yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #4511 from mstarzyk-mobica/mbedtls_private_with_python

Browse source 
Introduce scripts automating wrapping structs members with MBEDTLS_PRIVATE macro
This commit is contained in:
Ronald Cron 2021-06-14 17:36:39 +02:00 committed by GitHub
commit 823f594db5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
111 changed files with 987 additions and 893 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
doxygen/mbedtls.doxyfile
View file

@ -1577,13 +1577,13 @@ ENABLE_PREPROCESSING = YES
# compilation will be performed. Macro expansion can be done in a controlled
# way by setting EXPAND_ONLY_PREDEF to YES.
MACRO_EXPANSION = NO
MACRO_EXPANSION = YES
# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
# then the macro expansion is limited to the macros specified with the
# PREDEFINED and EXPAND_AS_DEFINED tags.
EXPAND_ONLY_PREDEF = NO
EXPAND_ONLY_PREDEF = YES
# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
# pointed to by INCLUDE_PATH will be searched when a #include is found.
@ -1630,7 +1630,7 @@ PREDEFINED = WIN32 \
# Use the PREDEFINED tag if you want to use a different macro definition that
# overrules the definition found in the source code.
EXPAND_AS_DEFINED =
EXPAND_AS_DEFINED = MBEDTLS_PRIVATE
# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
# doxygen's preprocessor will remove all references to function-like macros

11
include/mbedtls/aes.h
View file

@ -39,6 +39,7 @@
#ifndef MBEDTLS_AES_H
#define MBEDTLS_AES_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -78,9 +79,9 @@ extern "C" {
*/
typedef struct mbedtls_aes_context
{
int nr; /*!< The number of rounds. */
uint32_t *rk; /*!< AES round keys. */
uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */
uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
hold 32 extra Bytes, which can be used for
one of the following purposes:
<ul><li>Alignment if VIA padlock is
@ -97,9 +98,9 @@ mbedtls_aes_context;
*/
typedef struct mbedtls_aes_xts_context
{
mbedtls_aes_context crypt; /*!< The AES context to use for AES block
mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
encryption or decryption. */
mbedtls_aes_context tweak; /*!< The AES context used for tweak
mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak
computation. */
} mbedtls_aes_xts_context;
#endif /* MBEDTLS_CIPHER_MODE_XTS */

7
include/mbedtls/arc4.h
View file

@ -25,6 +25,7 @@
*/
#ifndef MBEDTLS_ARC4_H
#define MBEDTLS_ARC4_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -51,9 +52,9 @@ extern "C" {
*/
typedef struct mbedtls_arc4_context
{
int x; /*!< permutation index */
int y; /*!< permutation index */
unsigned char m[256]; /*!< permutation table */
int MBEDTLS_PRIVATE(x); /*!< permutation index */
int MBEDTLS_PRIVATE(y); /*!< permutation index */
unsigned char MBEDTLS_PRIVATE(m)[256]; /*!< permutation table */
}
mbedtls_arc4_context;

5
include/mbedtls/aria.h
View file

@ -28,6 +28,7 @@
#ifndef MBEDTLS_ARIA_H
#define MBEDTLS_ARIA_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -64,9 +65,9 @@ extern "C" {
*/
typedef struct mbedtls_aria_context
{
unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16) */
/*! The ARIA round keys. */
uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
}
mbedtls_aria_context;

25
include/mbedtls/asn1.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_ASN1_H
#define MBEDTLS_ASN1_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -148,9 +149,9 @@ extern "C" {
*/
typedef struct mbedtls_asn1_buf
{
int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
size_t len; /**< ASN1 length, in octets. */
unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
}
mbedtls_asn1_buf;
@ -159,9 +160,9 @@ mbedtls_asn1_buf;
*/
typedef struct mbedtls_asn1_bitstring
{
size_t len; /**< ASN1 length, in octets. */
unsigned char unused_bits; /**< Number of unused bits at the end of the string */
unsigned char *p; /**< Raw ASN1 data for the bit string */
size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */
unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
}
mbedtls_asn1_bitstring;
@ -170,8 +171,8 @@ mbedtls_asn1_bitstring;
*/
typedef struct mbedtls_asn1_sequence
{
mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */
mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */
struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
}
mbedtls_asn1_sequence;
@ -180,10 +181,10 @@ mbedtls_asn1_sequence;
*/
typedef struct mbedtls_asn1_named_data
{
mbedtls_asn1_buf oid; /**< The object identifier. */
mbedtls_asn1_buf val; /**< The named value. */
struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */
unsigned char next_merged; /**< Merge next item into the current one? */
mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */
}
mbedtls_asn1_named_data;

7
include/mbedtls/bignum.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_BIGNUM_H
#define MBEDTLS_BIGNUM_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -183,9 +184,9 @@ extern "C" {
*/
typedef struct mbedtls_mpi
{
int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */
size_t n; /*!< total # of limbs */
mbedtls_mpi_uint *p; /*!< pointer to limbs */
int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise */
size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */
mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */
}
mbedtls_mpi;

5
include/mbedtls/blowfish.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_BLOWFISH_H
#define MBEDTLS_BLOWFISH_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -57,8 +58,8 @@ extern "C" {
*/
typedef struct mbedtls_blowfish_context
{
uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
uint32_t S[4][256]; /*!< key dependent S-boxes */
uint32_t MBEDTLS_PRIVATE(P)[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
uint32_t MBEDTLS_PRIVATE(S)[4][256]; /*!< key dependent S-boxes */
}
mbedtls_blowfish_context;

5
include/mbedtls/camellia.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_CAMELLIA_H
#define MBEDTLS_CAMELLIA_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -53,8 +54,8 @@ extern "C" {
*/
typedef struct mbedtls_camellia_context
{
int nr; /*!< number of rounds */
uint32_t rk[68]; /*!< CAMELLIA round keys */
int MBEDTLS_PRIVATE(nr); /*!< number of rounds */
uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */
}
mbedtls_camellia_context;

3
include/mbedtls/ccm.h
View file

@ -46,6 +46,7 @@
#ifndef MBEDTLS_CCM_H
#define MBEDTLS_CCM_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -77,7 +78,7 @@ extern "C" {
*/
typedef struct mbedtls_ccm_context
{
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
}
mbedtls_ccm_context;

7
include/mbedtls/chacha20.h
View file

@ -31,6 +31,7 @@
#ifndef MBEDTLS_CHACHA20_H
#define MBEDTLS_CHACHA20_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -51,9 +52,9 @@ extern "C" {
typedef struct mbedtls_chacha20_context
{
uint32_t state[16]; /*! The state (before round operations). */
uint8_t keystream8[64]; /*! Leftover keystream bytes. */
size_t keystream_bytes_used; /*! Number of keystream bytes already used. */
uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round operations). */
uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */
size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes already used. */
}
mbedtls_chacha20_context;

13
include/mbedtls/chachapoly.h
View file

@ -31,6 +31,7 @@
#ifndef MBEDTLS_CHACHAPOLY_H
#define MBEDTLS_CHACHAPOLY_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -61,12 +62,12 @@ mbedtls_chachapoly_mode_t;
typedef struct mbedtls_chachapoly_context
{
mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */
mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */
uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */
uint64_t ciphertext_len; /**< The length (bytes) of the ciphertext. */
int state; /**< The current state of the context. */
mbedtls_chachapoly_mode_t mode; /**< Cipher mode (encrypt or decrypt). */
mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20 context. */
mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305 context. */
uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional Authenticated Data. */
uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the ciphertext. */
int MBEDTLS_PRIVATE(state); /**< The current state of the context. */
mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt or decrypt). */
}
mbedtls_chachapoly_context;

73
include/mbedtls/cipher.h
View file

@ -26,6 +26,7 @@
#ifndef MBEDTLS_CIPHER_H
#define MBEDTLS_CIPHER_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -267,37 +268,37 @@ typedef struct mbedtls_cipher_info_t
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
mbedtls_cipher_type_t type;
mbedtls_cipher_type_t MBEDTLS_PRIVATE(type);
/** The cipher mode. For example, MBEDTLS_MODE_CBC. */
mbedtls_cipher_mode_t mode;
mbedtls_cipher_mode_t MBEDTLS_PRIVATE(mode);
/** The cipher key length, in bits. This is the
* default length for variable sized ciphers.
* Includes parity bits for ciphers like DES.
*/
unsigned int key_bitlen;
unsigned int MBEDTLS_PRIVATE(key_bitlen);
/** Name of the cipher. */
const char * name;
const char * MBEDTLS_PRIVATE(name);
/** IV or nonce size, in Bytes.
* For ciphers that accept variable IV sizes,
* this is the recommended size.
*/
unsigned int iv_size;
unsigned int MBEDTLS_PRIVATE(iv_size);
/** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
* MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
* cipher supports variable IV or variable key sizes, respectively.
*/
int flags;
int MBEDTLS_PRIVATE(flags);
/** The block size, in Bytes. */
unsigned int block_size;
unsigned int MBEDTLS_PRIVATE(block_size);
/** Struct for base cipher information and functions. */
const mbedtls_cipher_base_t *base;
const mbedtls_cipher_base_t *MBEDTLS_PRIVATE(base);
} mbedtls_cipher_info_t;
@ -307,43 +308,43 @@ typedef struct mbedtls_cipher_info_t
typedef struct mbedtls_cipher_context_t
{
/** Information about the associated cipher. */
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
/** Key length to use. */
int key_bitlen;
int MBEDTLS_PRIVATE(key_bitlen);
/** Operation that the key of the context has been
* initialized for.
*/
mbedtls_operation_t operation;
mbedtls_operation_t MBEDTLS_PRIVATE(operation);
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/** Padding functions to use, if relevant for
* the specific cipher mode.
*/
void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len );
int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len );
#endif
/** Buffer for input that has not been processed yet. */
unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
unsigned char MBEDTLS_PRIVATE(unprocessed_data)[MBEDTLS_MAX_BLOCK_LENGTH];
/** Number of Bytes that have not been processed yet. */
size_t unprocessed_len;
size_t MBEDTLS_PRIVATE(unprocessed_len);
/** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
* for XTS-mode. */
unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
unsigned char MBEDTLS_PRIVATE(iv)[MBEDTLS_MAX_IV_LENGTH];
/** IV size in Bytes, for ciphers with variable-length IVs. */
size_t iv_size;
size_t MBEDTLS_PRIVATE(iv_size);
/** The cipher-specific context. */
void *cipher_ctx;
void *MBEDTLS_PRIVATE(cipher_ctx);
#if defined(MBEDTLS_CMAC_C)
/** CMAC-specific context. */
mbedtls_cmac_context_t *cmac_ctx;
mbedtls_cmac_context_t *MBEDTLS_PRIVATE(cmac_ctx);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -354,7 +355,7 @@ typedef struct mbedtls_cipher_context_t
* mbedtls_cipher_setup(), and set if it was established through
* mbedtls_cipher_setup_psa().
*/
unsigned char psa_enabled;
unsigned char MBEDTLS_PRIVATE(psa_enabled);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
} mbedtls_cipher_context_t;
@ -504,10 +505,10 @@ static inline unsigned int mbedtls_cipher_get_block_size(
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
if( ctx->cipher_info == NULL )
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0;
return ctx->cipher_info->block_size;
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
}
/**
@ -523,10 +524,10 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
if( ctx->cipher_info == NULL )
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_MODE_NONE;
return ctx->cipher_info->mode;
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
}
/**
@ -543,13 +544,13 @@ static inline int mbedtls_cipher_get_iv_size(
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
if( ctx->cipher_info == NULL )
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0;
if( ctx->iv_size != 0 )
return (int) ctx->iv_size;
if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 )
return (int) ctx->MBEDTLS_PRIVATE(iv_size);
return (int) ctx->cipher_info->iv_size;
return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
}
/**
@ -565,10 +566,10 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_CIPHER_NONE );
if( ctx->cipher_info == NULL )
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_CIPHER_NONE;
return ctx->cipher_info->type;
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
}
/**
@ -584,10 +585,10 @@ static inline const char *mbedtls_cipher_get_name(
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
if( ctx->cipher_info == NULL )
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0;
return ctx->cipher_info->name;
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
}
/**
@ -604,10 +605,10 @@ static inline int mbedtls_cipher_get_key_bitlen(
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
if( ctx->cipher_info == NULL )
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_KEY_LENGTH_NONE;
return (int) ctx->cipher_info->key_bitlen;
return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
}
/**
@ -623,10 +624,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation(
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_OPERATION_NONE );
if( ctx->cipher_info == NULL )
if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_OPERATION_NONE;
return ctx->operation;
return ctx->MBEDTLS_PRIVATE(operation);
}
/**

7
include/mbedtls/cmac.h
View file

@ -25,6 +25,7 @@
#ifndef MBEDTLS_CMAC_H
#define MBEDTLS_CMAC_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -55,14 +56,14 @@ extern "C" {
struct mbedtls_cmac_context_t
{
/** The internal state of the CMAC algorithm. */
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** Unprocessed data - either data that was not block aligned and is still
* pending processing, or the final block. */
unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** The length of data pending processing. */
size_t unprocessed_len;
size_t MBEDTLS_PRIVATE(unprocessed_len);
};
#else /* !MBEDTLS_CMAC_ALT */

