; /*!< bitmask for replay detection */
+ uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */
+ uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
- size_t in_hslen; /*!< current handshake message length,
+ size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
including the handshake header */
- int nb_zero; /*!< # of 0-length encrypted messages */
+ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
- int keep_current_message; /*!< drop or reuse current message
+ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message
on next call to record layer? */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint8_t disable_datagram_packing; /*!< Disable packing multiple records
+ uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records
* within a single datagram. */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* Record layer (outgoing data)
*/
- unsigned char *out_buf; /*!< output buffer */
- unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
- unsigned char *out_hdr; /*!< start of record header */
+ unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
+ unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */
+ unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *out_cid; /*!< The start of the CID;
+ unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *out_len; /*!< two-bytes message length field */
- unsigned char *out_iv; /*!< ivlen-byte IV */
- unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
+ unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */
+ unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
+ unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */
- int out_msgtype; /*!< record header: message type */
- size_t out_msglen; /*!< record header: message length */
- size_t out_left; /*!< amount of data not yet written */
+ int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */
+ size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */
+ size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t out_buf_len; /*!< length of output buffer */
+ size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
#endif
- unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */
+ unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */
+ uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- signed char split_done; /*!< current record already splitted? */
+ signed char MBEDTLS_PRIVATE(split_done); /*!< current record already splitted? */
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
/*
* PKI layer
*/
- int client_auth; /*!< flag for client auth. */
+ int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
/*
* User settings
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- char *hostname; /*!< expected peer CN for verification
+ char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
(and SNI if available) */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN)
- const char *alpn_chosen; /*!< negotiated protocol */
+ const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*
* use_srtp extension
*/
- mbedtls_dtls_srtp_info dtls_srtp_info;
+ mbedtls_dtls_srtp_info MBEDTLS_PRIVATE(dtls_srtp_info);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Information for DTLS hello verify
*/
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
- unsigned char *cli_id; /*!< transport-level ID of the client */
- size_t cli_id_len; /*!< length of cli_id */
+ unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */
+ size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/*
* Secure renegotiation
*/
/* needed to know when to send extension on server */
- int secure_renegotiation; /*!< does peer support legacy or
+ int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or
secure renegotiation */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- size_t verify_data_len; /*!< length of verify data stored */
- char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
- char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
+ size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */
+ char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
+ char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1411,9 +1412,9 @@
* all subsequent handshakes. This may be different from the
* CID currently used in case the user has re-configured the CID
* after an initial handshake. */
- unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
- uint8_t own_cid_len; /*!< The length of \c own_cid. */
- uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
+ unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
+ uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
+ uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should
* be negotiated in the next handshake or not.
* Possible values are #MBEDTLS_SSL_CID_ENABLED
* and #MBEDTLS_SSL_CID_DISABLED. */
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index ac7b77c..d995f8f 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_CACHE_H
#define MBEDTLS_SSL_CACHE_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -65,16 +66,16 @@
struct mbedtls_ssl_cache_entry
{
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t timestamp; /*!< entry timestamp */
+ mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */
#endif
- unsigned char session_id[32]; /*!< session ID */
- size_t session_id_len;
+ unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */
+ size_t MBEDTLS_PRIVATE(session_id_len);
- unsigned char *session; /*!< serialized session */
- size_t session_len;
+ unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
+ size_t MBEDTLS_PRIVATE(session_len);
- mbedtls_ssl_cache_entry *next; /*!< chain pointer */
+ mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */
};
/**
@@ -82,11 +83,11 @@
*/
struct mbedtls_ssl_cache_context
{
- mbedtls_ssl_cache_entry *chain; /*!< start of the chain */
- int timeout; /*!< cache entry timeout */
- int max_entries; /*!< maximum entries */
+ mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
+ int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */
+ int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex; /*!< mutex */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif
};
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 3eacfb5..093238c 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_CIPHERSUITES_H
#define MBEDTLS_SSL_CIPHERSUITES_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -405,7 +406,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
@@ -424,7 +425,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@@ -442,7 +443,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@@ -456,7 +457,7 @@
static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@@ -473,7 +474,7 @@
