Run MBEDTLS_PRIVATE wrapping script on the library.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 88a599c..e6a3ff5 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -912,11 +913,11 @@
typedef struct mbedtls_dtls_srtp_info_t
{
/*! The SRTP profile that was negotiated. */
- mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
+ mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile);
/*! The length of mki_value. */
- uint16_t mki_len;
+ uint16_t MBEDTLS_PRIVATE(mki_len);
/*! The mki_value used, with max size of 256 bytes. */
- unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
+ unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
}
mbedtls_dtls_srtp_info;
@@ -936,17 +937,17 @@
struct mbedtls_ssl_session
{
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t start; /*!< starting time */
+ mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
#endif
- int ciphersuite; /*!< chosen ciphersuite */
- int compression; /*!< chosen compression */
- size_t id_len; /*!< session id length */
- unsigned char id[32]; /*!< session identifier */
- unsigned char master[48]; /*!< the master secret */
+ int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
+ int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
+ size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
+ unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
+ unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*! The digest of the peer's end-CRT. This must be kept to detect CRT
* changes during renegotiation, mitigating the triple handshake attack. */
@@ -955,24 +956,24 @@
mbedtls_md_type_t peer_cert_digest_type;
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- uint32_t verify_result; /*!< verification result */
+ uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- unsigned char *ticket; /*!< RFC 5077 session ticket */
- size_t ticket_len; /*!< session ticket length */
- uint32_t ticket_lifetime; /*!< ticket lifetime hint */
+ unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
+ size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */
+ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
+ unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- int trunc_hmac; /*!< flag for truncated hmac activation */
+ int MBEDTLS_PRIVATE(trunc_hmac); /*!< flag for truncated hmac activation */
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- int encrypt_then_mac; /*!< flag for EtM activation */
+ int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
};
@@ -990,114 +991,114 @@
/** Allowed ciphersuites per version. To access list's elements, please use
* \c mbedtls_ssl_get_protocol_version_ciphersuites
*/
- const int *ciphersuite_list[3];
+ const int *MBEDTLS_PRIVATE(ciphersuite_list)[3];
/** Callback for printing debug output */
- void (*f_dbg)(void *, int, const char *, int, const char *);
- void *p_dbg; /*!< context for the debug function */
+ void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
+ void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
/** Callback for getting (pseudo-)random numbers */
- int (*f_rng)(void *, unsigned char *, size_t);
- void *p_rng; /*!< context for the RNG function */
+ int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
/** Callback to retrieve a session from the cache */
- mbedtls_ssl_cache_get_t *f_get_cache;
+ mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
/** Callback to store a session into the cache */
- mbedtls_ssl_cache_set_t *f_set_cache;
- void *p_cache; /*!< context for cache callbacks */
+ mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache);
+ void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
- int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *p_sni; /*!< context for SNI callback */
+ int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *p_vrfy; /*!< context for X.509 verify calllback */
+ int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/** Callback to retrieve PSK key from identity */
- int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *p_psk; /*!< context for PSK callback */
+ int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a cookie for ClientHello veirifcation */
- int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
+ int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *,
const unsigned char *, size_t );
/** Callback to verify validity of a ClientHello cookie */
- int (*f_cookie_check)( void *, const unsigned char *, size_t,
+ int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t,
const unsigned char *, size_t );
- void *p_cookie; /*!< context for the cookie callbacks */
+ void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a session ticket */
- int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
+ int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *,
unsigned char *, const unsigned char *, size_t *, uint32_t * );
/** Callback to parse a session ticket into a session structure */
- int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
- void *p_ticket; /*!< context for the ticket callbacks */
+ int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/** Callback to export key block and master secret */
- int (*f_export_keys)( void *, const unsigned char *,
+ int (*MBEDTLS_PRIVATE(f_export_keys))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t );
/** Callback to export key block, master secret,
* tls_prf and random bytes. Should replace f_export_keys */
- int (*f_export_keys_ext)( void *, const unsigned char *,
+ int (*MBEDTLS_PRIVATE(f_export_keys_ext))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t,
const unsigned char[32], const unsigned char[32],
mbedtls_tls_prf_types );
- void *p_export_keys; /*!< context for key export callback */
+ void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */
+ size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
- mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
- mbedtls_x509_crt *ca_chain; /*!< trusted CAs */
- mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
+ const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */
+ mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
+ mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- mbedtls_x509_crt_ca_cb_t f_ca_cb;
- void *p_ca_cb;
+ mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb);
+ void *MBEDTLS_PRIVATE(p_ca_cb);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */
- mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */
+ mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
+ mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */
- mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */
- void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
+ mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
+ mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
+ void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- const int *sig_hashes; /*!< allowed signature hashes */
+ const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#endif
#if defined(MBEDTLS_ECP_C)
- const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */
+ const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
#endif
#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi dhm_P; /*!< prime modulus for DHM */
- mbedtls_mpi dhm_G; /*!< generator for DHM */
+ mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
+ mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field
+ psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
* should only be set via
* mbedtls_ssl_conf_psk_opaque().