19
include/mbedtls/ctr_drbg.h
View file

@ -40,6 +40,7 @@
#ifndef MBEDTLS_CTR_DRBG_H
#define MBEDTLS_CTR_DRBG_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -168,8 +169,8 @@ extern "C" {
*/
typedef struct mbedtls_ctr_drbg_context
{
unsigned char counter[16]; /*!< The counter (V). */
int reseed_counter; /*!< The reseed counter.
unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
* This is the number of requests that have
* been made since the last (re)seeding,
* minus one.
@ -179,25 +180,25 @@ typedef struct mbedtls_ctr_drbg_context
* or -1 if no nonce length has been explicitly
* set (see mbedtls_ctr_drbg_set_nonce_len()).
*/
int prediction_resistance; /*!< This determines whether prediction
int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction
resistance is enabled, that is
whether to systematically reseed before
each random generation. */
size_t entropy_len; /*!< The amount of entropy grabbed on each
size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each
seed or reseed operation, in bytes. */
int reseed_interval; /*!< The reseed interval.
int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
* This is the maximum number of requests
* that can be made between reseedings. */
mbedtls_aes_context aes_ctx; /*!< The AES context. */
mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
/*
* Callbacks (Entropy)
*/
int (*f_entropy)(void *, unsigned char *, size_t);
int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
/*!< The entropy callback function. */
void *p_entropy; /*!< The context for the entropy function. */
void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if f_entropy != NULL.
@ -207,7 +208,7 @@ typedef struct mbedtls_ctr_drbg_context
* Note that this invariant may change without notice. Do not rely on it
* and do not access the mutex directly in application code.
*/
mbedtls_threading_mutex_t mutex;
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
}
mbedtls_ctr_drbg_context;

5
include/mbedtls/des.h
View file

@ -26,6 +26,7 @@
*/
#ifndef MBEDTLS_DES_H
#define MBEDTLS_DES_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -60,7 +61,7 @@ extern "C" {
*/
typedef struct mbedtls_des_context
{
uint32_t sk[32]; /*!< DES subkeys */
uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */
}
mbedtls_des_context;
@ -69,7 +70,7 @@ mbedtls_des_context;
*/
typedef struct mbedtls_des3_context
{
uint32_t sk[96]; /*!< 3DES subkeys */
uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */
}
mbedtls_des3_context;

23
include/mbedtls/dhm.h
View file

@ -62,6 +62,7 @@
#ifndef MBEDTLS_DHM_H
#define MBEDTLS_DHM_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -95,17 +96,17 @@ extern "C" {
*/
typedef struct mbedtls_dhm_context
{
size_t len; /*!< The size of \p P in Bytes. */
mbedtls_mpi P; /*!< The prime modulus. */
mbedtls_mpi G; /*!< The generator. */
mbedtls_mpi X; /*!< Our secret value. */
mbedtls_mpi GX; /*!< Our public key = \c G^X mod \c P. */
mbedtls_mpi GY; /*!< The public key of the peer = \c G^Y mod \c P. */
mbedtls_mpi K; /*!< The shared secret = \c G^(XY) mod \c P. */
mbedtls_mpi RP; /*!< The cached value = \c R^2 mod \c P. */
mbedtls_mpi Vi; /*!< The blinding value. */
mbedtls_mpi Vf; /*!< The unblinding value. */
mbedtls_mpi pX; /*!< The previous \c X. */
size_t MBEDTLS_PRIVATE(len); /*!< The size of \p P in Bytes. */
mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus. */
mbedtls_mpi MBEDTLS_PRIVATE(G); /*!< The generator. */
mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< Our secret value. */
mbedtls_mpi MBEDTLS_PRIVATE(GX); /*!< Our public key = \c G^X mod \c P. */
mbedtls_mpi MBEDTLS_PRIVATE(GY); /*!< The public key of the peer = \c G^Y mod \c P. */
mbedtls_mpi MBEDTLS_PRIVATE(K); /*!< The shared secret = \c G^(XY) mod \c P. */
mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< The cached value = \c R^2 mod \c P. */
mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
mbedtls_mpi MBEDTLS_PRIVATE(pX); /*!< The previous \c X. */
}
mbedtls_dhm_context;

49
include/mbedtls/ecdh.h
View file

@ -31,6 +31,7 @@
#ifndef MBEDTLS_ECDH_H
#define MBEDTLS_ECDH_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -102,13 +103,13 @@ typedef enum
*/
typedef struct mbedtls_ecdh_context_mbed
{
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */
mbedtls_ecp_point Q; /*!< The public key. */
mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
mbedtls_mpi z; /*!< The shared secret. */
mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
#endif
} mbedtls_ecdh_context_mbed;
#endif
@ -123,35 +124,35 @@ typedef struct mbedtls_ecdh_context_mbed
typedef struct mbedtls_ecdh_context
{
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */
mbedtls_ecp_point Q; /*!< The public key. */
mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
mbedtls_mpi z; /*!< The shared secret. */
int point_format; /*!< The format of point export in TLS messages. */
mbedtls_ecp_point Vi; /*!< The blinding value. */
mbedtls_ecp_point Vf; /*!< The unblinding value. */
mbedtls_mpi _d; /*!< The previous \p d. */
mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
int restart_enabled; /*!< The flag for restartable mode. */
mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
int MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. */
mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
#endif /* MBEDTLS_ECP_RESTARTABLE */
#else
uint8_t point_format; /*!< The format of point export in TLS messages
uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages
as defined in RFC 4492. */
mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */
mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);/*!< The elliptic curve used. */
mbedtls_ecdh_variant MBEDTLS_PRIVATE(var); /*!< The ECDH implementation/structure used. */
union
{
mbedtls_ecdh_context_mbed mbed_ecdh;
mbedtls_ecdh_context_mbed MBEDTLS_PRIVATE(mbed_ecdh);
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
mbedtls_ecdh_context_everest everest_ecdh;
mbedtls_ecdh_context_everest MBEDTLS_PRIVATE(everest_ecdh);
#endif
} ctx; /*!< Implementation-specific context. The
} MBEDTLS_PRIVATE(ctx); /*!< Implementation-specific context. The
context in use is specified by the \c var
field. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
uint8_t restart_enabled; /*!< The flag for restartable mode. Functions of
uint8_t MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. Functions of
an alternative implementation not supporting
restartable mode must return
MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error

9
include/mbedtls/ecdsa.h
View file

@ -29,6 +29,7 @@
#ifndef MBEDTLS_ECDSA_H
#define MBEDTLS_ECDSA_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -107,12 +108,12 @@ typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
*/
typedef struct
{
mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and
mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP restart and
shared administrative info */
mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */
mbedtls_ecdsa_restart_sig_ctx *sig; /*!< ecdsa_sign() sub-context */
mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify() sub-context */
mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign() sub-context */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */
mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det() sub-context */
#endif
} mbedtls_ecdsa_restart_ctx;

25
include/mbedtls/ecjpake.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_ECJPAKE_H
#define MBEDTLS_ECJPAKE_H
#include "mbedtls/private_access.h"
/*
* J-PAKE is a password-authenticated key exchange that allows deriving a
@ -73,21 +74,21 @@ typedef enum {
*/
typedef struct mbedtls_ecjpake_context
{
const mbedtls_md_info_t *md_info; /**< Hash to use */
mbedtls_ecp_group grp; /**< Elliptic curve */
mbedtls_ecjpake_role role; /**< Are we client or server? */
int point_format; /**< Format for point export */
const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */
mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */
mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */
int MBEDTLS_PRIVATE(point_format); /**< Format for point export */
mbedtls_ecp_point Xm1; /**< My public key 1 C: X1, S: X3 */
mbedtls_ecp_point Xm2; /**< My public key 2 C: X2, S: X4 */
mbedtls_ecp_point Xp1; /**< Peer public key 1 C: X3, S: X1 */
mbedtls_ecp_point Xp2; /**< Peer public key 2 C: X4, S: X2 */
mbedtls_ecp_point Xp; /**< Peer public key C: Xs, S: Xc */
mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1 C: X1, S: X3 */
mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2 C: X2, S: X4 */
mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1 */
mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2 */
mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key C: Xs, S: Xc */
mbedtls_mpi xm1; /**< My private key 1 C: x1, S: x3 */
mbedtls_mpi xm2; /**< My private key 2 C: x2, S: x4 */
mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1 C: x1, S: x3 */
mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2 C: x2, S: x4 */
mbedtls_mpi s; /**< Pre-shared secret (passphrase) */
mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */
} mbedtls_ecjpake_context;
#else /* MBEDTLS_ECJPAKE_ALT */

59
include/mbedtls/ecp.h
View file

@ -33,6 +33,7 @@
#ifndef MBEDTLS_ECP_H
#define MBEDTLS_ECP_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -142,10 +143,10 @@ typedef enum
*/
typedef struct mbedtls_ecp_curve_info
{
mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
uint16_t bit_size; /*!< The curve size in bits. */
const char *name; /*!< A human-friendly name. */
mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */
uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
} mbedtls_ecp_curve_info;
/**
@ -161,9 +162,9 @@ typedef struct mbedtls_ecp_curve_info
*/
typedef struct mbedtls_ecp_point
{
mbedtls_mpi X; /*!< The X coordinate of the ECP point. */
mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */
mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */
mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
}
mbedtls_ecp_point;
@ -210,26 +211,26 @@ mbedtls_ecp_point;
*/
typedef struct mbedtls_ecp_group
{
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
mbedtls_mpi P; /*!< The prime modulus of the base field. */
mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
mbedtls_ecp_group_id MBEDTLS_PRIVATE(id); /*!< An internal group identifier. */
mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus of the base field. */
mbedtls_mpi MBEDTLS_PRIVATE(A); /*!< For Short Weierstrass: \p A in the equation. For
Montgomery curves: <code>(A + 2) / 4</code>. */
mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
mbedtls_mpi MBEDTLS_PRIVATE(B); /*!< For Short Weierstrass: \p B in the equation.
For Montgomery curves: unused. */
mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
mbedtls_mpi N; /*!< The order of \p G. */
size_t pbits; /*!< The number of bits in \p P.*/
size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
mbedtls_ecp_point MBEDTLS_PRIVATE(G); /*!< The generator of the subgroup used. */
mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The order of \p G. */
size_t MBEDTLS_PRIVATE(pbits); /*!< The number of bits in \p P.*/
size_t MBEDTLS_PRIVATE(nbits); /*!< For Short Weierstrass: The number of bits in \p P.
For Montgomery curves: the number of bits in the
private keys. */
unsigned int h; /*!< \internal 1 if the constants are static. */
int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */
int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
mod \p P (see above).*/
int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */
int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */
void *t_data; /*!< Unused. */
mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */
size_t T_size; /*!< The number of dynamic allocated pre-computed points. */
int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */
void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */
size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated pre-computed points. */
}
mbedtls_ecp_group;
@ -317,10 +318,10 @@ typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
*/
typedef struct
{
unsigned ops_done; /*!< current ops count */
unsigned depth; /*!< call depth (0 = top-level) */
mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */
mbedtls_ecp_restart_muladd_ctx *ma; /*!< ecp_muladd() sub-context */
unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */
unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */
mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb() sub-context */
mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd() sub-context */
} mbedtls_ecp_restart_ctx;
/*
@ -370,9 +371,9 @@ typedef void mbedtls_ecp_restart_ctx;
*/
typedef struct mbedtls_ecp_keypair
{
mbedtls_ecp_group grp; /*!< Elliptic curve and base point */
mbedtls_mpi d; /*!< our secret value */
mbedtls_ecp_point Q; /*!< our public value */
mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point */
mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */
mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */
}
mbedtls_ecp_keypair;

25
include/mbedtls/entropy.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_ENTROPY_H
#define MBEDTLS_ENTROPY_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -104,11 +105,11 @@ typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, s
*/
typedef struct mbedtls_entropy_source_state
{
mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */
void * p_source; /**< The callback data pointer */
size_t size; /**< Amount received in bytes */
size_t threshold; /**< Minimum bytes required before release */
int strong; /**< Is the source strong? */
mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy source callback */
void * MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before release */
int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
}
mbedtls_entropy_source_state;
@ -117,21 +118,21 @@ mbedtls_entropy_source_state;
*/
typedef struct mbedtls_entropy_context
{
int accumulator_started; /* 0 after init.
int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
* 1 after the first update.
* -1 after free. */
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
mbedtls_sha512_context accumulator;
mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator);
#else
mbedtls_sha256_context accumulator;
mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator);
#endif
int source_count; /* Number of entries used in source. */
mbedtls_entropy_source_state source[MBEDTLS_ENTROPY_MAX_SOURCES];
int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex; /*!< mutex */
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
int initial_entropy_run;
int MBEDTLS_PRIVATE(initial_entropy_run);
#endif
}
mbedtls_entropy_context;

19
include/mbedtls/gcm.h
View file

@ -30,6 +30,7 @@
#ifndef MBEDTLS_GCM_H
#define MBEDTLS_GCM_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -58,15 +59,15 @@ extern "C" {
*/
typedef struct mbedtls_gcm_context
{
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
uint64_t HL[16]; /*!< Precalculated HTable low. */
uint64_t HH[16]; /*!< Precalculated HTable high. */
uint64_t len; /*!< The total length of the encrypted data. */
uint64_t add_len; /*!< The total length of the additional data. */
unsigned char base_ectr[16]; /*!< The first ECTR for tag. */
unsigned char y[16]; /*!< The Y working value. */
unsigned char buf[16]; /*!< The buf working value. */
int mode; /*!< The operation to perform:
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */
uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */
unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */
unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
#MBEDTLS_GCM_ENCRYPT or
#MBEDTLS_GCM_DECRYPT. */
}

19
include/mbedtls/hmac_drbg.h
View file

@ -25,6 +25,7 @@
*/
#ifndef MBEDTLS_HMAC_DRBG_H
#define MBEDTLS_HMAC_DRBG_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -86,19 +87,19 @@ typedef struct mbedtls_hmac_drbg_context
{
/* Working state: the key K is not stored explicitly,
* but is implied by the HMAC context */
mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */
unsigned char V[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
int reseed_counter; /*!< reseed counter */
mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */
unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter */
/* Administrative state */
size_t entropy_len; /*!< entropy bytes grabbed on each (re)seed */
int prediction_resistance; /*!< enable prediction resistance (Automatic
size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each (re)seed */
int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction resistance (Automatic
reseed before every random generation) */
int reseed_interval; /*!< reseed interval */
int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval */
/* Callbacks */
int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
void *p_entropy; /*!< context for the entropy function */
int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); /*!< entropy function */
void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if
@ -109,7 +110,7 @@ typedef struct mbedtls_hmac_drbg_context
* Note that this invariant may change without notice. Do not rely on it
* and do not access the mutex directly in application code.
*/
mbedtls_threading_mutex_t mutex;
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
} mbedtls_hmac_drbg_context;