static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
@@ -492,7 +493,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
@@ -507,7 +508,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
@@ -523,7 +524,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 0a23870..6806dbd 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_COOKIE_H
#define MBEDTLS_SSL_COOKIE_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -56,15 +57,15 @@
*/
typedef struct mbedtls_ssl_cookie_ctx
{
- mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */
+ mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */
#if !defined(MBEDTLS_HAVE_TIME)
unsigned long serial; /*!< serial number for expiration */
#endif
- unsigned long timeout; /*!< timeout delay, in seconds if HAVE_TIME,
+ unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME,
or in number of tickets issued */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
} mbedtls_ssl_cookie_ctx;
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index a882eed..871eec3 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_TICKET_H
#define MBEDTLS_SSL_TICKET_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -50,9 +51,9 @@
*/
typedef struct mbedtls_ssl_ticket_key
{
- unsigned char name[4]; /*!< random key identifier */
- uint32_t generation_time; /*!< key generation timestamp (seconds) */
- mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */
+ unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
+ uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
}
mbedtls_ssl_ticket_key;
@@ -61,17 +62,17 @@
*/
typedef struct mbedtls_ssl_ticket_context
{
- mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
- unsigned char active; /*!< index of the currently active key */
+ mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */
+ unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */
- uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */
+ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */
/** Callback for getting (pseudo-)random numbers */
- int (*f_rng)(void *, unsigned char *, size_t);
- void *p_rng; /*!< context for the RNG function */
+ int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
}
mbedtls_ssl_ticket_context;
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 1047f8f..fae96c2 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_THREADING_H
#define MBEDTLS_THREADING_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -41,11 +42,11 @@
#include <pthread.h>
typedef struct mbedtls_threading_mutex_t
{
- pthread_mutex_t mutex;
+ pthread_mutex_t MBEDTLS_PRIVATE(mutex);
/* is_valid is 0 after a failed init or a free, and nonzero after a
* successful init. This field is not considered part of the public
* API of Mbed TLS and may change without notice. */
- char is_valid;
+ char MBEDTLS_PRIVATE(is_valid);
} mbedtls_threading_mutex_t;
#endif
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index b7290cf..9a8b1e0 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_TIMING_H
#define MBEDTLS_TIMING_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -43,7 +44,7 @@
*/
struct mbedtls_timing_hr_time
{
- unsigned char opaque[32];
+ unsigned char MBEDTLS_PRIVATE(opaque)[32];
};
/**
@@ -52,8 +53,8 @@
typedef struct mbedtls_timing_delay_context
{
struct mbedtls_timing_hr_time timer;
- uint32_t int_ms;
- uint32_t fin_ms;
+ uint32_t MBEDTLS_PRIVATE(int_ms);
+ uint32_t MBEDTLS_PRIVATE(fin_ms);
} mbedtls_timing_delay_context;
#else /* MBEDTLS_TIMING_ALT */
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 3091de1..b7a969a 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_H
#define MBEDTLS_X509_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -229,8 +230,8 @@
/** Container for date and time (precision in seconds). */
typedef struct mbedtls_x509_time
{
- int year, mon, day; /**< Date. */
- int hour, min, sec; /**< Time. */
+ int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */
+ int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */
}
mbedtls_x509_time;
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index fcaa149..440da12 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_CRL_H
#define MBEDTLS_X509_CRL_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -49,15 +50,15 @@
*/
typedef struct mbedtls_x509_crl_entry
{
- mbedtls_x509_buf raw;
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw);
- mbedtls_x509_buf serial;
+ mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
- mbedtls_x509_time revocation_date;
+ mbedtls_x509_time MBEDTLS_PRIVATE(revocation_date);
- mbedtls_x509_buf entry_ext;
+ mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext);
- struct mbedtls_x509_crl_entry *next;
+ struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
}
mbedtls_x509_crl_entry;
@@ -67,30 +68,30 @@
*/
typedef struct mbedtls_x509_crl
{
- mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
- mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
- int version; /**< CRL version (1=v1, 2=v2) */
- mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */
+ int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */
- mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */
- mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
- mbedtls_x509_time this_update;
- mbedtls_x509_time next_update;
+ mbedtls_x509_time MBEDTLS_PRIVATE(this_update);
+ mbedtls_x509_time MBEDTLS_PRIVATE(next_update);
- mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
+ mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */
- mbedtls_x509_buf crl_ext;
+ mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext);
- mbedtls_x509_buf sig_oid2;
- mbedtls_x509_buf sig;
- mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
- struct mbedtls_x509_crl *next;
+ struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next);
}
mbedtls_x509_crl;
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 23a20d1..015962c 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_CRT_H
#define MBEDTLS_X509_CRT_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -51,50 +52,50 @@
*/
typedef struct mbedtls_x509_crt
{
- int own_buffer; /**< Indicates if \c raw is owned
+ int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
* by the structure or not. */
- mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
- mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
- int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
- mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
- mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */
+ int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */
- mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
- mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */
- mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
- mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
- mbedtls_x509_time valid_from; /**< Start time of certificate validity. */
- mbedtls_x509_time valid_to; /**< End time of certificate validity. */
+ mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */
+ mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */
- mbedtls_x509_buf pk_raw;
- mbedtls_pk_context pk; /**< Container for the public key context. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw);
+ mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
- mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
- mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
- mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
- mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */
+ mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
- mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
+ mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
- int ext_types; /**< Bit string containing detected and parsed extensions */
- int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
- int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
+ int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
+ int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
+ int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
- unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */
+ unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */
- mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
+ mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */
- unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
+ unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
- mbedtls_x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
- mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */
+ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
- struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */
+ struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */
}
mbedtls_x509_crt;
@@ -111,7 +112,7 @@
* To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/
- mbedtls_x509_buf type_id; /**< The type id. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
union
{
/**
@@ -122,12 +123,12 @@
*/
struct
{
- mbedtls_x509_buf oid; /**< The object identifier. */
- mbedtls_x509_buf val; /**< The named value. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
}
- hardware_module_name;
+ MBEDTLS_PRIVATE(hardware_module_name);
}
- value;
+ MBEDTLS_PRIVATE(value);
}
mbedtls_x509_san_other_name;
@@ -136,12 +137,12 @@
*/
typedef struct mbedtls_x509_subject_alternative_name
{
- int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
+ int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
- mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
- mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
+ mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */
}
- san; /**< A union of the supported SAN types */
+ MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
}
mbedtls_x509_subject_alternative_name;
@@ -158,10 +159,10 @@
*/
typedef struct mbedtls_x509_crt_profile
{
- uint32_t allowed_mds; /**< MDs for signatures */
- uint32_t allowed_pks; /**< PK algs for signatures */
- uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
- uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
+ uint32_t MBEDTLS_PRIVATE(allowed_mds); /**< MDs for signatures */
+ uint32_t MBEDTLS_PRIVATE(allowed_pks); /**< PK algs for signatures */
+ uint32_t MBEDTLS_PRIVATE(allowed_curves); /**< Elliptic curves for ECDSA */
+ uint32_t MBEDTLS_PRIVATE(rsa_min_bitlen); /**< Minimum size for RSA keys */
}
mbedtls_x509_crt_profile;
@@ -249,16 +250,16 @@
*/
typedef struct mbedtls_x509write_cert
{
- int version;
- mbedtls_mpi serial;
- mbedtls_pk_context *subject_key;
- mbedtls_pk_context *issuer_key;
- mbedtls_asn1_named_data *subject;
- mbedtls_asn1_named_data *issuer;
- mbedtls_md_type_t md_alg;
- char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
- char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
- mbedtls_asn1_named_data *extensions;
+ int MBEDTLS_PRIVATE(version);
+ mbedtls_mpi MBEDTLS_PRIVATE(serial);
+ mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
+ mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key);
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(issuer);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
+ char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
+ char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
}
mbedtls_x509write_cert;
@@ -266,8 +267,8 @@
* Item in a verification chain: cert and flags for it
*/
typedef struct {
- mbedtls_x509_crt *crt;
- uint32_t flags;
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(crt);
+ uint32_t MBEDTLS_PRIVATE(flags);
} mbedtls_x509_crt_verify_chain_item;
/**
@@ -280,15 +281,15 @@
*/
typedef struct
{
- mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
- unsigned len;
+ mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
+ unsigned MBEDTLS_PRIVATE(len);
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/* This stores the list of potential trusted signers obtained from
* the CA callback used for the CRT verification, if configured.
* We must track it somewhere because the callback passes its
* ownership to the caller. */
- mbedtls_x509_crt *trust_ca_cb_result;
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
} mbedtls_x509_crt_verify_chain;
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 07a3717..fa98394 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_CSR_H
#define MBEDTLS_X509_CSR_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -48,21 +49,21 @@
*/
typedef struct mbedtls_x509_csr
{
- mbedtls_x509_buf raw; /**< The raw CSR data (DER). */
- mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */
- int version; /**< CSR version (1=v1). */
+ int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
- mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */
- mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
- mbedtls_pk_context pk; /**< Container for the public key context. */
+ mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
- mbedtls_x509_buf sig_oid;
- mbedtls_x509_buf sig;
- mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
}
mbedtls_x509_csr;
@@ -71,10 +72,10 @@
*/
typedef struct mbedtls_x509write_csr
{
- mbedtls_pk_context *key;
- mbedtls_asn1_named_data *subject;
- mbedtls_md_type_t md_alg;
- mbedtls_asn1_named_data *extensions;
+ mbedtls_pk_context *MBEDTLS_PRIVATE(key);
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
}
mbedtls_x509write_csr;
diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h
index 5ce2fe4..72c998e 100644
