results

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>

include/mbedtls/asn1.h

@@ -21,6 +21,7 @@
  */
 #ifndef MBEDTLS_ASN1_H
 #define MBEDTLS_ASN1_H
+#include "mbedtls/private_access.h"
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
@@ -148,9 +149,9 @@ extern "C" {
  */
 typedef struct mbedtls_asn1_buf
 {
-    int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
-    size_t len;             /**< ASN1 length, in octets. */
-    unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
+    int MBEDTLS_PRIVATE(tag);                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
+    size_t MBEDTLS_PRIVATE(len);             /**< ASN1 length, in octets. */
+    unsigned char *MBEDTLS_PRIVATE(p);       /**< ASN1 data, e.g. in ASCII. */
 }
 mbedtls_asn1_buf;
 
@@ -159,9 +160,9 @@ mbedtls_asn1_buf;
  */
 typedef struct mbedtls_asn1_bitstring
 {
-    size_t len;                 /**< ASN1 length, in octets. */
-    unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
-    unsigned char *p;           /**< Raw ASN1 data for the bit string */
+    size_t MBEDTLS_PRIVATE(len);                 /**< ASN1 length, in octets. */
+    unsigned char MBEDTLS_PRIVATE(unused_bits);  /**< Number of unused bits at the end of the string */
+    unsigned char *MBEDTLS_PRIVATE(p);           /**< Raw ASN1 data for the bit string */
 }
 mbedtls_asn1_bitstring;
 
@@ -170,8 +171,8 @@ mbedtls_asn1_bitstring;
  */
 typedef struct mbedtls_asn1_sequence
 {
-    mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
-    struct mbedtls_asn1_sequence *next;    /**< The next entry in the sequence. */
+    mbedtls_asn1_buf MBEDTLS_PRIVATE(buf);                   /**< Buffer containing the given ASN.1 item. */
+    struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next);    /**< The next entry in the sequence. */
 }
 mbedtls_asn1_sequence;
 
@@ -180,10 +181,10 @@ mbedtls_asn1_sequence;
  */
 typedef struct mbedtls_asn1_named_data
 {
-    mbedtls_asn1_buf oid;                   /**< The object identifier. */
-    mbedtls_asn1_buf val;                   /**< The named value. */
-    struct mbedtls_asn1_named_data *next;  /**< The next entry in the sequence. */
-    unsigned char next_merged;      /**< Merge next item into the current one? */
+    mbedtls_asn1_buf MBEDTLS_PRIVATE(oid);                   /**< The object identifier. */
+    mbedtls_asn1_buf MBEDTLS_PRIVATE(val);                   /**< The named value. */
+    struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next);  /**< The next entry in the sequence. */
+    unsigned char MBEDTLS_PRIVATE(next_merged);      /**< Merge next item into the current one? */
 }
 mbedtls_asn1_named_data;
 

include/mbedtls/bignum.h

@@ -21,6 +21,7 @@
  */
 #ifndef MBEDTLS_BIGNUM_H
 #define MBEDTLS_BIGNUM_H
+#include "mbedtls/private_access.h"
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
@@ -183,9 +184,9 @@ extern "C" {
  */
 typedef struct mbedtls_mpi
 {
-    int s;              /*!<  Sign: -1 if the mpi is negative, 1 otherwise */
-    size_t n;           /*!<  total # of limbs  */
-    mbedtls_mpi_uint *p;          /*!<  pointer to limbs  */
+    int MBEDTLS_PRIVATE(s);              /*!<  Sign: -1 if the mpi is negative, 1 otherwise */
+    size_t MBEDTLS_PRIVATE(n);           /*!<  total # of limbs  */
+    mbedtls_mpi_uint *MBEDTLS_PRIVATE(p);          /*!<  pointer to limbs  */
 }
 mbedtls_mpi;
 

include/mbedtls/cipher.h

@@ -26,6 +26,7 @@
 
 #ifndef MBEDTLS_CIPHER_H
 #define MBEDTLS_CIPHER_H
+#include "mbedtls/private_access.h"
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
@@ -267,37 +268,37 @@ typedef struct mbedtls_cipher_info_t
     /** Full cipher identifier. For example,
      * MBEDTLS_CIPHER_AES_256_CBC.
      */
-    mbedtls_cipher_type_t type;
+    mbedtls_cipher_type_t MBEDTLS_PRIVATE(type);
 
     /** The cipher mode. For example, MBEDTLS_MODE_CBC. */
-    mbedtls_cipher_mode_t mode;
+    mbedtls_cipher_mode_t MBEDTLS_PRIVATE(mode);
 
     /** The cipher key length, in bits. This is the
      * default length for variable sized ciphers.
      * Includes parity bits for ciphers like DES.
      */
-    unsigned int key_bitlen;
+    unsigned int MBEDTLS_PRIVATE(key_bitlen);
 
     /** Name of the cipher. */
-    const char * name;
+    const char * MBEDTLS_PRIVATE(name);
 
     /** IV or nonce size, in Bytes.
      * For ciphers that accept variable IV sizes,
      * this is the recommended size.
      */
-    unsigned int iv_size;
+    unsigned int MBEDTLS_PRIVATE(iv_size);
 