7
include/mbedtls/md.h
View file

@ -24,6 +24,7 @@
#ifndef MBEDTLS_MD_H
#define MBEDTLS_MD_H
#include "mbedtls/private_access.h"
#include <stddef.h>
@ -93,13 +94,13 @@ typedef struct mbedtls_md_info_t mbedtls_md_info_t;
typedef struct mbedtls_md_context_t
{
/** Information about the associated message digest. */
const mbedtls_md_info_t *md_info;
const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);
/** The digest-specific context. */
void *md_ctx;
void *MBEDTLS_PRIVATE(md_ctx);
/** The HMAC part of the context. */
void *hmac_ctx;
void *MBEDTLS_PRIVATE(hmac_ctx);
} mbedtls_md_context_t;
/**

9
include/mbedtls/md2.h
View file

@ -26,6 +26,7 @@
*/
#ifndef MBEDTLS_MD2_H
#define MBEDTLS_MD2_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -53,10 +54,10 @@ extern "C" {
*/
typedef struct mbedtls_md2_context
{
unsigned char cksum[16]; /*!< checksum of the data block */
unsigned char state[48]; /*!< intermediate digest state */
unsigned char buffer[16]; /*!< data block being processed */
size_t left; /*!< amount of data in buffer */
unsigned char MBEDTLS_PRIVATE(cksum)[16]; /*!< checksum of the data block */
unsigned char MBEDTLS_PRIVATE(state)[48]; /*!< intermediate digest state */
unsigned char MBEDTLS_PRIVATE(buffer)[16]; /*!< data block being processed */
size_t MBEDTLS_PRIVATE(left); /*!< amount of data in buffer */
}
mbedtls_md2_context;

7
include/mbedtls/md4.h
View file

@ -26,6 +26,7 @@
*/
#ifndef MBEDTLS_MD4_H
#define MBEDTLS_MD4_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -54,9 +55,9 @@ extern "C" {
*/
typedef struct mbedtls_md4_context
{
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_md4_context;

7
include/mbedtls/md5.h
View file

@ -25,6 +25,7 @@
*/
#ifndef MBEDTLS_MD5_H
#define MBEDTLS_MD5_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -53,9 +54,9 @@ extern "C" {
*/
typedef struct mbedtls_md5_context
{
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_md5_context;

3
include/mbedtls/net_sockets.h
View file

@ -37,6 +37,7 @@
*/
#ifndef MBEDTLS_NET_SOCKETS_H
#define MBEDTLS_NET_SOCKETS_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -84,7 +85,7 @@ extern "C" {
*/
typedef struct mbedtls_net_context
{
int fd; /**< The underlying file descriptor */
int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
}
mbedtls_net_context;

3
include/mbedtls/nist_kw.h
View file

@ -34,6 +34,7 @@
#ifndef MBEDTLS_NIST_KW_H
#define MBEDTLS_NIST_KW_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -65,7 +66,7 @@ typedef enum
* Don't make any assumptions on this context!
*/
typedef struct {
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
} mbedtls_nist_kw_context;
#else /* MBEDTLS_NIST_key wrapping_ALT */

9
include/mbedtls/oid.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_OID_H
#define MBEDTLS_OID_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -440,11 +441,11 @@ extern "C" {
*/
typedef struct mbedtls_oid_descriptor_t
{
const char *asn1; /*!< OID ASN.1 representation */
size_t asn1_len; /*!< length of asn1 */
const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */
size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
const char *name; /*!< official name (e.g. from RFC) */
const char *description; /*!< human friendly description */
const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */
const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
#endif
} mbedtls_oid_descriptor_t;

7
include/mbedtls/pem.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_PEM_H
#define MBEDTLS_PEM_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -57,9 +58,9 @@ extern "C" {
*/
typedef struct mbedtls_pem_context
{
unsigned char *buf; /*!< buffer for decoded data */
size_t buflen; /*!< length of the buffer */
unsigned char *info; /*!< buffer for extra header information */
unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */
size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */
unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header information */
}
mbedtls_pem_context;

23
include/mbedtls/pk.h
View file

@ -22,6 +22,7 @@
#ifndef MBEDTLS_PK_H
#define MBEDTLS_PK_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -91,8 +92,8 @@ typedef enum {
*/
typedef struct mbedtls_pk_rsassa_pss_options
{
mbedtls_md_type_t mgf1_hash_id;
int expected_salt_len;
mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id);
int MBEDTLS_PRIVATE(expected_salt_len);
} mbedtls_pk_rsassa_pss_options;
@ -163,9 +164,9 @@ typedef enum
*/
typedef struct mbedtls_pk_debug_item
{
mbedtls_pk_debug_type type;
const char *name;
void *value;
mbedtls_pk_debug_type MBEDTLS_PRIVATE(type);
const char *MBEDTLS_PRIVATE(name);
void *MBEDTLS_PRIVATE(value);
} mbedtls_pk_debug_item;
/** Maximum number of item send for debugging, plus 1 */
@ -181,8 +182,8 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
*/
typedef struct mbedtls_pk_context
{
const mbedtls_pk_info_t * pk_info; /**< Public key information */
void * pk_ctx; /**< Underlying public key context */
const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
void * MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
} mbedtls_pk_context;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@ -191,8 +192,8 @@ typedef struct mbedtls_pk_context
*/
typedef struct
{
const mbedtls_pk_info_t * pk_info; /**< Public key information */
void * rs_ctx; /**< Underlying restart context */
const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
void * MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */
} mbedtls_pk_restart_ctx;
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/* Now we can declare functions that take a pointer to that */
@ -208,7 +209,7 @@ typedef void mbedtls_pk_restart_ctx;
*/
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
{
return( (mbedtls_rsa_context *) (pk).pk_ctx );
return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
}
#endif /* MBEDTLS_RSA_C */
@ -221,7 +222,7 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
*/
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
{
return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
}
#endif /* MBEDTLS_ECP_C */

3
include/mbedtls/platform.h
View file

@ -30,6 +30,7 @@
*/
#ifndef MBEDTLS_PLATFORM_H
#define MBEDTLS_PLATFORM_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -367,7 +368,7 @@ int mbedtls_platform_set_nv_seed(
*/
typedef struct mbedtls_platform_context
{
char dummy; /**< A placeholder member, as empty structs are not portable. */
char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */
}
mbedtls_platform_context;

11
include/mbedtls/poly1305.h
View file

@ -31,6 +31,7 @@
#ifndef MBEDTLS_POLY1305_H
#define MBEDTLS_POLY1305_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -51,11 +52,11 @@ extern "C" {
typedef struct mbedtls_poly1305_context
{
uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */
uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */
uint32_t acc[5]; /** The accumulator number. */
uint8_t queue[16]; /** The current partial block of data. */
size_t queue_len; /** The number of bytes stored in 'queue'. */
uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the key). */
uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the key). */
uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */
uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data. */
size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in 'queue'. */
}
mbedtls_poly1305_context;

32
include/mbedtls/private_access.h Normal file
View file

@ -0,0 +1,32 @@
/**
* \file private_access.h
*
* \brief Macro wrapper for struct's memebrs.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef MBEDTLS_PRIVATE_ACCESS_H
#define MBEDTLS_PRIVATE_ACCESS_H
#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
#define MBEDTLS_PRIVATE(member) private_##member
#else
#define MBEDTLS_PRIVATE(member) member
#endif
#endif /* MBEDTLS_PRIVATE_ACCESS_H */

3
include/mbedtls/psa_util.h
View file

@ -25,6 +25,7 @@
#ifndef MBEDTLS_PSA_UTIL_H
#define MBEDTLS_PSA_UTIL_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -380,7 +381,7 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
if( curve_info == NULL )
return( 0 );
return( PSA_KEY_TYPE_ECC_KEY_PAIR(
mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) );
}
#endif /* MBEDTLS_ECP_C */

7
include/mbedtls/ripemd160.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_RIPEMD160_H
#define MBEDTLS_RIPEMD160_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -44,9 +45,9 @@ extern "C" {
*/
typedef struct mbedtls_ripemd160_context
{
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[5]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_ripemd160_context;

41
include/mbedtls/rsa.h
View file

@ -27,6 +27,7 @@
*/
#ifndef MBEDTLS_RSA_H
#define MBEDTLS_RSA_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -81,48 +82,44 @@ extern "C" {
/**
* \brief The RSA context structure.
*
* \note Direct manipulation of the members of this structure
* is deprecated. All manipulation should instead be done through
* the public interface functions.
*/
typedef struct mbedtls_rsa_context
{
int ver; /*!< Reserved for internal purposes.
int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes.
* Do not set this field in application
* code. Its meaning might change without
* notice. */
size_t len; /*!< The size of \p N in Bytes. */
size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
mbedtls_mpi N; /*!< The public modulus. */
mbedtls_mpi E; /*!< The public exponent. */
mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
mbedtls_mpi D; /*!< The private exponent. */
mbedtls_mpi P; /*!< The first prime factor. */
mbedtls_mpi Q; /*!< The second prime factor. */
mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
mbedtls_mpi DP; /*!< <code>D % (P - 1)</code>. */
mbedtls_mpi DQ; /*!< <code>D % (Q - 1)</code>. */
mbedtls_mpi QP; /*!< <code>1 / (Q % P)</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< <code>D % (P - 1)</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< <code>D % (Q - 1)</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< <code>1 / (Q % P)</code>. */
mbedtls_mpi RN; /*!< cached <code>R^2 mod N</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached <code>R^2 mod N</code>. */
mbedtls_mpi RP; /*!< cached <code>R^2 mod P</code>. */
mbedtls_mpi RQ; /*!< cached <code>R^2 mod Q</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached <code>R^2 mod P</code>. */
mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached <code>R^2 mod Q</code>. */
mbedtls_mpi Vi; /*!< The cached blinding value. */
mbedtls_mpi Vf; /*!< The cached un-blinding value. */
mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
int padding; /*!< Selects padding mode:
int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
#MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
#MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
int hash_id; /*!< Hash identifier of mbedtls_md_type_t type,
int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type,
as specified in md.h for use in the MGF
mask generating function used in the
EME-OAEP and EMSA-PSS encodings. */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized iff ver != 0. */
mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */
#endif
}
mbedtls_rsa_context;

7
include/mbedtls/sha1.h
View file

@ -28,6 +28,7 @@
*/
#ifndef MBEDTLS_SHA1_H
#define MBEDTLS_SHA1_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -58,9 +59,9 @@ extern "C" {
*/
typedef struct mbedtls_sha1_context
{
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[5]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state. */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
}
mbedtls_sha1_context;

9
include/mbedtls/sha256.h
View file

@ -24,6 +24,7 @@
*/
#ifndef MBEDTLS_SHA256_H
#define MBEDTLS_SHA256_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -53,10 +54,10 @@ extern "C" {
*/
typedef struct mbedtls_sha256_context
{
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */
int is224; /*!< Determines which function to use:
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
0: Use SHA-256, or 1: Use SHA-224. */
}
mbedtls_sha256_context;

11
include/mbedtls/sha512.h
View file

@ -23,6 +23,7 @@
*/
#ifndef MBEDTLS_SHA512_H
#define MBEDTLS_SHA512_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -52,12 +53,12 @@ extern "C" {
*/
typedef struct mbedtls_sha512_context
{
uint64_t total[2]; /*!< The number of Bytes processed. */
uint64_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[128]; /*!< The data block being processed. */
uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being processed. */
#if defined(MBEDTLS_SHA384_C)
int is384; /*!< Determines which function to use:
0: Use SHA-512, or 1: Use SHA-384. */
int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
0: Use SHA-512, or 1: Use SHA-384. */
#endif
}
mbedtls_sha512_context;