--- a/include/mbedtls/xtea.h
+++ b/include/mbedtls/xtea.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_XTEA_H
#define MBEDTLS_XTEA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -49,7 +50,7 @@
*/
typedef struct mbedtls_xtea_context
{
- uint32_t k[4]; /*!< key */
+ uint32_t MBEDTLS_PRIVATE(k)[4]; /*!< key */
}
mbedtls_xtea_context;
diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index 1d11b00..b05660f 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H
#define PSA_CRYPTO_BUILTIN_COMPOSITES_H
+#include "mbedtls/private_access.h"
#include <psa/crypto_driver_common.h>
@@ -47,11 +48,11 @@
typedef struct
{
/** The HMAC algorithm in use */
- psa_algorithm_t alg;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
/** The hash context. */
struct psa_hash_operation_s hash_ctx;
/** The HMAC part of the context. */
- uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
+ uint8_t MBEDTLS_PRIVATE(opad)[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
} mbedtls_psa_hmac_operation_t;
#define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}}
@@ -61,17 +62,17 @@
typedef struct
{
- psa_algorithm_t alg;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
union
{
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+ unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
- mbedtls_psa_hmac_operation_t hmac;
+ mbedtls_psa_hmac_operation_t MBEDTLS_PRIVATE(hmac);
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
- mbedtls_cipher_context_t cmac;
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cmac);
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
- } ctx;
+ } MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_mac_operation_t;
#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}
diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index 75801a1..674c7d0 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H
#define PSA_CRYPTO_BUILTIN_PRIMITIVES_H
+#include "mbedtls/private_access.h"
#include <psa/crypto_driver_common.h>
@@ -61,32 +62,32 @@
typedef struct
{
- psa_algorithm_t alg;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
union
{
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+ unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_MD2_C)
- mbedtls_md2_context md2;
+ mbedtls_md2_context MBEDTLS_PRIVATE(md2);
#endif
#if defined(MBEDTLS_MD4_C)
- mbedtls_md4_context md4;
+ mbedtls_md4_context MBEDTLS_PRIVATE(md4);
#endif
#if defined(MBEDTLS_MD5_C)
- mbedtls_md5_context md5;
+ mbedtls_md5_context MBEDTLS_PRIVATE(md5);
#endif
#if defined(MBEDTLS_RIPEMD160_C)
- mbedtls_ripemd160_context ripemd160;
+ mbedtls_ripemd160_context MBEDTLS_PRIVATE(ripemd160);
#endif
#if defined(MBEDTLS_SHA1_C)
- mbedtls_sha1_context sha1;
+ mbedtls_sha1_context MBEDTLS_PRIVATE(sha1);
#endif
#if defined(MBEDTLS_SHA256_C)
- mbedtls_sha256_context sha256;
+ mbedtls_sha256_context MBEDTLS_PRIVATE(sha256);
#endif
#if defined(MBEDTLS_SHA512_C)
- mbedtls_sha512_context sha512;
+ mbedtls_sha512_context MBEDTLS_PRIVATE(sha512);
#endif
- } ctx;
+ } MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_hash_operation_t;
#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
@@ -110,10 +111,10 @@
typedef struct {
/* Context structure for the Mbed TLS cipher implementation. */
- psa_algorithm_t alg;
- uint8_t iv_length;
- uint8_t block_length;
- mbedtls_cipher_context_t cipher;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ uint8_t MBEDTLS_PRIVATE(iv_length);
+ uint8_t MBEDTLS_PRIVATE(block_length);
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
} mbedtls_psa_cipher_operation_t;
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index a7b4ab5..3611c41 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -27,6 +27,7 @@
#ifndef PSA_CRYPTO_EXTRA_H
#define PSA_CRYPTO_EXTRA_H
+#include "mbedtls/private_access.h"
#include "mbedtls/platform_util.h"
@@ -71,7 +72,7 @@
psa_key_attributes_t *attributes,
psa_algorithm_t alg2)
{
- attributes->core.policy.alg2 = alg2;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
}
/** Retrieve the enrollment algorithm policy from key attributes.
@@ -83,7 +84,7 @@
static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.policy.alg2 );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) );
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -141,8 +142,8 @@
psa_key_attributes_t *attributes,
psa_key_slot_number_t slot_number )
{
- attributes->core.flags |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
- attributes->slot_number = slot_number;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
+ attributes->MBEDTLS_PRIVATE(slot_number) = slot_number;
}
/** Remove the slot number attribute from a key attribute structure.
@@ -154,7 +155,7 @@
static inline void psa_clear_key_slot_number(
psa_key_attributes_t *attributes )
{
- attributes->core.flags &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
}
/** Register a key that is already present in a secure element.
@@ -226,26 +227,26 @@
typedef struct mbedtls_psa_stats_s
{
/** Number of slots containing key material for a volatile key. */
- size_t volatile_slots;
+ size_t MBEDTLS_PRIVATE(volatile_slots);
/** Number of slots containing key material for a key which is in
* internal persistent storage. */
- size_t persistent_slots;
+ size_t MBEDTLS_PRIVATE(persistent_slots);
/** Number of slots containing a reference to a key in a
* secure element. */
- size_t external_slots;
+ size_t MBEDTLS_PRIVATE(external_slots);
/** Number of slots which are occupied, but do not contain
* key material yet. */
- size_t half_filled_slots;
+ size_t MBEDTLS_PRIVATE(half_filled_slots);
/** Number of slots that contain cache data. */
- size_t cache_slots;
+ size_t MBEDTLS_PRIVATE(cache_slots);
/** Number of slots that are not used for anything. */
- size_t empty_slots;
+ size_t MBEDTLS_PRIVATE(empty_slots);
/** Number of slots that are locked. */
- size_t locked_slots;
+ size_t MBEDTLS_PRIVATE(locked_slots);
/** Largest key id value among open keys in internal persistent storage. */
- psa_key_id_t max_open_internal_key_id;
+ psa_key_id_t MBEDTLS_PRIVATE(max_open_internal_key_id);
/** Largest key id value among open keys in secure elements. */
- psa_key_id_t max_open_external_key_id;
+ psa_key_id_t MBEDTLS_PRIVATE(max_open_external_key_id);
} mbedtls_psa_stats_t;
/** \brief Get statistics about
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index 1dc8f9b..91a6d0b 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -33,6 +33,7 @@
*/
#ifndef PSA_CRYPTO_SE_DRIVER_H
#define PSA_CRYPTO_SE_DRIVER_H
+#include "mbedtls/private_access.h"
#include "crypto_driver_common.h"
@@ -97,21 +98,21 @@
* - psa_destroy_key() causes a call to
* psa_drv_se_key_management_t::p_destroy.