* If either no PSK or a raw PSK have been
@@ -1105,22 +1106,22 @@
*/
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- unsigned char *psk; /*!< The raw pre-shared key. This field should
+ unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
* only be set via mbedtls_ssl_conf_psk().
* If either no PSK or an opaque PSK
* have been configured, this has value NULL. */
- size_t psk_len; /*!< The length of the raw pre-shared key.
+ size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if
* \c psk is not \c NULL. */
- unsigned char *psk_identity; /*!< The PSK identity for PSK negotiation.
+ unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* This is set if and only if either
* \c psk or \c psk_opaque are set. */
- size_t psk_identity_len;/*!< The length of PSK identity.
+ size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if
@@ -1129,279 +1130,279 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
- const char **alpn_list; /*!< ordered list of protocols */
+ const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*! ordered list of supported srtp profile */
- const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list;
+ const mbedtls_ssl_srtp_profile *MBEDTLS_PRIVATE(dtls_srtp_profile_list);
/*! number of supported profiles */
- size_t dtls_srtp_profile_list_len;
+ size_t MBEDTLS_PRIVATE(dtls_srtp_profile_list_len);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Numerical settings (int then char)
*/
- uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
+ uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint32_t hs_timeout_min; /*!< initial value of the handshake
+ uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake
retransmission timeout (ms) */
- uint32_t hs_timeout_max; /*!< maximum value of the handshake
+ uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake
retransmission timeout (ms) */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int renego_max_records; /*!< grace period for renegotiation */
- unsigned char renego_period[8]; /*!< value of the record counters
+ int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */
+ unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters
that triggers renegotiation */
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
- unsigned int badmac_limit; /*!< limit of records with a bad MAC */
+ unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
- unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
+ unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
#endif
- unsigned char max_major_ver; /*!< max. major version used */
- unsigned char max_minor_ver; /*!< max. minor version used */
- unsigned char min_major_ver; /*!< min. major version used */
- unsigned char min_minor_ver; /*!< min. minor version used */
+ unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
+ unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
+ unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
+ unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
/*
* Flags (bitfields)
*/
- unsigned int endpoint : 1; /*!< 0: client, 1: server */
- unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */
- unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
+ unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
+ unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */
+ unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
- unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */
+ unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned int mfl_code : 3; /*!< desired fragment length */
+ unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */
+ unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- unsigned int extended_ms : 1; /*!< negotiate extended master secret? */
+ unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- unsigned int anti_replay : 1; /*!< detect and prevent replay? */
+ unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- unsigned int cbc_record_splitting : 1; /*!< do cbc record splitting */
+ unsigned int MBEDTLS_PRIVATE(cbc_record_splitting) : 1; /*!< do cbc record splitting */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- unsigned int disable_renegotiation : 1; /*!< disable renegotiation? */
+ unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- unsigned int trunc_hmac : 1; /*!< negotiate truncated hmac? */
+ unsigned int MBEDTLS_PRIVATE(trunc_hmac) : 1; /*!< negotiate truncated hmac? */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- unsigned int session_tickets : 1; /*!< use session tickets? */
+ unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
#endif
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
- unsigned int fallback : 1; /*!< is this a fallback? */
+ unsigned int MBEDTLS_PRIVATE(fallback) : 1; /*!< is this a fallback? */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
- unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in
+ unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
Certificate Request messages? */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
+ unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
* record with unexpected CID
* should lead to failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- unsigned int dtls_srtp_mki_support : 1; /* support having mki_value
+ unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
in the use_srtp extension */
#endif
};
struct mbedtls_ssl_context
{
- const mbedtls_ssl_config *conf; /*!< configuration information */
+ const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */
/*
* Miscellaneous
*/
- int state; /*!< SSL handshake: current state */
+ int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int renego_status; /*!< Initial, in progress, pending? */
- int renego_records_seen; /*!< Records since renego request, or with DTLS,
+ int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */
+ int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
- int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
- int minor_ver; /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
+ int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
+ int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
- unsigned badmac_seen; /*!< records with a bad MAC received */
+ unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *p_vrfy; /*!< context for X.509 verify callback */
+ int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
#endif
- mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
- mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
- mbedtls_ssl_recv_timeout_t *f_recv_timeout;
+ mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */
+ mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */
+ mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout);
/*!< Callback for network receive with timeout */
- void *p_bio; /*!< context for I/O operations */
+ void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */
/*
* Session layer
*/
- mbedtls_ssl_session *session_in; /*!< current session data (in) */
- mbedtls_ssl_session *session_out; /*!< current session data (out) */
- mbedtls_ssl_session *session; /*!< negotiated session data */
- mbedtls_ssl_session *session_negotiate; /*!< session data in negotiation */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */
- mbedtls_ssl_handshake_params *handshake; /*!< params required only during
+ mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during
the handshake process */
/*
* Record layer transformations
*/
- mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */
- mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */
- mbedtls_ssl_transform *transform; /*!< negotiated transform params */
- mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */
/*
* Timers
*/
- void *p_timer; /*!< context for the timer callbacks */
+ void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
- mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */
- mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */
+ mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */
+ mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */
/*
* Record layer (incoming data)
*/
- unsigned char *in_buf; /*!< input buffer */
- unsigned char *in_ctr; /*!< 64-bit incoming message counter
+ unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
+ unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
TLS: maintained by us
DTLS: read from peer */
- unsigned char *in_hdr; /*!< start of record header */
+ unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *in_cid; /*!< The start of the CID;
+ unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *in_len; /*!< two-bytes message length field */
- unsigned char *in_iv; /*!< ivlen-byte IV */
- unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
- unsigned char *in_offt; /*!< read offset in application data */
+ unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */
+ unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
+ unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */
+ unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */
- int in_msgtype; /*!< record header: message type */
- size_t in_msglen; /*!< record header: message length */
- size_t in_left; /*!< amount of data read so far */
+ int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */
+ size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */
+ size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t in_buf_len; /*!< length of input buffer */
+ size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t in_epoch; /*!< DTLS epoch for incoming records */
- size_t next_record_offset; /*!< offset of the next record in datagram
+ uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */
+ size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram
(equal to in_left if none) */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- uint64_t in_window_top; /*!< last validated record seq_num */
- uint64_t in_window; /*!< bitmask for replay detection */
+ uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */
+ uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
- size_t in_hslen; /*!< current handshake message length,
+ size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
including the handshake header */
- int nb_zero; /*!< # of 0-length encrypted messages */
+ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
- int keep_current_message; /*!< drop or reuse current message
+ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message
on next call to record layer? */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint8_t disable_datagram_packing; /*!< Disable packing multiple records
+ uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records
* within a single datagram. */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* Record layer (outgoing data)
*/
- unsigned char *out_buf; /*!< output buffer */
- unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
- unsigned char *out_hdr; /*!< start of record header */
+ unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
+ unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */
+ unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *out_cid; /*!< The start of the CID;
+ unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *out_len; /*!< two-bytes message length field */
- unsigned char *out_iv; /*!< ivlen-byte IV */
- unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
+ unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */
+ unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
+ unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */
- int out_msgtype; /*!< record header: message type */
- size_t out_msglen; /*!< record header: message length */
- size_t out_left; /*!< amount of data not yet written */
+ int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */
+ size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */
+ size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t out_buf_len; /*!< length of output buffer */
+ size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
#endif
- unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */
+ unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */
+ uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- signed char split_done; /*!< current record already splitted? */
+ signed char MBEDTLS_PRIVATE(split_done); /*!< current record already splitted? */
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
/*
* PKI layer
*/
- int client_auth; /*!< flag for client auth. */
+ int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
/*
* User settings
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- char *hostname; /*!< expected peer CN for verification
+ char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
(and SNI if available) */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN)
- const char *alpn_chosen; /*!< negotiated protocol */
+ const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*
* use_srtp extension
*/
- mbedtls_dtls_srtp_info dtls_srtp_info;
+ mbedtls_dtls_srtp_info MBEDTLS_PRIVATE(dtls_srtp_info);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Information for DTLS hello verify
*/
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
- unsigned char *cli_id; /*!< transport-level ID of the client */
- size_t cli_id_len; /*!< length of cli_id */
+ unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */
+ size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/*
* Secure renegotiation
*/
/* needed to know when to send extension on server */
- int secure_renegotiation; /*!< does peer support legacy or
+ int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or
secure renegotiation */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- size_t verify_data_len; /*!< length of verify data stored */
- char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
- char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
+ size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */
+ char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
+ char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1411,9 +1412,9 @@
* all subsequent handshakes. This may be different from the
* CID currently used in case the user has re-configured the CID
* after an initial handshake. */
- unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
- uint8_t own_cid_len; /*!< The length of \c own_cid. */
- uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
+ unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
+ uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
+ uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should
* be negotiated in the next handshake or not.
* Possible values are #MBEDTLS_SSL_CID_ENABLED
* and #MBEDTLS_SSL_CID_DISABLED. */