327
include/mbedtls/ssl.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -897,11 +898,11 @@ typedef uint16_t mbedtls_ssl_srtp_profile;
typedef struct mbedtls_dtls_srtp_info_t
{
/*! The SRTP profile that was negotiated. */
mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile);
/*! The length of mki_value. */
uint16_t mki_len;
uint16_t MBEDTLS_PRIVATE(mki_len);
/*! The mki_value used, with max size of 256 bytes. */
unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
}
mbedtls_dtls_srtp_info;
@ -921,43 +922,43 @@ mbedtls_dtls_srtp_info;
struct mbedtls_ssl_session
{
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t start; /*!< starting time */
mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
#endif
int ciphersuite; /*!< chosen ciphersuite */
int compression; /*!< chosen compression */
size_t id_len; /*!< session id length */
unsigned char id[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */
int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */
mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*! The digest of the peer's end-CRT. This must be kept to detect CRT
* changes during renegotiation, mitigating the triple handshake attack. */
unsigned char *peer_cert_digest;
size_t peer_cert_digest_len;
mbedtls_md_type_t peer_cert_digest_type;
unsigned char *MBEDTLS_PRIVATE(peer_cert_digest);
size_t MBEDTLS_PRIVATE(peer_cert_digest_len);
mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type);
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
uint32_t verify_result; /*!< verification result */
uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
unsigned char *ticket; /*!< RFC 5077 session ticket */
size_t ticket_len; /*!< session ticket length */
uint32_t ticket_lifetime; /*!< ticket lifetime hint */
unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */
uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
int trunc_hmac; /*!< flag for truncated hmac activation */
int MBEDTLS_PRIVATE(trunc_hmac); /*!< flag for truncated hmac activation */
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int encrypt_then_mac; /*!< flag for EtM activation */
int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
};
@ -973,114 +974,114 @@ struct mbedtls_ssl_config
*/
/** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */
const int *ciphersuite_list;
const int *MBEDTLS_PRIVATE(ciphersuite_list);
/** Callback for printing debug output */
void (*f_dbg)(void *, int, const char *, int, const char *);
void *p_dbg; /*!< context for the debug function */
void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
/** Callback for getting (pseudo-)random numbers */
int (*f_rng)(void *, unsigned char *, size_t);
void *p_rng; /*!< context for the RNG function */
int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
/** Callback to retrieve a session from the cache */
mbedtls_ssl_cache_get_t *f_get_cache;
mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
/** Callback to store a session into the cache */
mbedtls_ssl_cache_set_t *f_set_cache;
void *p_cache; /*!< context for cache callbacks */
mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache);
void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
void *p_sni; /*!< context for SNI callback */
int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy; /*!< context for X.509 verify calllback */
int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/** Callback to retrieve PSK key from identity */
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
void *p_psk; /*!< context for PSK callback */
int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a cookie for ClientHello veirifcation */
int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *,
const unsigned char *, size_t );
/** Callback to verify validity of a ClientHello cookie */
int (*f_cookie_check)( void *, const unsigned char *, size_t,
int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t,
const unsigned char *, size_t );
void *p_cookie; /*!< context for the cookie callbacks */
void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a session ticket */
int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *,
unsigned char *, const unsigned char *, size_t *, uint32_t * );
/** Callback to parse a session ticket into a session structure */
int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
void *p_ticket; /*!< context for the ticket callbacks */
int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/** Callback to export key block and master secret */
int (*f_export_keys)( void *, const unsigned char *,
int (*MBEDTLS_PRIVATE(f_export_keys))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t );
/** Callback to export key block, master secret,
* tls_prf and random bytes. Should replace f_export_keys */
int (*f_export_keys_ext)( void *, const unsigned char *,
int (*MBEDTLS_PRIVATE(f_export_keys_ext))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t,
const unsigned char[32], const unsigned char[32],
mbedtls_tls_prf_types );
void *p_export_keys; /*!< context for key export callback */
void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */
size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
mbedtls_x509_crt *ca_chain; /*!< trusted CAs */
mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */
mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */
mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
mbedtls_x509_crt_ca_cb_t f_ca_cb;
void *p_ca_cb;
mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb);
void *MBEDTLS_PRIVATE(p_ca_cb);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */
mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */
mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */
mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */
void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
const int *sig_hashes; /*!< allowed signature hashes */
const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#endif
#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */
const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
#endif
#if defined(MBEDTLS_DHM_C)
mbedtls_mpi dhm_P; /*!< prime modulus for DHM */
mbedtls_mpi dhm_G; /*!< generator for DHM */
mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field
psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
* should only be set via
* mbedtls_ssl_conf_psk_opaque().
* If either no PSK or a raw PSK have been
@ -1088,22 +1089,22 @@ struct mbedtls_ssl_config
*/
#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char *psk; /*!< The raw pre-shared key. This field should
unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
* only be set via mbedtls_ssl_conf_psk().
* If either no PSK or an opaque PSK
* have been configured, this has value NULL. */
size_t psk_len; /*!< The length of the raw pre-shared key.
size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if
* \c psk is not \c NULL. */
unsigned char *psk_identity; /*!< The PSK identity for PSK negotiation.
unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* This is set if and only if either
* \c psk or \c psk_opaque are set. */
size_t psk_identity_len;/*!< The length of PSK identity.
size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if
@ -1112,264 +1113,264 @@ struct mbedtls_ssl_config
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
const char **alpn_list; /*!< ordered list of protocols */
const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*! ordered list of supported srtp profile */
const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list;
const mbedtls_ssl_srtp_profile *MBEDTLS_PRIVATE(dtls_srtp_profile_list);
/*! number of supported profiles */
size_t dtls_srtp_profile_list_len;
size_t MBEDTLS_PRIVATE(dtls_srtp_profile_list_len);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Numerical settings (int then char)
*/
uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
uint32_t hs_timeout_min; /*!< initial value of the handshake
uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake
retransmission timeout (ms) */
uint32_t hs_timeout_max; /*!< maximum value of the handshake
uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake
retransmission timeout (ms) */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_max_records; /*!< grace period for renegotiation */
unsigned char renego_period[8]; /*!< value of the record counters
int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */
unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters
that triggers renegotiation */
#endif
unsigned int badmac_limit; /*!< limit of records with a bad MAC */
unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
#endif
unsigned char max_major_ver; /*!< max. major version used */
unsigned char max_minor_ver; /*!< max. minor version used */
unsigned char min_major_ver; /*!< min. major version used */
unsigned char min_minor_ver; /*!< min. minor version used */
unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
/*
* Flags (bitfields)
*/
unsigned int endpoint : 1; /*!< 0: client, 1: server */
unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */
unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */
unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */
unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned int mfl_code : 3; /*!< desired fragment length */
unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */
unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
unsigned int extended_ms : 1; /*!< negotiate extended master secret? */
unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
unsigned int anti_replay : 1; /*!< detect and prevent replay? */
unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
unsigned int disable_renegotiation : 1; /*!< disable renegotiation? */
unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
unsigned int trunc_hmac : 1; /*!< negotiate truncated hmac? */
unsigned int MBEDTLS_PRIVATE(trunc_hmac) : 1; /*!< negotiate truncated hmac? */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
unsigned int session_tickets : 1; /*!< use session tickets? */
unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in
unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
Certificate Request messages? */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
* record with unexpected CID
* should lead to failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
unsigned int dtls_srtp_mki_support : 1; /* support having mki_value
unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
in the use_srtp extension */
#endif
};
struct mbedtls_ssl_context
{
const mbedtls_ssl_config *conf; /*!< configuration information */
const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */
/*
* Miscellaneous
*/
int state; /*!< SSL handshake: current state */
int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_status; /*!< Initial, in progress, pending? */
int renego_records_seen; /*!< Records since renego request, or with DTLS,
int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */
int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
unsigned badmac_seen; /*!< records with a bad MAC received */
int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy; /*!< context for X.509 verify callback */
int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
#endif
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
mbedtls_ssl_recv_timeout_t *f_recv_timeout;
mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */
mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */
mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout);
/*!< Callback for network receive with timeout */
void *p_bio; /*!< context for I/O operations */
void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */
/*
* Session layer
*/
mbedtls_ssl_session *session_in; /*!< current session data (in) */
mbedtls_ssl_session *session_out; /*!< current session data (out) */
mbedtls_ssl_session *session; /*!< negotiated session data */
mbedtls_ssl_session *session_negotiate; /*!< session data in negotiation */
mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */
mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */
mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */
mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */
mbedtls_ssl_handshake_params *handshake; /*!< params required only during
mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during
the handshake process */
/*
* Record layer transformations
*/
mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */
mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */
mbedtls_ssl_transform *transform; /*!< negotiated transform params */
mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */
/*
* Timers
*/
void *p_timer; /*!< context for the timer callbacks */
void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */
mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */
mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */
mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */
/*
* Record layer (incoming data)
*/
unsigned char *in_buf; /*!< input buffer */
unsigned char *in_ctr; /*!< 64-bit incoming message counter
unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
TLS: maintained by us
DTLS: read from peer */
unsigned char *in_hdr; /*!< start of record header */
unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned char *in_cid; /*!< The start of the CID;
unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *in_len; /*!< two-bytes message length field */
unsigned char *in_iv; /*!< ivlen-byte IV */
unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
unsigned char *in_offt; /*!< read offset in application data */
unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */
unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */
unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */
int in_msgtype; /*!< record header: message type */
size_t in_msglen; /*!< record header: message length */
size_t in_left; /*!< amount of data read so far */
int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */
size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */
size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t in_buf_len; /*!< length of input buffer */
size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
uint16_t in_epoch; /*!< DTLS epoch for incoming records */
size_t next_record_offset; /*!< offset of the next record in datagram
uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */
size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram
(equal to in_left if none) */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
uint64_t in_window_top; /*!< last validated record seq_num */
uint64_t in_window; /*!< bitmask for replay detection */
uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */
uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
size_t in_hslen; /*!< current handshake message length,
size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
including the handshake header */
int nb_zero; /*!< # of 0-length encrypted messages */
int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
int keep_current_message; /*!< drop or reuse current message
int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message
on next call to record layer? */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
uint8_t disable_datagram_packing; /*!< Disable packing multiple records
uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records
* within a single datagram. */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* Record layer (outgoing data)
*/
unsigned char *out_buf; /*!< output buffer */
unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
unsigned char *out_hdr; /*!< start of record header */
unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */
unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned char *out_cid; /*!< The start of the CID;
unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *out_len; /*!< two-bytes message length field */
unsigned char *out_iv; /*!< ivlen-byte IV */
unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */
unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */
int out_msgtype; /*!< record header: message type */
size_t out_msglen; /*!< record header: message length */
size_t out_left; /*!< amount of data not yet written */
int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */
size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */
size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
size_t out_buf_len; /*!< length of output buffer */
size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
#endif
unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */
unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */
uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* PKI layer
*/
int client_auth; /*!< flag for client auth. */
int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
/*
* User settings
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
char *hostname; /*!< expected peer CN for verification
char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
(and SNI if available) */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN)
const char *alpn_chosen; /*!< negotiated protocol */
const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*
* use_srtp extension
*/
mbedtls_dtls_srtp_info dtls_srtp_info;
mbedtls_dtls_srtp_info MBEDTLS_PRIVATE(dtls_srtp_info);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Information for DTLS hello verify
*/
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
unsigned char *cli_id; /*!< transport-level ID of the client */
size_t cli_id_len; /*!< length of cli_id */
unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */
size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/*
* Secure renegotiation
*/
/* needed to know when to send extension on server */
int secure_renegotiation; /*!< does peer support legacy or
int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or
secure renegotiation */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
size_t verify_data_len; /*!< length of verify data stored */
char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */
char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@ -1379,9 +1380,9 @@ struct mbedtls_ssl_context
* all subsequent handshakes. This may be different from the
* CID currently used in case the user has re-configured the CID
* after an initial handshake. */
unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
uint8_t own_cid_len; /*!< The length of \c own_cid. */
uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should
* be negotiated in the next handshake or not.
* Possible values are #MBEDTLS_SSL_CID_ENABLED
* and #MBEDTLS_SSL_CID_DISABLED. */

21
include/mbedtls/ssl_cache.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_CACHE_H
#define MBEDTLS_SSL_CACHE_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -65,16 +66,16 @@ typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
struct mbedtls_ssl_cache_entry
{
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t timestamp; /*!< entry timestamp */
mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */
#endif
unsigned char session_id[32]; /*!< session ID */
size_t session_id_len;
unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */
size_t MBEDTLS_PRIVATE(session_id_len);
unsigned char *session; /*!< serialized session */
size_t session_len;
unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
size_t MBEDTLS_PRIVATE(session_len);
mbedtls_ssl_cache_entry *next; /*!< chain pointer */
mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */
};
/**
@ -82,11 +83,11 @@ struct mbedtls_ssl_cache_entry
*/
struct mbedtls_ssl_cache_context
{
mbedtls_ssl_cache_entry *chain; /*!< start of the chain */
int timeout; /*!< cache entry timeout */
int max_entries; /*!< maximum entries */
mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */
int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex; /*!< mutex */
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif
};

37
include/mbedtls/ssl_ciphersuites.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_CIPHERSUITES_H
#define MBEDTLS_SSL_CIPHERSUITES_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -362,19 +363,19 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
*/
struct mbedtls_ssl_ciphersuite_t
{
int id;
const char * name;
int MBEDTLS_PRIVATE(id);
const char * MBEDTLS_PRIVATE(name);
mbedtls_cipher_type_t cipher;
mbedtls_md_type_t mac;
mbedtls_key_exchange_type_t key_exchange;
mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher);
mbedtls_md_type_t MBEDTLS_PRIVATE(mac);
mbedtls_key_exchange_type_t MBEDTLS_PRIVATE(key_exchange);
int min_major_ver;
int min_minor_ver;
int max_major_ver;
int max_minor_ver;
int MBEDTLS_PRIVATE(min_major_ver);
int MBEDTLS_PRIVATE(min_minor_ver);
int MBEDTLS_PRIVATE(max_major_ver);
int MBEDTLS_PRIVATE(max_minor_ver);
unsigned char flags;
unsigned char MBEDTLS_PRIVATE(flags);
};
const int *mbedtls_ssl_list_ciphersuites( void );
@ -393,7 +394,7 @@ int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
@ -412,7 +413,7 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@ -430,7 +431,7 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@ -444,7 +445,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersui
static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@ -461,7 +462,7 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ci
static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
@ -480,7 +481,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphe
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
@ -495,7 +496,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuit
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
@ -511,7 +512,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersu
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:

9
include/mbedtls/ssl_cookie.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_COOKIE_H
#define MBEDTLS_SSL_COOKIE_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -56,15 +57,15 @@ extern "C" {
*/
typedef struct mbedtls_ssl_cookie_ctx
{
mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */
mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */
#if !defined(MBEDTLS_HAVE_TIME)
unsigned long serial; /*!< serial number for expiration */
unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
#endif
unsigned long timeout; /*!< timeout delay, in seconds if HAVE_TIME,
unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME,
or in number of tickets issued */
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex;
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
} mbedtls_ssl_cookie_ctx;

19
include/mbedtls/ssl_ticket.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_TICKET_H
#define MBEDTLS_SSL_TICKET_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -50,9 +51,9 @@ extern "C" {
*/
typedef struct mbedtls_ssl_ticket_key
{
unsigned char name[4]; /*!< random key identifier */
uint32_t generation_time; /*!< key generation timestamp (seconds) */
mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */
unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
}
mbedtls_ssl_ticket_key;
@ -61,17 +62,17 @@ mbedtls_ssl_ticket_key;
*/
typedef struct mbedtls_ssl_ticket_context
{
mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
unsigned char active; /*!< index of the currently active key */
mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */
unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */
uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */
uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */
/** Callback for getting (pseudo-)random numbers */
int (*f_rng)(void *, unsigned char *, size_t);
void *p_rng; /*!< context for the RNG function */
int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex;
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
}
mbedtls_ssl_ticket_context;