*/
- const void *const persistent_data;
+ const void *const MBEDTLS_PRIVATE(persistent_data);
/** The size of \c persistent_data in bytes.
*
* This is always equal to the value of the `persistent_data_size` field
* of the ::psa_drv_se_t structure when the driver is registered.
*/
- const size_t persistent_data_size;
+ const size_t MBEDTLS_PRIVATE(persistent_data_size);
/** Driver transient data.
*
* The core initializes this value to 0 and does not read or modify it
* afterwards. The driver may store whatever it wants in this field.
*/
- uintptr_t transient_data;
+ uintptr_t MBEDTLS_PRIVATE(transient_data);
} psa_drv_se_context_t;
/** \brief A driver initialization function.
@@ -323,28 +324,28 @@
/**The size in bytes of the hardware-specific secure element MAC context
* structure
*/
- size_t context_size;
+ size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a MAC setup operation
*/
- psa_drv_se_mac_setup_t p_setup;
+ psa_drv_se_mac_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that performs a MAC update operation
*/
- psa_drv_se_mac_update_t p_update;
+ psa_drv_se_mac_update_t MBEDTLS_PRIVATE(p_update);
/** Function that completes a MAC operation
*/
- psa_drv_se_mac_finish_t p_finish;
+ psa_drv_se_mac_finish_t MBEDTLS_PRIVATE(p_finish);
/** Function that completes a MAC operation with a verify check
*/
- psa_drv_se_mac_finish_verify_t p_finish_verify;
+ psa_drv_se_mac_finish_verify_t MBEDTLS_PRIVATE(p_finish_verify);
/** Function that aborts a previoustly started MAC operation
*/
- psa_drv_se_mac_abort_t p_abort;
+ psa_drv_se_mac_abort_t MBEDTLS_PRIVATE(p_abort);
/** Function that performs a MAC operation in one call
*/
- psa_drv_se_mac_generate_t p_mac;
+ psa_drv_se_mac_generate_t MBEDTLS_PRIVATE(p_mac);
/** Function that performs a MAC and verify operation in one call
*/
- psa_drv_se_mac_verify_t p_mac_verify;
+ psa_drv_se_mac_verify_t MBEDTLS_PRIVATE(p_mac_verify);
} psa_drv_se_mac_t;
/**@}*/
@@ -510,22 +511,22 @@
/** The size in bytes of the hardware-specific secure element cipher
* context structure
*/
- size_t context_size;
+ size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a cipher setup operation */
- psa_drv_se_cipher_setup_t p_setup;
+ psa_drv_se_cipher_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that sets a cipher IV (if necessary) */
- psa_drv_se_cipher_set_iv_t p_set_iv;
+ psa_drv_se_cipher_set_iv_t MBEDTLS_PRIVATE(p_set_iv);
/** Function that performs a cipher update operation */
- psa_drv_se_cipher_update_t p_update;
+ psa_drv_se_cipher_update_t MBEDTLS_PRIVATE(p_update);
/** Function that completes a cipher operation */
- psa_drv_se_cipher_finish_t p_finish;
+ psa_drv_se_cipher_finish_t MBEDTLS_PRIVATE(p_finish);
/** Function that aborts a cipher operation */
- psa_drv_se_cipher_abort_t p_abort;
+ psa_drv_se_cipher_abort_t MBEDTLS_PRIVATE(p_abort);
/** Function that performs ECB mode for a cipher operation
* (Danger: ECB mode should not be used directly by clients of the PSA
* Crypto Client API)
*/
- psa_drv_se_cipher_ecb_t p_ecb;
+ psa_drv_se_cipher_ecb_t MBEDTLS_PRIVATE(p_ecb);
} psa_drv_se_cipher_t;
/**@}*/
@@ -681,13 +682,13 @@
*/
typedef struct {
/** Function that performs an asymmetric sign operation */
- psa_drv_se_asymmetric_sign_t p_sign;
+ psa_drv_se_asymmetric_sign_t MBEDTLS_PRIVATE(p_sign);
/** Function that performs an asymmetric verify operation */
- psa_drv_se_asymmetric_verify_t p_verify;
+ psa_drv_se_asymmetric_verify_t MBEDTLS_PRIVATE(p_verify);