     /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
      *  MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
      *  cipher supports variable IV or variable key sizes, respectively.
      */
-    int flags;
+    int MBEDTLS_PRIVATE(flags);
 
     /** The block size, in Bytes. */
-    unsigned int block_size;
+    unsigned int MBEDTLS_PRIVATE(block_size);
 
     /** Struct for base cipher information and functions. */
-    const mbedtls_cipher_base_t *base;
+    const mbedtls_cipher_base_t *MBEDTLS_PRIVATE(base);
 
 } mbedtls_cipher_info_t;
 
@@ -307,43 +308,43 @@ typedef struct mbedtls_cipher_info_t
 typedef struct mbedtls_cipher_context_t
 {
     /** Information about the associated cipher. */
-    const mbedtls_cipher_info_t *cipher_info;
+    const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
 
     /** Key length to use. */
-    int key_bitlen;
+    int MBEDTLS_PRIVATE(key_bitlen);
 
     /** Operation that the key of the context has been
      * initialized for.
      */
-    mbedtls_operation_t operation;
+    mbedtls_operation_t MBEDTLS_PRIVATE(operation);
 
 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
     /** Padding functions to use, if relevant for
      * the specific cipher mode.
      */
-    void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
-    int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
+    void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len );
+    int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len );
 #endif
 
     /** Buffer for input that has not been processed yet. */
-    unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
+    unsigned char MBEDTLS_PRIVATE(unprocessed_data)[MBEDTLS_MAX_BLOCK_LENGTH];
 
     /** Number of Bytes that have not been processed yet. */
-    size_t unprocessed_len;
+    size_t MBEDTLS_PRIVATE(unprocessed_len);
 
     /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
      * for XTS-mode. */
-    unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
+    unsigned char MBEDTLS_PRIVATE(iv)[MBEDTLS_MAX_IV_LENGTH];
 
     /** IV size in Bytes, for ciphers with variable-length IVs. */
-    size_t iv_size;
+    size_t MBEDTLS_PRIVATE(iv_size);
 
     /** The cipher-specific context. */
-    void *cipher_ctx;
+    void *MBEDTLS_PRIVATE(cipher_ctx);
 
 #if defined(MBEDTLS_CMAC_C)
     /** CMAC-specific context. */
-    mbedtls_cmac_context_t *cmac_ctx;
+    mbedtls_cmac_context_t *MBEDTLS_PRIVATE(cmac_ctx);
 #endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -354,7 +355,7 @@ typedef struct mbedtls_cipher_context_t
      *  mbedtls_cipher_setup(), and set if it was established through
      *  mbedtls_cipher_setup_psa().
      */
-    unsigned char psa_enabled;
+    unsigned char MBEDTLS_PRIVATE(psa_enabled);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 } mbedtls_cipher_context_t;
@@ -495,10 +496,10 @@ static inline unsigned int mbedtls_cipher_get_block_size(
     const mbedtls_cipher_context_t *ctx )
 {
     MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
-    if( ctx->cipher_info == NULL )
+    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
         return 0;
 
-    return ctx->cipher_info->block_size;
+    return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
 }
 
 /**
@@ -514,10 +515,10 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
     const mbedtls_cipher_context_t *ctx )
 {
     MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
-    if( ctx->cipher_info == NULL )
+    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
         return MBEDTLS_MODE_NONE;
 
-    return ctx->cipher_info->mode;
+    return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
 }
 
 /**
@@ -534,13 +535,13 @@ static inline int mbedtls_cipher_get_iv_size(
     const mbedtls_cipher_context_t *ctx )
 {
     MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
-    if( ctx->cipher_info == NULL )
+    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
         return 0;
 
-    if( ctx->iv_size != 0 )
-        return (int) ctx->iv_size;
+    if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 )
+        return (int) ctx->MBEDTLS_PRIVATE(iv_size);
 
-    return (int) ctx->cipher_info->iv_size;
+    return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
 }
 
 /**
@@ -556,10 +557,10 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
 {
     MBEDTLS_INTERNAL_VALIDATE_RET(
         ctx != NULL, MBEDTLS_CIPHER_NONE );
-    if( ctx->cipher_info == NULL )
+    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
         return MBEDTLS_CIPHER_NONE;
 
-    return ctx->cipher_info->type;
+    return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
 }
 
 /**
@@ -575,10 +576,10 @@ static inline const char *mbedtls_cipher_get_name(
     const mbedtls_cipher_context_t *ctx )
 {
     MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
-    if( ctx->cipher_info == NULL )
+    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
         return 0;
 
-    return ctx->cipher_info->name;
+    return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
 }
 
 /**
@@ -595,10 +596,10 @@ static inline int mbedtls_cipher_get_key_bitlen(
 {
     MBEDTLS_INTERNAL_VALIDATE_RET(
         ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
-    if( ctx->cipher_info == NULL )
+    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
         return MBEDTLS_KEY_LENGTH_NONE;
 
-    return (int) ctx->cipher_info->key_bitlen;
+    return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
 }
 