5
include/mbedtls/threading.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_THREADING_H
#define MBEDTLS_THREADING_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -41,11 +42,11 @@ extern "C" {
#include <pthread.h>
typedef struct mbedtls_threading_mutex_t
{
pthread_mutex_t mutex;
pthread_mutex_t MBEDTLS_PRIVATE(mutex);
/* is_valid is 0 after a failed init or a free, and nonzero after a
* successful init. This field is not considered part of the public
* API of Mbed TLS and may change without notice. */
char is_valid;
char MBEDTLS_PRIVATE(is_valid);
} mbedtls_threading_mutex_t;
#endif

9
include/mbedtls/timing.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_TIMING_H
#define MBEDTLS_TIMING_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -43,7 +44,7 @@ extern "C" {
*/
struct mbedtls_timing_hr_time
{
unsigned char opaque[32];
unsigned char MBEDTLS_PRIVATE(opaque)[32];
};
/**
@ -51,9 +52,9 @@ struct mbedtls_timing_hr_time
*/
typedef struct mbedtls_timing_delay_context
{
struct mbedtls_timing_hr_time timer;
uint32_t int_ms;
uint32_t fin_ms;
struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer);
uint32_t MBEDTLS_PRIVATE(int_ms);
uint32_t MBEDTLS_PRIVATE(fin_ms);
} mbedtls_timing_delay_context;
#else /* MBEDTLS_TIMING_ALT */

5
include/mbedtls/x509.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_H
#define MBEDTLS_X509_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -229,8 +230,8 @@ typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
/** Container for date and time (precision in seconds). */
typedef struct mbedtls_x509_time
{
int year, mon, day; /**< Date. */
int hour, min, sec; /**< Time. */
int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */
int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */
}
mbedtls_x509_time;

43
include/mbedtls/x509_crl.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_CRL_H
#define MBEDTLS_X509_CRL_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -49,15 +50,15 @@ extern "C" {
*/
typedef struct mbedtls_x509_crl_entry
{
mbedtls_x509_buf raw;
mbedtls_x509_buf MBEDTLS_PRIVATE(raw);
mbedtls_x509_buf serial;
mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
mbedtls_x509_time revocation_date;
mbedtls_x509_time MBEDTLS_PRIVATE(revocation_date);
mbedtls_x509_buf entry_ext;
mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext);
struct mbedtls_x509_crl_entry *next;
struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
}
mbedtls_x509_crl_entry;
@ -67,30 +68,30 @@ mbedtls_x509_crl_entry;
*/
typedef struct mbedtls_x509_crl
{
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
int version; /**< CRL version (1=v1, 2=v2) */
mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */
int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */
mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */
mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
mbedtls_x509_time this_update;
mbedtls_x509_time next_update;
mbedtls_x509_time MBEDTLS_PRIVATE(this_update);
mbedtls_x509_time MBEDTLS_PRIVATE(next_update);
mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */
mbedtls_x509_buf crl_ext;
mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext);
mbedtls_x509_buf sig_oid2;
mbedtls_x509_buf sig;
mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
struct mbedtls_x509_crl *next;
struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next);
}
mbedtls_x509_crl;

133
include/mbedtls/x509_crt.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_CRT_H
#define MBEDTLS_X509_CRT_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -51,50 +52,50 @@ extern "C" {
*/
typedef struct mbedtls_x509_crt
{
int own_buffer; /**< Indicates if \c raw is owned
int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
* by the structure or not. */
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */
int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */
mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */
mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
mbedtls_x509_time valid_from; /**< Start time of certificate validity. */
mbedtls_x509_time valid_to; /**< End time of certificate validity. */
mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */
mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */
mbedtls_x509_buf pk_raw;
mbedtls_pk_context pk; /**< Container for the public key context. */
mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw);
mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */
mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */
mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
int ext_types; /**< Bit string containing detected and parsed extensions */
int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */
unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */
mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
mbedtls_x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */
struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */
}
mbedtls_x509_crt;
@ -111,7 +112,7 @@ typedef struct mbedtls_x509_san_other_name
* To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/
mbedtls_x509_buf type_id; /**< The type id. */
mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
union
{
/**
@ -122,12 +123,12 @@ typedef struct mbedtls_x509_san_other_name
*/
struct
{
mbedtls_x509_buf oid; /**< The object identifier. */
mbedtls_x509_buf val; /**< The named value. */
mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
}
hardware_module_name;
MBEDTLS_PRIVATE(hardware_module_name);
}
value;
MBEDTLS_PRIVATE(value);
}
mbedtls_x509_san_other_name;
@ -136,12 +137,12 @@ mbedtls_x509_san_other_name;
*/
typedef struct mbedtls_x509_subject_alternative_name
{
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */
mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */
}
san; /**< A union of the supported SAN types */
MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
}
mbedtls_x509_subject_alternative_name;
@ -158,10 +159,10 @@ mbedtls_x509_subject_alternative_name;
*/
typedef struct mbedtls_x509_crt_profile
{
uint32_t allowed_mds; /**< MDs for signatures */
uint32_t allowed_pks; /**< PK algs for signatures */
uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
uint32_t MBEDTLS_PRIVATE(allowed_mds); /**< MDs for signatures */
uint32_t MBEDTLS_PRIVATE(allowed_pks); /**< PK algs for signatures */
uint32_t MBEDTLS_PRIVATE(allowed_curves); /**< Elliptic curves for ECDSA */
uint32_t MBEDTLS_PRIVATE(rsa_min_bitlen); /**< Minimum size for RSA keys */
}
mbedtls_x509_crt_profile;
@ -249,16 +250,16 @@ mbedtls_x509_crt_profile;
*/
typedef struct mbedtls_x509write_cert
{
int version;
mbedtls_mpi serial;
mbedtls_pk_context *subject_key;
mbedtls_pk_context *issuer_key;
mbedtls_asn1_named_data *subject;
mbedtls_asn1_named_data *issuer;
mbedtls_md_type_t md_alg;
char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
mbedtls_asn1_named_data *extensions;
int MBEDTLS_PRIVATE(version);
mbedtls_mpi MBEDTLS_PRIVATE(serial);
mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key);
mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
mbedtls_asn1_named_data *MBEDTLS_PRIVATE(issuer);
mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
}
mbedtls_x509write_cert;
@ -266,8 +267,8 @@ mbedtls_x509write_cert;
* Item in a verification chain: cert and flags for it
*/
typedef struct {
mbedtls_x509_crt *crt;
uint32_t flags;
mbedtls_x509_crt *MBEDTLS_PRIVATE(crt);
uint32_t MBEDTLS_PRIVATE(flags);
} mbedtls_x509_crt_verify_chain_item;
/**
@ -280,15 +281,15 @@ typedef struct {
*/
typedef struct
{
mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
unsigned len;
mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
unsigned MBEDTLS_PRIVATE(len);
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/* This stores the list of potential trusted signers obtained from
* the CA callback used for the CRT verification, if configured.
* We must track it somewhere because the callback passes its
* ownership to the caller. */
mbedtls_x509_crt *trust_ca_cb_result;
mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
} mbedtls_x509_crt_verify_chain;
@ -300,23 +301,23 @@ typedef struct
typedef struct
{
/* for check_signature() */
mbedtls_pk_restart_ctx pk;
mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk);
/* for find_parent_in() */
mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
mbedtls_x509_crt *fallback_parent;
int fallback_signature_is_good;
mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent);
int MBEDTLS_PRIVATE(fallback_signature_is_good);
/* for find_parent() */
int parent_is_trusted; /* -1 if find_parent is not in progress */
int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
/* for verify_chain() */
enum {
x509_crt_rs_none,
x509_crt_rs_find_parent,
} in_progress; /* none if no operation is in progress */
int self_cnt;
mbedtls_x509_crt_verify_chain ver_chain;
} MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
int MBEDTLS_PRIVATE(self_cnt);
mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain);
} mbedtls_x509_crt_restart_ctx;

31
include/mbedtls/x509_csr.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_CSR_H
#define MBEDTLS_X509_CSR_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -48,21 +49,21 @@ extern "C" {
*/
typedef struct mbedtls_x509_csr
{
mbedtls_x509_buf raw; /**< The raw CSR data (DER). */
mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */
int version; /**< CSR version (1=v1). */
int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */
mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */
mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
mbedtls_pk_context pk; /**< Container for the public key context. */
mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
mbedtls_x509_buf sig_oid;
mbedtls_x509_buf sig;
mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
}
mbedtls_x509_csr;
@ -71,10 +72,10 @@ mbedtls_x509_csr;
*/
typedef struct mbedtls_x509write_csr
{
mbedtls_pk_context *key;
mbedtls_asn1_named_data *subject;
mbedtls_md_type_t md_alg;
mbedtls_asn1_named_data *extensions;
mbedtls_pk_context *MBEDTLS_PRIVATE(key);
mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
}
mbedtls_x509write_csr;

3
include/mbedtls/xtea.h
View file

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_XTEA_H
#define MBEDTLS_XTEA_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@ -49,7 +50,7 @@ extern "C" {
*/
typedef struct mbedtls_xtea_context
{
uint32_t k[4]; /*!< key */
uint32_t MBEDTLS_PRIVATE(k)[4]; /*!< key */
}
mbedtls_xtea_context;

15
include/psa/crypto_builtin_composites.h
View file

@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H
#define PSA_CRYPTO_BUILTIN_COMPOSITES_H
#include "mbedtls/private_access.h"
#include <psa/crypto_driver_common.h>
@ -47,11 +48,11 @@
typedef struct
{
/** The HMAC algorithm in use */
psa_algorithm_t alg;
psa_algorithm_t MBEDTLS_PRIVATE(alg);
/** The hash context. */
struct psa_hash_operation_s hash_ctx;
/** The HMAC part of the context. */
uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
uint8_t MBEDTLS_PRIVATE(opad)[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
} mbedtls_psa_hmac_operation_t;
#define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}}
@ -61,17 +62,17 @@ typedef struct
typedef struct
{
psa_algorithm_t alg;
psa_algorithm_t MBEDTLS_PRIVATE(alg);
union
{
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_psa_hmac_operation_t hmac;
mbedtls_psa_hmac_operation_t MBEDTLS_PRIVATE(hmac);
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_cipher_context_t cmac;
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cmac);
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
} ctx;
} MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_mac_operation_t;
#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}

29
include/psa/crypto_builtin_primitives.h
View file

@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H
#define PSA_CRYPTO_BUILTIN_PRIMITIVES_H
#include "mbedtls/private_access.h"
#include <psa/crypto_driver_common.h>
@ -61,32 +62,32 @@
typedef struct
{
psa_algorithm_t alg;
psa_algorithm_t MBEDTLS_PRIVATE(alg);
union
{
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_MD2_C)
mbedtls_md2_context md2;
mbedtls_md2_context MBEDTLS_PRIVATE(md2);
#endif
#if defined(MBEDTLS_MD4_C)
mbedtls_md4_context md4;
mbedtls_md4_context MBEDTLS_PRIVATE(md4);
#endif
#if defined(MBEDTLS_MD5_C)
mbedtls_md5_context md5;
mbedtls_md5_context MBEDTLS_PRIVATE(md5);
#endif
#if defined(MBEDTLS_RIPEMD160_C)
mbedtls_ripemd160_context ripemd160;
mbedtls_ripemd160_context MBEDTLS_PRIVATE(ripemd160);
#endif
#if defined(MBEDTLS_SHA1_C)
mbedtls_sha1_context sha1;
mbedtls_sha1_context MBEDTLS_PRIVATE(sha1);
#endif
#if defined(MBEDTLS_SHA256_C)
mbedtls_sha256_context sha256;
mbedtls_sha256_context MBEDTLS_PRIVATE(sha256);
#endif
#if defined(MBEDTLS_SHA512_C)
mbedtls_sha512_context sha512;
mbedtls_sha512_context MBEDTLS_PRIVATE(sha512);
#endif
} ctx;
} MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_hash_operation_t;
#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
@ -110,10 +111,10 @@ typedef struct
typedef struct {
/* Context structure for the Mbed TLS cipher implementation. */
psa_algorithm_t alg;
uint8_t iv_length;
uint8_t block_length;
mbedtls_cipher_context_t cipher;
psa_algorithm_t MBEDTLS_PRIVATE(alg);
uint8_t MBEDTLS_PRIVATE(iv_length);
uint8_t MBEDTLS_PRIVATE(block_length);
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
} mbedtls_psa_cipher_operation_t;
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}

29
include/psa/crypto_extra.h
View file

@ -27,6 +27,7 @@
#ifndef PSA_CRYPTO_EXTRA_H
#define PSA_CRYPTO_EXTRA_H
#include "mbedtls/private_access.h"
#include "mbedtls/platform_util.h"
@ -71,7 +72,7 @@ static inline void psa_set_key_enrollment_algorithm(
psa_key_attributes_t *attributes,
psa_algorithm_t alg2)
{
attributes->core.policy.alg2 = alg2;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
}
/** Retrieve the enrollment algorithm policy from key attributes.
@ -83,7 +84,7 @@ static inline void psa_set_key_enrollment_algorithm(
static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
const psa_key_attributes_t *attributes)
{
return( attributes->core.policy.alg2 );
return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) );
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@ -141,8 +142,8 @@ static inline void psa_set_key_slot_number(
psa_key_attributes_t *attributes,
psa_key_slot_number_t slot_number )
{
attributes->core.flags |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
attributes->slot_number = slot_number;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
attributes->MBEDTLS_PRIVATE(slot_number) = slot_number;
}
/** Remove the slot number attribute from a key attribute structure.
@ -154,7 +155,7 @@ static inline void psa_set_key_slot_number(
static inline void psa_clear_key_slot_number(
psa_key_attributes_t *attributes )
{
attributes->core.flags &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
}
/** Register a key that is already present in a secure element.
@ -226,26 +227,26 @@ void mbedtls_psa_crypto_free( void );
typedef struct mbedtls_psa_stats_s
{
/** Number of slots containing key material for a volatile key. */
size_t volatile_slots;
size_t MBEDTLS_PRIVATE(volatile_slots);
/** Number of slots containing key material for a key which is in
* internal persistent storage. */
size_t persistent_slots;
size_t MBEDTLS_PRIVATE(persistent_slots);
/** Number of slots containing a reference to a key in a
* secure element. */
size_t external_slots;
size_t MBEDTLS_PRIVATE(external_slots);
/** Number of slots which are occupied, but do not contain
* key material yet. */
size_t half_filled_slots;
size_t MBEDTLS_PRIVATE(half_filled_slots);
/** Number of slots that contain cache data. */
size_t cache_slots;
size_t MBEDTLS_PRIVATE(cache_slots);
/** Number of slots that are not used for anything. */
size_t empty_slots;
size_t MBEDTLS_PRIVATE(empty_slots);
/** Number of slots that are locked. */
size_t locked_slots;
size_t MBEDTLS_PRIVATE(locked_slots);
/** Largest key id value among open keys in internal persistent storage. */
psa_key_id_t max_open_internal_key_id;
psa_key_id_t MBEDTLS_PRIVATE(max_open_internal_key_id);
/** Largest key id value among open keys in secure elements. */
psa_key_id_t max_open_external_key_id;
psa_key_id_t MBEDTLS_PRIVATE(max_open_external_key_id);
} mbedtls_psa_stats_t;
/** \brief Get statistics about