/** Function that performs an asymmetric encrypt operation */
- psa_drv_se_asymmetric_encrypt_t p_encrypt;
+ psa_drv_se_asymmetric_encrypt_t MBEDTLS_PRIVATE(p_encrypt);
/** Function that performs an asymmetric decrypt operation */
- psa_drv_se_asymmetric_decrypt_t p_decrypt;
+ psa_drv_se_asymmetric_decrypt_t MBEDTLS_PRIVATE(p_decrypt);
} psa_drv_se_asymmetric_t;
/**@}*/
@@ -798,9 +799,9 @@
*/
typedef struct {
/** Function that performs the AEAD encrypt operation */
- psa_drv_se_aead_encrypt_t p_encrypt;
+ psa_drv_se_aead_encrypt_t MBEDTLS_PRIVATE(p_encrypt);
/** Function that performs the AEAD decrypt operation */
- psa_drv_se_aead_decrypt_t p_decrypt;
+ psa_drv_se_aead_decrypt_t MBEDTLS_PRIVATE(p_decrypt);
} psa_drv_se_aead_t;
/**@}*/
@@ -1120,19 +1121,19 @@
*/
typedef struct {
/** Function that allocates a slot for a key. */
- psa_drv_se_allocate_key_t p_allocate;
+ psa_drv_se_allocate_key_t MBEDTLS_PRIVATE(p_allocate);
/** Function that checks the validity of a slot for a key. */
- psa_drv_se_validate_slot_number_t p_validate_slot_number;
+ psa_drv_se_validate_slot_number_t MBEDTLS_PRIVATE(p_validate_slot_number);
/** Function that performs a key import operation */
- psa_drv_se_import_key_t p_import;
+ psa_drv_se_import_key_t MBEDTLS_PRIVATE(p_import);
/** Function that performs a generation */
- psa_drv_se_generate_key_t p_generate;
+ psa_drv_se_generate_key_t MBEDTLS_PRIVATE(p_generate);
/** Function that performs a key destroy operation */
- psa_drv_se_destroy_key_t p_destroy;
+ psa_drv_se_destroy_key_t MBEDTLS_PRIVATE(p_destroy);
/** Function that performs a key export operation */
- psa_drv_se_export_key_t p_export;
+ psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export);
/** Function that performs a public key export operation */
- psa_drv_se_export_key_t p_export_public;
+ psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export_public);
} psa_drv_se_key_management_t;
/**@}*/
@@ -1263,16 +1264,16 @@
*/
typedef struct {
/** The driver-specific size of the key derivation context */
- size_t context_size;
+ size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a key derivation setup */
- psa_drv_se_key_derivation_setup_t p_setup;
+ psa_drv_se_key_derivation_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that sets key derivation collateral */
- psa_drv_se_key_derivation_collateral_t p_collateral;
+ psa_drv_se_key_derivation_collateral_t MBEDTLS_PRIVATE(p_collateral);
/** Function that performs a final key derivation step */
- psa_drv_se_key_derivation_derive_t p_derive;
+ psa_drv_se_key_derivation_derive_t MBEDTLS_PRIVATE(p_derive);
/** Function that perforsm a final key derivation or agreement and
* exports the key */
- psa_drv_se_key_derivation_export_t p_export;
+ psa_drv_se_key_derivation_export_t MBEDTLS_PRIVATE(p_export);
} psa_drv_se_key_derivation_t;
/**@}*/
@@ -1293,7 +1294,7 @@
* a different version of this specification.
* Use #PSA_DRV_SE_HAL_VERSION.
*/
- uint32_t hal_version;
+ uint32_t MBEDTLS_PRIVATE(hal_version);
/** The size of the driver's persistent data in bytes.
*
@@ -1303,7 +1304,7 @@
* for more information about why and how a driver can use
* persistent data.
*/
- size_t persistent_data_size;
+ size_t MBEDTLS_PRIVATE(persistent_data_size);
/** The driver initialization function.
*
@@ -1315,14 +1316,14 @@
* If this field is \c NULL, it is equivalent to a function that does
* nothing and returns #PSA_SUCCESS.