 /**
@@ -614,10 +615,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation(
 {
     MBEDTLS_INTERNAL_VALIDATE_RET(
         ctx != NULL, MBEDTLS_OPERATION_NONE );
-    if( ctx->cipher_info == NULL )
+    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
         return MBEDTLS_OPERATION_NONE;
 
-    return ctx->operation;
+    return ctx->MBEDTLS_PRIVATE(operation);
 }
 
 /**

include/mbedtls/ctr_drbg.h

@@ -40,6 +40,7 @@
 
 #ifndef MBEDTLS_CTR_DRBG_H
 #define MBEDTLS_CTR_DRBG_H
+#include "mbedtls/private_access.h"
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
@@ -168,8 +169,8 @@ extern "C" {
  */
 typedef struct mbedtls_ctr_drbg_context
 {
-    unsigned char counter[16];  /*!< The counter (V). */
-    int reseed_counter;         /*!< The reseed counter.
+    unsigned char MBEDTLS_PRIVATE(counter)[16];  /*!< The counter (V). */
+    int MBEDTLS_PRIVATE(reseed_counter);         /*!< The reseed counter.
                                  * This is the number of requests that have
                                  * been made since the last (re)seeding,
                                  * minus one.
@@ -179,25 +180,25 @@ typedef struct mbedtls_ctr_drbg_context
                                  * or -1 if no nonce length has been explicitly
                                  * set (see mbedtls_ctr_drbg_set_nonce_len()).
                                  */
-    int prediction_resistance;  /*!< This determines whether prediction
+    int MBEDTLS_PRIVATE(prediction_resistance);  /*!< This determines whether prediction
                                      resistance is enabled, that is
                                      whether to systematically reseed before
                                      each random generation. */
-    size_t entropy_len;         /*!< The amount of entropy grabbed on each
+    size_t MBEDTLS_PRIVATE(entropy_len);         /*!< The amount of entropy grabbed on each
                                      seed or reseed operation, in bytes. */
-    int reseed_interval;        /*!< The reseed interval.
+    int MBEDTLS_PRIVATE(reseed_interval);        /*!< The reseed interval.
                                  * This is the maximum number of requests
                                  * that can be made between reseedings. */
 
-    mbedtls_aes_context aes_ctx;        /*!< The AES context. */
+    mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx);        /*!< The AES context. */
 
     /*
      * Callbacks (Entropy)
      */
-    int (*f_entropy)(void *, unsigned char *, size_t);
+    int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
                                 /*!< The entropy callback function. */
 
-    void *p_entropy;            /*!< The context for the entropy function. */
+    void *MBEDTLS_PRIVATE(p_entropy);            /*!< The context for the entropy function. */
 
 #if defined(MBEDTLS_THREADING_C)
     /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
@@ -207,7 +208,7 @@ typedef struct mbedtls_ctr_drbg_context
      * Note that this invariant may change without notice. Do not rely on it
      * and do not access the mutex directly in application code.
      */
-    mbedtls_threading_mutex_t mutex;
+    mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
 #endif
 }
 mbedtls_ctr_drbg_context;

include/mbedtls/ecdh.h

@@ -31,6 +31,7 @@
 
 #ifndef MBEDTLS_ECDH_H
 #define MBEDTLS_ECDH_H
+#include "mbedtls/private_access.h"
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
@@ -104,18 +105,18 @@ typedef struct mbedtls_ecdh_context_mbed
 typedef struct mbedtls_ecdh_context
 {
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    mbedtls_ecp_group grp;   /*!< The elliptic curve used. */
-    mbedtls_mpi d;           /*!< The private key. */
-    mbedtls_ecp_point Q;     /*!< The public key. */
-    mbedtls_ecp_point Qp;    /*!< The value of the public key of the peer. */
-    mbedtls_mpi z;           /*!< The shared secret. */
-    int point_format;        /*!< The format of point export in TLS messages. */
-    mbedtls_ecp_point Vi;    /*!< The blinding value. */
-    mbedtls_ecp_point Vf;    /*!< The unblinding value. */
-    mbedtls_mpi _d;          /*!< The previous \p d. */
+    mbedtls_ecp_group MBEDTLS_PRIVATE(grp);   /*!< The elliptic curve used. */
+    mbedtls_mpi MBEDTLS_PRIVATE(d);           /*!< The private key. */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Q);     /*!< The public key. */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Qp);    /*!< The value of the public key of the peer. */
+    mbedtls_mpi MBEDTLS_PRIVATE(z);           /*!< The shared secret. */
+    int MBEDTLS_PRIVATE(point_format);        /*!< The format of point export in TLS messages. */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Vi);    /*!< The blinding value. */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Vf);    /*!< The unblinding value. */
+    mbedtls_mpi MBEDTLS_PRIVATE(_d);          /*!< The previous \p d. */
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    int restart_enabled;        /*!< The flag for restartable mode. */
-    mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
+    int MBEDTLS_PRIVATE(restart_enabled);        /*!< The flag for restartable mode. */
+    mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 #else
     uint8_t point_format;       /*!< The format of point export in TLS messages