3
include/psa/crypto_platform.h
View file

@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_PLATFORM_H
#define PSA_CRYPTO_PLATFORM_H
#include "mbedtls/private_access.h"
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
@ -92,7 +93,7 @@ static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1,
* are expected to replace it with a custom definition.
*/
typedef struct {
uintptr_t opaque[2];
uintptr_t MBEDTLS_PRIVATE(opaque)[2];
} mbedtls_psa_external_random_context_t;
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */

91
include/psa/crypto_se_driver.h
View file

@ -33,6 +33,7 @@
*/
#ifndef PSA_CRYPTO_SE_DRIVER_H
#define PSA_CRYPTO_SE_DRIVER_H
#include "mbedtls/private_access.h"
#include "crypto_driver_common.h"
@ -97,21 +98,21 @@ typedef struct {
* - psa_destroy_key() causes a call to
* psa_drv_se_key_management_t::p_destroy.
*/
const void *const persistent_data;
const void *const MBEDTLS_PRIVATE(persistent_data);
/** The size of \c persistent_data in bytes.
*
* This is always equal to the value of the `persistent_data_size` field
* of the ::psa_drv_se_t structure when the driver is registered.
*/
const size_t persistent_data_size;
const size_t MBEDTLS_PRIVATE(persistent_data_size);
/** Driver transient data.
*
* The core initializes this value to 0 and does not read or modify it
* afterwards. The driver may store whatever it wants in this field.
*/
uintptr_t transient_data;
uintptr_t MBEDTLS_PRIVATE(transient_data);
} psa_drv_se_context_t;
/** \brief A driver initialization function.
@ -323,28 +324,28 @@ typedef struct {
/**The size in bytes of the hardware-specific secure element MAC context
* structure
*/
size_t context_size;
size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a MAC setup operation
*/
psa_drv_se_mac_setup_t p_setup;
psa_drv_se_mac_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that performs a MAC update operation
*/
psa_drv_se_mac_update_t p_update;
psa_drv_se_mac_update_t MBEDTLS_PRIVATE(p_update);
/** Function that completes a MAC operation
*/
psa_drv_se_mac_finish_t p_finish;
psa_drv_se_mac_finish_t MBEDTLS_PRIVATE(p_finish);
/** Function that completes a MAC operation with a verify check
*/
psa_drv_se_mac_finish_verify_t p_finish_verify;
psa_drv_se_mac_finish_verify_t MBEDTLS_PRIVATE(p_finish_verify);
/** Function that aborts a previoustly started MAC operation
*/
psa_drv_se_mac_abort_t p_abort;
psa_drv_se_mac_abort_t MBEDTLS_PRIVATE(p_abort);
/** Function that performs a MAC operation in one call
*/
psa_drv_se_mac_generate_t p_mac;
psa_drv_se_mac_generate_t MBEDTLS_PRIVATE(p_mac);
/** Function that performs a MAC and verify operation in one call
*/
psa_drv_se_mac_verify_t p_mac_verify;
psa_drv_se_mac_verify_t MBEDTLS_PRIVATE(p_mac_verify);
} psa_drv_se_mac_t;
/**@}*/
@ -510,22 +511,22 @@ typedef struct {
/** The size in bytes of the hardware-specific secure element cipher
* context structure
*/
size_t context_size;
size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a cipher setup operation */
psa_drv_se_cipher_setup_t p_setup;
psa_drv_se_cipher_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that sets a cipher IV (if necessary) */
psa_drv_se_cipher_set_iv_t p_set_iv;
psa_drv_se_cipher_set_iv_t MBEDTLS_PRIVATE(p_set_iv);
/** Function that performs a cipher update operation */
psa_drv_se_cipher_update_t p_update;
psa_drv_se_cipher_update_t MBEDTLS_PRIVATE(p_update);
/** Function that completes a cipher operation */
psa_drv_se_cipher_finish_t p_finish;
psa_drv_se_cipher_finish_t MBEDTLS_PRIVATE(p_finish);
/** Function that aborts a cipher operation */
psa_drv_se_cipher_abort_t p_abort;
psa_drv_se_cipher_abort_t MBEDTLS_PRIVATE(p_abort);
/** Function that performs ECB mode for a cipher operation
* (Danger: ECB mode should not be used directly by clients of the PSA
* Crypto Client API)
*/
psa_drv_se_cipher_ecb_t p_ecb;
psa_drv_se_cipher_ecb_t MBEDTLS_PRIVATE(p_ecb);
} psa_drv_se_cipher_t;
/**@}*/
@ -681,13 +682,13 @@ typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *dr
*/
typedef struct {
/** Function that performs an asymmetric sign operation */
psa_drv_se_asymmetric_sign_t p_sign;
psa_drv_se_asymmetric_sign_t MBEDTLS_PRIVATE(p_sign);
/** Function that performs an asymmetric verify operation */
psa_drv_se_asymmetric_verify_t p_verify;
psa_drv_se_asymmetric_verify_t MBEDTLS_PRIVATE(p_verify);
/** Function that performs an asymmetric encrypt operation */
psa_drv_se_asymmetric_encrypt_t p_encrypt;
psa_drv_se_asymmetric_encrypt_t MBEDTLS_PRIVATE(p_encrypt);
/** Function that performs an asymmetric decrypt operation */
psa_drv_se_asymmetric_decrypt_t p_decrypt;
psa_drv_se_asymmetric_decrypt_t MBEDTLS_PRIVATE(p_decrypt);
} psa_drv_se_asymmetric_t;
/**@}*/
@ -798,9 +799,9 @@ typedef psa_status_t (*psa_drv_se_aead_decrypt_t)(psa_drv_se_context_t *drv_cont
*/
typedef struct {
/** Function that performs the AEAD encrypt operation */
psa_drv_se_aead_encrypt_t p_encrypt;
psa_drv_se_aead_encrypt_t MBEDTLS_PRIVATE(p_encrypt);
/** Function that performs the AEAD decrypt operation */
psa_drv_se_aead_decrypt_t p_decrypt;
psa_drv_se_aead_decrypt_t MBEDTLS_PRIVATE(p_decrypt);
} psa_drv_se_aead_t;
/**@}*/
@ -1120,19 +1121,19 @@ typedef psa_status_t (*psa_drv_se_generate_key_t)(
*/
typedef struct {
/** Function that allocates a slot for a key. */
psa_drv_se_allocate_key_t p_allocate;
psa_drv_se_allocate_key_t MBEDTLS_PRIVATE(p_allocate);
/** Function that checks the validity of a slot for a key. */
psa_drv_se_validate_slot_number_t p_validate_slot_number;
psa_drv_se_validate_slot_number_t MBEDTLS_PRIVATE(p_validate_slot_number);
/** Function that performs a key import operation */
psa_drv_se_import_key_t p_import;
psa_drv_se_import_key_t MBEDTLS_PRIVATE(p_import);
/** Function that performs a generation */
psa_drv_se_generate_key_t p_generate;
psa_drv_se_generate_key_t MBEDTLS_PRIVATE(p_generate);
/** Function that performs a key destroy operation */
psa_drv_se_destroy_key_t p_destroy;
psa_drv_se_destroy_key_t MBEDTLS_PRIVATE(p_destroy);
/** Function that performs a key export operation */
psa_drv_se_export_key_t p_export;
psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export);
/** Function that performs a public key export operation */
psa_drv_se_export_key_t p_export_public;
psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export_public);
} psa_drv_se_key_management_t;
/**@}*/
@ -1263,16 +1264,16 @@ typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *op_context,
*/
typedef struct {
/** The driver-specific size of the key derivation context */
size_t context_size;
size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a key derivation setup */
psa_drv_se_key_derivation_setup_t p_setup;
psa_drv_se_key_derivation_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that sets key derivation collateral */
psa_drv_se_key_derivation_collateral_t p_collateral;
psa_drv_se_key_derivation_collateral_t MBEDTLS_PRIVATE(p_collateral);
/** Function that performs a final key derivation step */
psa_drv_se_key_derivation_derive_t p_derive;
psa_drv_se_key_derivation_derive_t MBEDTLS_PRIVATE(p_derive);
/** Function that perforsm a final key derivation or agreement and
* exports the key */
psa_drv_se_key_derivation_export_t p_export;
psa_drv_se_key_derivation_export_t MBEDTLS_PRIVATE(p_export);
} psa_drv_se_key_derivation_t;
/**@}*/
@ -1293,7 +1294,7 @@ typedef struct {
* a different version of this specification.
* Use #PSA_DRV_SE_HAL_VERSION.
*/
uint32_t hal_version;
uint32_t MBEDTLS_PRIVATE(hal_version);
/** The size of the driver's persistent data in bytes.
*
@ -1303,7 +1304,7 @@ typedef struct {
* for more information about why and how a driver can use
* persistent data.
*/
size_t persistent_data_size;
size_t MBEDTLS_PRIVATE(persistent_data_size);
/** The driver initialization function.
*
@ -1315,14 +1316,14 @@ typedef struct {
* If this field is \c NULL, it is equivalent to a function that does
* nothing and returns #PSA_SUCCESS.
*/
psa_drv_se_init_t p_init;
psa_drv_se_init_t MBEDTLS_PRIVATE(p_init);
const psa_drv_se_key_management_t *key_management;
const psa_drv_se_mac_t *mac;
const psa_drv_se_cipher_t *cipher;
const psa_drv_se_aead_t *aead;
const psa_drv_se_asymmetric_t *asymmetric;
const psa_drv_se_key_derivation_t *derivation;
const psa_drv_se_key_management_t *MBEDTLS_PRIVATE(key_management);
const psa_drv_se_mac_t *MBEDTLS_PRIVATE(mac);
const psa_drv_se_cipher_t *MBEDTLS_PRIVATE(cipher);
const psa_drv_se_aead_t *MBEDTLS_PRIVATE(aead);
const psa_drv_se_asymmetric_t *MBEDTLS_PRIVATE(asymmetric);
const psa_drv_se_key_derivation_t *MBEDTLS_PRIVATE(derivation);
} psa_drv_se_t;
/** The current version of the secure element driver HAL.