*/
- psa_drv_se_init_t p_init;
+ psa_drv_se_init_t MBEDTLS_PRIVATE(p_init);
- const psa_drv_se_key_management_t *key_management;
- const psa_drv_se_mac_t *mac;
- const psa_drv_se_cipher_t *cipher;
- const psa_drv_se_aead_t *aead;
- const psa_drv_se_asymmetric_t *asymmetric;
- const psa_drv_se_key_derivation_t *derivation;
+ const psa_drv_se_key_management_t *MBEDTLS_PRIVATE(key_management);
+ const psa_drv_se_mac_t *MBEDTLS_PRIVATE(mac);
+ const psa_drv_se_cipher_t *MBEDTLS_PRIVATE(cipher);
+ const psa_drv_se_aead_t *MBEDTLS_PRIVATE(aead);
+ const psa_drv_se_asymmetric_t *MBEDTLS_PRIVATE(asymmetric);
+ const psa_drv_se_key_derivation_t *MBEDTLS_PRIVATE(derivation);
} psa_drv_se_t;
/** The current version of the secure element driver HAL.
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 47012fd..b07ced8 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -60,6 +60,7 @@
#ifndef PSA_CRYPTO_STRUCT_H
#define PSA_CRYPTO_STRUCT_H
+#include "mbedtls/private_access.h"
#ifdef __cplusplus
extern "C" {
@@ -88,8 +89,8 @@
* ID values are auto-generated in psa_driver_wrappers.h.
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. the driver context is not active, in use). */
- unsigned int id;
- psa_driver_hash_context_t ctx;
+ unsigned int MBEDTLS_PRIVATE(id);
+ psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx);
};
#define PSA_HASH_OPERATION_INIT {0, {0}}
@@ -107,14 +108,14 @@
* ID values are auto-generated in psa_crypto_driver_wrappers.h
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. none of the driver contexts are active). */
- unsigned int id;
+ unsigned int MBEDTLS_PRIVATE(id);
- unsigned int iv_required : 1;
- unsigned int iv_set : 1;
+ unsigned int MBEDTLS_PRIVATE(iv_required) : 1;
+ unsigned int MBEDTLS_PRIVATE(iv_set) : 1;
- uint8_t default_iv_length;
+ uint8_t MBEDTLS_PRIVATE(default_iv_length);
- psa_driver_cipher_context_t ctx;
+ psa_driver_cipher_context_t MBEDTLS_PRIVATE(ctx);
};
#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}}
@@ -136,10 +137,10 @@
* ID values are auto-generated in psa_driver_wrappers.h
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. none of the driver contexts are active). */
- unsigned int id;
- uint8_t mac_size;
- unsigned int is_sign : 1;
- psa_driver_mac_context_t ctx;
+ unsigned int MBEDTLS_PRIVATE(id);
+ uint8_t MBEDTLS_PRIVATE(mac_size);
+ unsigned int MBEDTLS_PRIVATE(is_sign) : 1;
+ psa_driver_mac_context_t MBEDTLS_PRIVATE(ctx);
};
#define PSA_MAC_OPERATION_INIT {0, 0, 0, {0}}
@@ -151,16 +152,16 @@
struct psa_aead_operation_s
{
- psa_algorithm_t alg;
- unsigned int key_set : 1;
- unsigned int iv_set : 1;
- uint8_t iv_size;
- uint8_t block_size;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ unsigned int MBEDTLS_PRIVATE(key_set) : 1;
+ unsigned int MBEDTLS_PRIVATE(iv_set) : 1;
+ uint8_t MBEDTLS_PRIVATE(iv_size);
+ uint8_t MBEDTLS_PRIVATE(block_size);
union
{
- unsigned dummy; /* Enable easier initializing of the union. */
- mbedtls_cipher_context_t cipher;
- } ctx;
+ unsigned MBEDTLS_PRIVATE(dummy); /* Enable easier initializing of the union. */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
+ } MBEDTLS_PRIVATE(ctx);
};
#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}}
@@ -173,18 +174,18 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
typedef struct
{
- uint8_t *info;
- size_t info_length;
- psa_mac_operation_t hmac;
- uint8_t prk[PSA_HASH_MAX_SIZE];
- uint8_t output_block[PSA_HASH_MAX_SIZE];
+ uint8_t *MBEDTLS_PRIVATE(info);
+ size_t MBEDTLS_PRIVATE(info_length);
+ psa_mac_operation_t MBEDTLS_PRIVATE(hmac);
+ uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE];
+ uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
#if PSA_HASH_MAX_SIZE > 0xff
#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
#endif
- uint8_t offset_in_block;
- uint8_t block_number;
- unsigned int state : 2;
- unsigned int info_set : 1;
+ uint8_t MBEDTLS_PRIVATE(offset_in_block);
+ uint8_t MBEDTLS_PRIVATE(block_number);
+ unsigned int MBEDTLS_PRIVATE(state) : 2;
+ unsigned int MBEDTLS_PRIVATE(info_set) : 1;
} psa_hkdf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
@@ -207,45 +208,45 @@
/* Indicates how many bytes in the current HMAC block have
* not yet been read by the user. */
- uint8_t left_in_block;
+ uint8_t MBEDTLS_PRIVATE(left_in_block);
/* The 1-based number of the block. */
- uint8_t block_number;
+ uint8_t MBEDTLS_PRIVATE(block_number);
- psa_tls12_prf_key_derivation_state_t state;
+ psa_tls12_prf_key_derivation_state_t MBEDTLS_PRIVATE(state);
- uint8_t *secret;
- size_t secret_length;
- uint8_t *seed;
- size_t seed_length;
- uint8_t *label;
- size_t label_length;
+ uint8_t *MBEDTLS_PRIVATE(secret);
+ size_t MBEDTLS_PRIVATE(secret_length);
+ uint8_t *MBEDTLS_PRIVATE(seed);
+ size_t MBEDTLS_PRIVATE(seed_length);
+ uint8_t *MBEDTLS_PRIVATE(label);
+ size_t MBEDTLS_PRIVATE(label_length);
- uint8_t Ai[PSA_HASH_MAX_SIZE];
+ uint8_t MBEDTLS_PRIVATE(Ai)[PSA_HASH_MAX_SIZE];
/* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
- uint8_t output_block[PSA_HASH_MAX_SIZE];
+ uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
} psa_tls12_prf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