157
include/psa/crypto_struct.h
View file

@ -60,6 +60,7 @@
#ifndef PSA_CRYPTO_STRUCT_H
#define PSA_CRYPTO_STRUCT_H
#include "mbedtls/private_access.h"
#ifdef __cplusplus
extern "C" {
@ -88,8 +89,8 @@ struct psa_hash_operation_s
* ID values are auto-generated in psa_driver_wrappers.h.
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. the driver context is not active, in use). */
unsigned int id;
psa_driver_hash_context_t ctx;
unsigned int MBEDTLS_PRIVATE(id);
psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx);
};
#define PSA_HASH_OPERATION_INIT { 0, { 0 } }
@ -107,14 +108,14 @@ struct psa_cipher_operation_s
* ID values are auto-generated in psa_crypto_driver_wrappers.h
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. none of the driver contexts are active). */
unsigned int id;
unsigned int MBEDTLS_PRIVATE(id);
unsigned int iv_required : 1;
unsigned int iv_set : 1;
unsigned int MBEDTLS_PRIVATE(iv_required) : 1;
unsigned int MBEDTLS_PRIVATE(iv_set) : 1;
uint8_t default_iv_length;
uint8_t MBEDTLS_PRIVATE(default_iv_length);
psa_driver_cipher_context_t ctx;
psa_driver_cipher_context_t MBEDTLS_PRIVATE(ctx);
};
#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
@ -136,10 +137,10 @@ struct psa_mac_operation_s
* ID values are auto-generated in psa_driver_wrappers.h
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. none of the driver contexts are active). */
unsigned int id;
uint8_t mac_size;
unsigned int is_sign : 1;
psa_driver_mac_context_t ctx;
unsigned int MBEDTLS_PRIVATE(id);
uint8_t MBEDTLS_PRIVATE(mac_size);
unsigned int MBEDTLS_PRIVATE(is_sign) : 1;
psa_driver_mac_context_t MBEDTLS_PRIVATE(ctx);
};
#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
@ -151,16 +152,16 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void )
struct psa_aead_operation_s
{
psa_algorithm_t alg;
unsigned int key_set : 1;
unsigned int iv_set : 1;
uint8_t iv_size;
uint8_t block_size;
psa_algorithm_t MBEDTLS_PRIVATE(alg);
unsigned int MBEDTLS_PRIVATE(key_set) : 1;
unsigned int MBEDTLS_PRIVATE(iv_set) : 1;
uint8_t MBEDTLS_PRIVATE(iv_size);
uint8_t MBEDTLS_PRIVATE(block_size);
union
{
unsigned dummy; /* Enable easier initializing of the union. */
mbedtls_cipher_context_t cipher;
} ctx;
unsigned MBEDTLS_PRIVATE(dummy); /* Enable easier initializing of the union. */
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
} MBEDTLS_PRIVATE(ctx);
};
#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } }
@ -173,18 +174,18 @@ static inline struct psa_aead_operation_s psa_aead_operation_init( void )
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
typedef struct
{
uint8_t *info;
size_t info_length;
psa_mac_operation_t hmac;
uint8_t prk[PSA_HASH_MAX_SIZE];
uint8_t output_block[PSA_HASH_MAX_SIZE];
uint8_t *MBEDTLS_PRIVATE(info);
size_t MBEDTLS_PRIVATE(info_length);
psa_mac_operation_t MBEDTLS_PRIVATE(hmac);
uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE];
uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
#if PSA_HASH_MAX_SIZE > 0xff
#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
#endif
uint8_t offset_in_block;
uint8_t block_number;
unsigned int state : 2;
unsigned int info_set : 1;
uint8_t MBEDTLS_PRIVATE(offset_in_block);
uint8_t MBEDTLS_PRIVATE(block_number);
unsigned int MBEDTLS_PRIVATE(state) : 2;
unsigned int MBEDTLS_PRIVATE(info_set) : 1;
} psa_hkdf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
@ -207,45 +208,45 @@ typedef struct psa_tls12_prf_key_derivation_s
/* Indicates how many bytes in the current HMAC block have
* not yet been read by the user. */
uint8_t left_in_block;
uint8_t MBEDTLS_PRIVATE(left_in_block);
/* The 1-based number of the block. */
uint8_t block_number;
uint8_t MBEDTLS_PRIVATE(block_number);
psa_tls12_prf_key_derivation_state_t state;
psa_tls12_prf_key_derivation_state_t MBEDTLS_PRIVATE(state);
uint8_t *secret;
size_t secret_length;
uint8_t *seed;
size_t seed_length;
uint8_t *label;
size_t label_length;
uint8_t *MBEDTLS_PRIVATE(secret);
size_t MBEDTLS_PRIVATE(secret_length);
uint8_t *MBEDTLS_PRIVATE(seed);
size_t MBEDTLS_PRIVATE(seed_length);
uint8_t *MBEDTLS_PRIVATE(label);
size_t MBEDTLS_PRIVATE(label_length);
uint8_t Ai[PSA_HASH_MAX_SIZE];
uint8_t MBEDTLS_PRIVATE(Ai)[PSA_HASH_MAX_SIZE];
/* `HMAC_hash( prk, A( i ) + seed )` in the notation of RFC 5246, Sect. 5. */
uint8_t output_block[PSA_HASH_MAX_SIZE];
uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
} psa_tls12_prf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
struct psa_key_derivation_s
{
psa_algorithm_t alg;
unsigned int can_output_key : 1;
size_t capacity;
psa_algorithm_t MBEDTLS_PRIVATE(alg);
unsigned int MBEDTLS_PRIVATE(can_output_key) : 1;
size_t MBEDTLS_PRIVATE(capacity);
union
{
/* Make the union non-empty even with no supported algorithms. */
uint8_t dummy;
uint8_t MBEDTLS_PRIVATE(dummy);
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
psa_hkdf_key_derivation_t hkdf;
psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf);
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
psa_tls12_prf_key_derivation_t tls12_prf;
psa_tls12_prf_key_derivation_t MBEDTLS_PRIVATE(tls12_prf);
#endif
} ctx;
} MBEDTLS_PRIVATE(ctx);
};
/* This only zeroes out the first byte in the union, the rest is unspecified. */
@ -259,9 +260,9 @@ static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
struct psa_key_policy_s
{
psa_key_usage_t usage;
psa_algorithm_t alg;
psa_algorithm_t alg2;
psa_key_usage_t MBEDTLS_PRIVATE(usage);
psa_algorithm_t MBEDTLS_PRIVATE(alg);
psa_algorithm_t MBEDTLS_PRIVATE(alg2);
};
typedef struct psa_key_policy_s psa_key_policy_t;
@ -310,12 +311,12 @@ typedef uint16_t psa_key_attributes_flag_t;
typedef struct
{
psa_key_type_t type;
psa_key_bits_t bits;
psa_key_lifetime_t lifetime;
mbedtls_svc_key_id_t id;
psa_key_policy_t policy;
psa_key_attributes_flag_t flags;
psa_key_type_t MBEDTLS_PRIVATE(type);
psa_key_bits_t MBEDTLS_PRIVATE(bits);
psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
psa_key_policy_t MBEDTLS_PRIVATE(policy);
psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags);
} psa_core_key_attributes_t;
#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \
@ -325,12 +326,12 @@ typedef struct
struct psa_key_attributes_s
{
psa_core_key_attributes_t core;
psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_key_slot_number_t slot_number;
psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
void *domain_parameters;
size_t domain_parameters_size;
void *MBEDTLS_PRIVATE(domain_parameters);
size_t MBEDTLS_PRIVATE(domain_parameters_size);
};
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@ -348,13 +349,13 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void )
static inline void psa_set_key_id( psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key )
{
psa_key_lifetime_t lifetime = attributes->core.lifetime;
psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime);
attributes->core.id = key;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
attributes->core.lifetime =
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_LIFETIME_PERSISTENT,
PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) );
@ -364,27 +365,27 @@ static inline void psa_set_key_id( psa_key_attributes_t *attributes,
static inline mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes )
{
return( attributes->core.id );
return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) );
}
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
mbedtls_key_owner_id_t owner )
{
attributes->core.id.owner = owner;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner;
}
#endif
static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime )
{
attributes->core.lifetime = lifetime;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = lifetime;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
attributes->core.id.key_id = 0;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0;
#else
attributes->core.id = 0;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = 0;
#endif
}
}
@ -392,31 +393,31 @@ static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes,
static inline psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes )
{
return( attributes->core.lifetime );
return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) );
}
static inline void psa_set_key_usage_flags( psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags )
{
attributes->core.policy.usage = usage_flags;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
}
static inline psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes )
{
return( attributes->core.policy.usage );
return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) );
}
static inline void psa_set_key_algorithm( psa_key_attributes_t *attributes,
psa_algorithm_t alg )
{
attributes->core.policy.alg = alg;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg;
}
static inline psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes )
{
return( attributes->core.policy.alg );
return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) );
}
/* This function is declared in crypto_extra.h, which comes after this
@ -429,10 +430,10 @@ psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
static inline void psa_set_key_type( psa_key_attributes_t *attributes,
psa_key_type_t type )
{
if( attributes->domain_parameters == NULL )
if( attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL )
{
/* Common case: quick path */
attributes->core.type = type;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type;
}
else
{
@ -447,22 +448,22 @@ static inline void psa_set_key_type( psa_key_attributes_t *attributes,
static inline psa_key_type_t psa_get_key_type(
const psa_key_attributes_t *attributes )
{
return( attributes->core.type );
return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) );
}
static inline void psa_set_key_bits( psa_key_attributes_t *attributes,
size_t bits )
{
if( bits > PSA_MAX_KEY_BITS )
attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE;
else
attributes->core.bits = (psa_key_bits_t) bits;
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits;
}
static inline size_t psa_get_key_bits(
const psa_key_attributes_t *attributes )
{
return( attributes->core.bits );
return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) );
}
#ifdef __cplusplus

5
include/psa/crypto_types.h
View file

@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_TYPES_H
#define PSA_CRYPTO_TYPES_H
#include "mbedtls/private_access.h"
#include "crypto_platform.h"
@ -234,8 +235,8 @@ typedef psa_key_id_t mbedtls_svc_key_id_t;
*/
typedef struct
{
psa_key_id_t key_id;
mbedtls_key_owner_id_t owner;
psa_key_id_t MBEDTLS_PRIVATE(key_id);
mbedtls_key_owner_id_t MBEDTLS_PRIVATE(owner);
} mbedtls_svc_key_id_t;
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */

11
include/psa/crypto_values.h
View file

@ -33,6 +33,7 @@
#ifndef PSA_CRYPTO_VALUES_H
#define PSA_CRYPTO_VALUES_H
#include "mbedtls/private_access.h"
/** \defgroup error Error codes
* @{
@ -2124,8 +2125,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id )
{
return( (mbedtls_svc_key_id_t){ .key_id = key_id,
.owner = owner_id } );
return( (mbedtls_svc_key_id_t){ .MBEDTLS_PRIVATE(key_id) = key_id,
.MBEDTLS_PRIVATE(owner) = owner_id } );
}
/** Compare two key identifiers.
@ -2138,8 +2139,8 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
mbedtls_svc_key_id_t id2 )
{
return( ( id1.key_id == id2.key_id ) &&
mbedtls_key_owner_id_equal( id1.owner, id2.owner ) );
return( ( id1.MBEDTLS_PRIVATE(key_id) == id2.MBEDTLS_PRIVATE(key_id) ) &&
mbedtls_key_owner_id_equal( id1.MBEDTLS_PRIVATE(owner), id2.MBEDTLS_PRIVATE(owner) ) );
}
/** Check whether a key identifier is null.
@ -2150,7 +2151,7 @@ static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
*/
static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
{
return( ( key.key_id == 0 ) && ( key.owner == 0 ) );
return( ( key.MBEDTLS_PRIVATE(key_id) == 0 ) && ( key.MBEDTLS_PRIVATE(owner) == 0 ) );
}
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */

7
library/common.h
View file

@ -50,4 +50,11 @@
#define MBEDTLS_STATIC_TESTABLE static
#endif
/** Allow library to access its structs' private members.
*
* Although structs defined in header files are publicly available,
* their members are private and should not be accessed by the user.
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#endif /* MBEDTLS_LIBRARY_COMMON_H */

1
library/psa_crypto_driver_wrappers.c
View file

@ -19,6 +19,7 @@
* limitations under the License.
*/
#include "common.h"
#include "psa_crypto_aead.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"

6
library/psa_crypto_storage.c
View file

@ -18,11 +18,7 @@
* limitations under the License.
*/
#if defined(MBEDTLS_CONFIG_FILE)
#include MBEDTLS_CONFIG_FILE
#else
#include "mbedtls/config.h"
#endif
#include "common.h"
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)

6
library/psa_its_file.c
View file

@ -18,11 +18,7 @@
* limitations under the License.
*/
#if defined(MBEDTLS_CONFIG_FILE)
#include MBEDTLS_CONFIG_FILE
#else
#include "mbedtls/config.h"
#endif
#include "common.h"
#if defined(MBEDTLS_PSA_ITS_FILE_C)

8
programs/aes/crypt_and_hash.c
View file

@ -128,7 +128,7 @@ int main( int argc, char *argv[] )
while( *list )
{
cipher_info = mbedtls_cipher_info_from_type( *list );
mbedtls_printf( " %s\n", cipher_info->name );
mbedtls_printf( " %s\n", cipher_info->MBEDTLS_PRIVATE(name) );
list++;
}
@ -313,7 +313,7 @@ int main( int argc, char *argv[] )
}
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
MBEDTLS_ENCRYPT ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
@ -412,7 +412,7 @@ int main( int argc, char *argv[] )
/*
* Check the file size.
*/
if( cipher_info->mode != MBEDTLS_MODE_GCM &&
if( cipher_info->MBEDTLS_PRIVATE(mode) != MBEDTLS_MODE_GCM &&
( ( filesize - mbedtls_md_get_size( md_info ) ) %
mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
{
@ -452,7 +452,7 @@ int main( int argc, char *argv[] )
mbedtls_md_finish( &md_ctx, digest );
}
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
MBEDTLS_DECRYPT ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );

2
programs/fuzz/fuzz_client.c
View file

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"

2
programs/fuzz/fuzz_dtlsclient.c
View file

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <string.h>
#include <stdlib.h>
#include <stdint.h>

2
programs/fuzz/fuzz_dtlsserver.c
View file

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <string.h>
#include <stdlib.h>
#include <stdint.h>

2
programs/fuzz/fuzz_privkey.c
View file

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <stdint.h>
#include <stdlib.h>
#include "mbedtls/pk.h"

2
programs/fuzz/fuzz_pubkey.c
View file

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <stdint.h>
#include <stdlib.h>
#include "mbedtls/pk.h"

2
programs/fuzz/fuzz_server.c
View file

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"

2
programs/fuzz/fuzz_x509crl.c
View file

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <stdint.h>
#include "mbedtls/x509_crl.h"

2
programs/fuzz/fuzz_x509crt.c
View file

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <stdint.h>
#include "mbedtls/x509_crt.h"

2
programs/fuzz/fuzz_x509csr.c
View file

@ -1,3 +1,5 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <stdint.h>
#include "mbedtls/x509_csr.h"

14
programs/pkey/dh_client.c
View file

@ -126,15 +126,15 @@ int main( void )
mbedtls_rsa_init( &rsa );
if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
goto exit;
}
rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3;
fclose( f );
@ -192,7 +192,7 @@ int main( void )
goto exit;
}
if( dhm.len < 64 || dhm.len > 512 )
if( dhm.MBEDTLS_PRIVATE(len) < 64 || dhm.MBEDTLS_PRIVATE(len) > 512 )
{
mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" );
goto exit;
@ -207,7 +207,7 @@ int main( void )
p += 2;
if( ( n = (size_t) ( end - p ) ) != rsa.len )
if( ( n = (size_t) ( end - p ) ) != rsa.MBEDTLS_PRIVATE(len) )
{
mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" );
goto exit;
@ -232,8 +232,8 @@ int main( void )
mbedtls_printf( "\n . Sending own public value to server" );
fflush( stdout );
n = dhm.len;
if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, n,
n = dhm.MBEDTLS_PRIVATE(len);
if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.MBEDTLS_PRIVATE(len), buf, n,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret );

16
programs/pkey/dh_server.c
View file

@ -172,8 +172,8 @@ int main( void )
goto exit;
}
if( mbedtls_mpi_read_file( &dhm.P, 16, f ) != 0 ||
mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 )
if( mbedtls_mpi_read_file( &dhm.MBEDTLS_PRIVATE(P), 16, f ) != 0 ||
mbedtls_mpi_read_file( &dhm.MBEDTLS_PRIVATE(G), 16, f ) != 0 )
{
mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" );
fclose( f );
@ -209,7 +209,7 @@ int main( void )
memset( buf, 0, sizeof( buf ) );
if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.P ), buf, &n,
if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.MBEDTLS_PRIVATE(P) ), buf, &n,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret );
@ -225,8 +225,8 @@ int main( void )
goto exit;
}
buf[n ] = (unsigned char)( rsa.len >> 8 );
buf[n + 1] = (unsigned char)( rsa.len );
buf[n ] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) >> 8 );
buf[n + 1] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) );
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
0, hash, buf + n + 2 ) ) != 0 )
@ -235,7 +235,7 @@ int main( void )
goto exit;
}
buflen = n + 2 + rsa.len;
buflen = n + 2 + rsa.MBEDTLS_PRIVATE(len);
buf2[0] = (unsigned char)( buflen >> 8 );
buf2[1] = (unsigned char)( buflen );
@ -254,14 +254,14 @@ int main( void )
memset( buf, 0, sizeof( buf ) );
n = dhm.len;
n = dhm.MBEDTLS_PRIVATE(len);
if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
{
mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
goto exit;
}
if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.len ) ) != 0 )
if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.MBEDTLS_PRIVATE(len) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret );
goto exit;

30
programs/pkey/ecdh_curve25519.c
View file

@ -91,14 +91,14 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Setting up client context..." );
fflush( stdout );
ret = mbedtls_ecp_group_load( &ctx_cli.grp, MBEDTLS_ECP_DP_CURVE25519 );
ret = mbedtls_ecp_group_load( &ctx_cli.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret );
goto exit;
}
ret = mbedtls_ecdh_gen_public( &ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q,
ret = mbedtls_ecdh_gen_public( &ctx_cli.MBEDTLS_PRIVATE(grp), &ctx_cli.MBEDTLS_PRIVATE(d), &ctx_cli.MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@ -106,7 +106,7 @@ int main( int argc, char *argv[] )
goto exit;
}
ret = mbedtls_mpi_write_binary( &ctx_cli.Q.X, cli_to_srv, 32 );
ret = mbedtls_mpi_write_binary( &ctx_cli.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), cli_to_srv, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret );
@ -121,14 +121,14 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Setting up server context..." );
fflush( stdout );
ret = mbedtls_ecp_group_load( &ctx_srv.grp, MBEDTLS_ECP_DP_CURVE25519 );
ret = mbedtls_ecp_group_load( &ctx_srv.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret );
goto exit;
}
ret = mbedtls_ecdh_gen_public( &ctx_srv.grp, &ctx_srv.d, &ctx_srv.Q,
ret = mbedtls_ecdh_gen_public( &ctx_srv.MBEDTLS_PRIVATE(grp), &ctx_srv.MBEDTLS_PRIVATE(d), &ctx_srv.MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@ -136,7 +136,7 @@ int main( int argc, char *argv[] )
goto exit;
}
ret = mbedtls_mpi_write_binary( &ctx_srv.Q.X, srv_to_cli, 32 );
ret = mbedtls_mpi_write_binary( &ctx_srv.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), srv_to_cli, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret );
@ -151,22 +151,22 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Server reading client key and computing secret..." );
fflush( stdout );
ret = mbedtls_mpi_lset( &ctx_srv.Qp.Z, 1 );
ret = mbedtls_mpi_lset( &ctx_srv.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret );
goto exit;
}
ret = mbedtls_mpi_read_binary( &ctx_srv.Qp.X, cli_to_srv, 32 );
ret = mbedtls_mpi_read_binary( &ctx_srv.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), cli_to_srv, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret );
goto exit;
}
ret = mbedtls_ecdh_compute_shared( &ctx_srv.grp, &ctx_srv.z,
&ctx_srv.Qp, &ctx_srv.d,
ret = mbedtls_ecdh_compute_shared( &ctx_srv.MBEDTLS_PRIVATE(grp), &ctx_srv.MBEDTLS_PRIVATE(z),
&ctx_srv.MBEDTLS_PRIVATE(Qp), &ctx_srv.MBEDTLS_PRIVATE(d),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@ -182,22 +182,22 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Client reading server key and computing secret..." );
fflush( stdout );
ret = mbedtls_mpi_lset( &ctx_cli.Qp.Z, 1 );
ret = mbedtls_mpi_lset( &ctx_cli.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret );
goto exit;
}
ret = mbedtls_mpi_read_binary( &ctx_cli.Qp.X, srv_to_cli, 32 );
ret = mbedtls_mpi_read_binary( &ctx_cli.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), srv_to_cli, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret );
goto exit;
}
ret = mbedtls_ecdh_compute_shared( &ctx_cli.grp, &ctx_cli.z,
&ctx_cli.Qp, &ctx_cli.d,
ret = mbedtls_ecdh_compute_shared( &ctx_cli.MBEDTLS_PRIVATE(grp), &ctx_cli.MBEDTLS_PRIVATE(z),
&ctx_cli.MBEDTLS_PRIVATE(Qp), &ctx_cli.MBEDTLS_PRIVATE(d),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@ -213,7 +213,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Checking if both computed secrets are equal..." );
fflush( stdout );
ret = mbedtls_mpi_cmp_mpi( &ctx_cli.z, &ctx_srv.z );
ret = mbedtls_mpi_cmp_mpi( &ctx_cli.MBEDTLS_PRIVATE(z), &ctx_srv.MBEDTLS_PRIVATE(z) );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret );

10
programs/pkey/ecdsa.c
View file

@ -55,7 +55,7 @@
#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1
#if !defined(ECPARAMS)
#define ECPARAMS mbedtls_ecp_curve_list()->grp_id
#define ECPARAMS mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
#endif
#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
@ -84,7 +84,7 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key )
unsigned char buf[300];
size_t len;
if( mbedtls_ecp_point_write_binary( &key->grp, &key->Q,
if( mbedtls_ecp_point_write_binary( &key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q),
MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf ) != 0 )
{
mbedtls_printf("internal error\n");
@ -156,7 +156,7 @@ int main( int argc, char *argv[] )
goto exit;
}
mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.grp.pbits );
mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).MBEDTLS_PRIVATE(pbits) );
dump_pubkey( " + Public key: ", &ctx_sign );
@ -204,13 +204,13 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Preparing verification context..." );
fflush( stdout );
if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.grp, &ctx_sign.grp ) ) != 0 )
if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.MBEDTLS_PRIVATE(grp), &ctx_sign.MBEDTLS_PRIVATE(grp) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_group_copy returned %d\n", ret );
goto exit;
}
if( ( ret = mbedtls_ecp_copy( &ctx_verify.Q, &ctx_sign.Q ) ) != 0 )
if( ( ret = mbedtls_ecp_copy( &ctx_verify.MBEDTLS_PRIVATE(Q), &ctx_sign.MBEDTLS_PRIVATE(Q) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_copy returned %d\n", ret );
goto exit;

18
programs/pkey/gen_key.c
View file

@ -90,7 +90,7 @@ int dev_random_entropy_poll( void *data, unsigned char *output,
#endif
#if defined(MBEDTLS_ECP_C)
#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id
#define DFL_EC_CURVE mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
#else
#define DFL_EC_CURVE 0
#endif
@ -223,9 +223,9 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_ECP_C)
mbedtls_printf( " available ec_curve values:\n" );
curve_info = mbedtls_ecp_curve_list();
mbedtls_printf( " %s (default)\n", curve_info->name );
while( ( ++curve_info )->name != NULL )
mbedtls_printf( " %s\n", curve_info->name );
mbedtls_printf( " %s (default)\n", curve_info->MBEDTLS_PRIVATE(name) );
while( ( ++curve_info )->MBEDTLS_PRIVATE(name) != NULL )
mbedtls_printf( " %s\n", curve_info->MBEDTLS_PRIVATE(name) );
#endif /* MBEDTLS_ECP_C */
goto exit;
}
@ -274,7 +274,7 @@ int main( int argc, char *argv[] )
{
if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL )
goto usage;
opt.ec_curve = curve_info->grp_id;
opt.ec_curve = curve_info->MBEDTLS_PRIVATE(grp_id);
}
#endif
else if( strcmp( p, "filename" ) == 0 )
@ -395,10 +395,10 @@ int main( int argc, char *argv[] )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_printf( "curve: %s\n",
mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name );
mbedtls_mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL );
mbedtls_mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL );
mbedtls_mpi_write_file( "D: ", &ecp->d , 16, NULL );
mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).MBEDTLS_PRIVATE(id) )->MBEDTLS_PRIVATE(name) );
mbedtls_mpi_write_file( "X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
mbedtls_mpi_write_file( "Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
mbedtls_mpi_write_file( "D: ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL );
}
else
#endif

14
programs/pkey/key_app.c
View file

@ -222,10 +222,10 @@ int main( int argc, char *argv[] )
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL ) );
}
else
#endif
@ -273,9 +273,9 @@ int main( int argc, char *argv[] )
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ) );
}
else
#endif

14
programs/pkey/key_app_writer.c
View file

@ -335,10 +335,10 @@ int main( int argc, char *argv[] )
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL );
mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL );
mbedtls_mpi_write_file( "D : ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL );
}
else
#endif
@ -389,9 +389,9 @@ int main( int argc, char *argv[] )
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL );
}
else
#endif

2
programs/pkey/rsa_decrypt.c
View file

@ -164,7 +164,7 @@ int main( int argc, char *argv[] )
fclose( f );
if( i != rsa.len )
if( i != rsa.MBEDTLS_PRIVATE(len) )
{
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;

2
programs/pkey/rsa_encrypt.c
View file

@ -160,7 +160,7 @@ int main( int argc, char *argv[] )
goto exit;
}
for( i = 0; i < rsa.len; i++ )
for( i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++ )
mbedtls_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );

2
programs/pkey/rsa_sign.c
View file

@ -164,7 +164,7 @@ int main( int argc, char *argv[] )
goto exit;
}
for( i = 0; i < rsa.len; i++ )
for( i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++ )
mbedtls_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );

8
programs/pkey/rsa_verify.c
View file

@ -89,15 +89,15 @@ int main( int argc, char *argv[] )
goto exit;
}
if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
goto exit;
}
rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3;
fclose( f );
@ -119,7 +119,7 @@ int main( int argc, char *argv[] )
fclose( f );
if( i != rsa.len )
if( i != rsa.MBEDTLS_PRIVATE(len) )
{
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;

2
programs/ssl/dtls_server.c
View file

@ -229,7 +229,7 @@ int main( void )
mbedtls_ssl_cache_set );
#endif
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );

4
programs/ssl/mini_client.c
View file

@ -250,13 +250,13 @@ int main( void )
addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
ret = 0;
if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
if( ( server_fd.MBEDTLS_PRIVATE(fd) = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
{
ret = socket_failed;
goto exit;
}
if( connect( server_fd.fd,
if( connect( server_fd.MBEDTLS_PRIVATE(fd),
(const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
{
ret = connect_failed;

2
programs/ssl/ssl_client2.c
View file

@ -17,6 +17,8 @@
* limitations under the License.
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "ssl_test_lib.h"
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)

2
programs/ssl/ssl_context_info.c
View file

@ -17,6 +17,8 @@
* limitations under the License.
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else

2
programs/ssl/ssl_fork_server.c
View file

@ -193,7 +193,7 @@ int main( void )
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );

1
programs/ssl/ssl_mail_client.c
View file

@ -20,6 +20,7 @@
/* Enable definition of gethostname() even when compiling with -std=c99. Must
* be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L
#define _XOPEN_SOURCE 600

2
programs/ssl/ssl_server.c
View file

@ -215,7 +215,7 @@ int main( void )
mbedtls_ssl_cache_set );
#endif
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );

2
programs/ssl/ssl_server2.c
View file

@ -17,6 +17,8 @@
* limitations under the License.
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "ssl_test_lib.h"
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)

2
programs/ssl/ssl_test_lib.c
View file

@ -20,6 +20,8 @@
* limitations under the License.
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "ssl_test_lib.h"
#if defined(MBEDTLS_TEST_HOOKS)

2
programs/test/benchmark.c
View file

@ -17,6 +17,8 @@
* limitations under the License.
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else

2
programs/test/selftest.c
View file

@ -17,6 +17,8 @@
* limitations under the License.
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else

2
programs/test/udp_proxy.c
View file

@ -23,6 +23,8 @@
* example of good general usage.
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else

2
programs/x509/cert_app.c
View file

@ -335,7 +335,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( "%s\n", buf );
cur = cur->next;
cur = cur->MBEDTLS_PRIVATE(next);
}
/*

8
programs/x509/cert_write.c
View file

@ -518,7 +518,7 @@ int main( int argc, char *argv[] )
}
ret = mbedtls_x509_dn_gets( issuer_name, sizeof(issuer_name),
&issuer_crt.subject );
&issuer_crt.MBEDTLS_PRIVATE(subject) );
if( ret < 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@ -552,7 +552,7 @@ int main( int argc, char *argv[] )
}
ret = mbedtls_x509_dn_gets( subject_name, sizeof(subject_name),
&csr.subject );
&csr.MBEDTLS_PRIVATE(subject) );
if( ret < 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@ -562,7 +562,7 @@ int main( int argc, char *argv[] )
}
opt.subject_name = subject_name;
subject_key = &csr.pk;
subject_key = &csr.MBEDTLS_PRIVATE(pk);
mbedtls_printf( " ok\n" );
}
@ -606,7 +606,7 @@ int main( int argc, char *argv[] )
//
if( strlen( opt.issuer_crt ) )
{
if( mbedtls_pk_check_pair( &issuer_crt.pk, issuer_key ) != 0 )
if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key ) != 0 )
{
mbedtls_printf( " failed\n ! issuer_key does not match "
"issuer certificate\n\n" );

Some files were not shown because too many files have changed in this diff Show more