struct psa_key_derivation_s
{
- psa_algorithm_t alg;
- unsigned int can_output_key : 1;
- size_t capacity;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ unsigned int MBEDTLS_PRIVATE(can_output_key) : 1;
+ size_t MBEDTLS_PRIVATE(capacity);
union
{
/* Make the union non-empty even with no supported algorithms. */
- uint8_t dummy;
+ uint8_t MBEDTLS_PRIVATE(dummy);
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
- psa_hkdf_key_derivation_t hkdf;
+ psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf);
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
- psa_tls12_prf_key_derivation_t tls12_prf;
+ psa_tls12_prf_key_derivation_t MBEDTLS_PRIVATE(tls12_prf);
#endif
- } ctx;
+ } MBEDTLS_PRIVATE(ctx);
};
/* This only zeroes out the first byte in the union, the rest is unspecified. */
@@ -258,9 +259,9 @@
struct psa_key_policy_s
{
- psa_key_usage_t usage;
- psa_algorithm_t alg;
- psa_algorithm_t alg2;
+ psa_key_usage_t MBEDTLS_PRIVATE(usage);
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ psa_algorithm_t MBEDTLS_PRIVATE(alg2);
};
typedef struct psa_key_policy_s psa_key_policy_t;
@@ -309,24 +310,24 @@
typedef struct
{
- psa_key_type_t type;
- psa_key_bits_t bits;
- psa_key_lifetime_t lifetime;
- mbedtls_svc_key_id_t id;
- psa_key_policy_t policy;
- psa_key_attributes_flag_t flags;
+ psa_key_type_t MBEDTLS_PRIVATE(type);
+ psa_key_bits_t MBEDTLS_PRIVATE(bits);
+ psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
+ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
+ psa_key_policy_t MBEDTLS_PRIVATE(policy);
+ psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags);
} psa_core_key_attributes_t;
#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
struct psa_key_attributes_s
{
- psa_core_key_attributes_t core;
+ psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- psa_key_slot_number_t slot_number;
+ psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- void *domain_parameters;
- size_t domain_parameters_size;
+ void *MBEDTLS_PRIVATE(domain_parameters);
+ size_t MBEDTLS_PRIVATE(domain_parameters_size);
};
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -344,13 +345,13 @@
static inline void psa_set_key_id( psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key )
{
- psa_key_lifetime_t lifetime = attributes->core.lifetime;
+ psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime) = attributes->MBEDTLS_PRIVATE(core).lifetime;
- attributes->core.id = key;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
- attributes->core.lifetime =
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_LIFETIME_PERSISTENT,
PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) );
@@ -360,7 +361,7 @@
static inline mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.id );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) );
}
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
@@ -374,13 +375,13 @@
static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime)
{
- attributes->core.lifetime = lifetime;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = lifetime;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- attributes->core.id.key_id = 0;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).key_id = 0;
#else
- attributes->core.id = 0;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = 0;
#endif
}
}
@@ -388,31 +389,31 @@
static inline psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.lifetime );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) );
}
static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags)
{
- attributes->core.policy.usage = usage_flags;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
}
static inline psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.policy.usage );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) );
}
static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
psa_algorithm_t alg)
{
- attributes->core.policy.alg = alg;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg;
}
static inline psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.policy.alg );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) );
}
/* This function is declared in crypto_extra.h, which comes after this
@@ -425,10 +426,10 @@
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type)
{
- if( attributes->domain_parameters == NULL )
+ if( attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL )
{
/* Common case: quick path */
- attributes->core.type = type;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type;
}
else
{
@@ -443,22 +444,22 @@
static inline psa_key_type_t psa_get_key_type(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.type );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) );
}
static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
size_t bits)
{
if( bits > PSA_MAX_KEY_BITS )
- attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE;
else
- attributes->core.bits = (psa_key_bits_t) bits;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits;
}
static inline size_t psa_get_key_bits(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.bits );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) );
}
#ifdef __cplusplus