commit 2abe51cc751c16b618dfa55219e91172254bb463
author Mateusz Starzyk <mateusz.starzyk@mobica.com> Mon Jun 07 11:08:01 2021 +0200
committer Mateusz Starzyk <mateusz.starzyk@mobica.com> Mon Jun 07 11:08:01 2021 +0200
tree b2d5ff6c25922db892d1f7f10cef49e097c96171
parent 854a25c7a4c61a34c75c9005640f5fd1008a5155

Extend setup_and_run script to cover remaining configurations.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>

include/mbedtls/ecdh.h

diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 807c884..2a0980b 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -134,8 +134,8 @@
     mbedtls_ecp_point MBEDTLS_PRIVATE(Vf);    /*!< The unblinding value. */
     mbedtls_mpi MBEDTLS_PRIVATE(_d);          /*!< The previous \p d. */
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    int restart_enabled;        /*!< The flag for restartable mode. */
-    mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
+    int MBEDTLS_PRIVATE(restart_enabled);        /*!< The flag for restartable mode. */
+    mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 #else
     uint8_t MBEDTLS_PRIVATE(point_format);       /*!< The format of point export in TLS messages

include/mbedtls/ecdsa.h

diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index cf063a0..735d377 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -29,6 +29,7 @@
 
 #ifndef MBEDTLS_ECDSA_H
 #define MBEDTLS_ECDSA_H
+#include "mbedtls/private_access.h"
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"

include/mbedtls/entropy.h

diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index d707bdd..78591e7 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -124,7 +124,7 @@
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
     mbedtls_sha512_context  MBEDTLS_PRIVATE(accumulator);
 #else
-    mbedtls_sha256_context  accumulator;
+    mbedtls_sha256_context  MBEDTLS_PRIVATE(accumulator);
 #endif
     int             MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
     mbedtls_entropy_source_state    MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 2dda6ad..b6b9c8c 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -940,9 +940,9 @@
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     /*! The digest of the peer's end-CRT. This must be kept to detect CRT
      *  changes during renegotiation, mitigating the triple handshake attack. */
-    unsigned char *peer_cert_digest;
-    size_t peer_cert_digest_len;
-    mbedtls_md_type_t peer_cert_digest_type;
+    unsigned char *MBEDTLS_PRIVATE(peer_cert_digest);
+    size_t MBEDTLS_PRIVATE(peer_cert_digest_len);
+    mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type);
 #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
     uint32_t MBEDTLS_PRIVATE(verify_result);          /*!<  verification result     */

include/mbedtls/ssl_cookie.h

diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 6806dbd..c4f042c 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -59,7 +59,7 @@
 {
     mbedtls_md_context_t    MBEDTLS_PRIVATE(hmac_ctx);   /*!< context for the HMAC portion   */
 #if !defined(MBEDTLS_HAVE_TIME)
-    unsigned long   serial;     /*!< serial number for expiration   */
+    unsigned long   MBEDTLS_PRIVATE(serial);     /*!< serial number for expiration   */
 #endif
     unsigned long   MBEDTLS_PRIVATE(timeout);    /*!< timeout delay, in seconds if HAVE_TIME,
                                      or in number of tickets issued */

include/psa/crypto_platform.h

diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index 8acf22c..d60b773 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -32,6 +32,7 @@
 
 #ifndef PSA_CRYPTO_PLATFORM_H
 #define PSA_CRYPTO_PLATFORM_H
+#include "mbedtls/private_access.h"
 
 /* Include the Mbed TLS configuration file, the way Mbed TLS does it
  * in each of its header files. */
@@ -92,7 +93,7 @@
  * are expected to replace it with a custom definition.
  */
 typedef struct {
-    uintptr_t opaque[2];
+    uintptr_t MBEDTLS_PRIVATE(opaque)[2];
 } mbedtls_psa_external_random_context_t;
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 

setup_and_run_MBEDTLS_PRIVATE.sh

diff --git a/setup_and_run_MBEDTLS_PRIVATE.sh b/setup_and_run_MBEDTLS_PRIVATE.sh
index 9a0e599..aaf0a1c 100755
--- a/setup_and_run_MBEDTLS_PRIVATE.sh
+++ b/setup_and_run_MBEDTLS_PRIVATE.sh
@@ -8,3 +8,24 @@
 cd ..
 python3 apply_MBEDTLS_PRIVATE.py
 git checkout include/mbedtls/config.h doxygen/mbedtls.doxyfile
+
+make clean
+sed -i 's/GENERATE_XML           = NO/GENERATE_XML           = YES/g' doxygen/mbedtls.doxyfile
+scripts/config.py set MBEDTLS_ECP_RESTARTABLE
+scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+scripts/config.py unset MBEDTLS_HAVE_TIME
+cd doxygen
+doxygen mbedtls.doxyfile
+cd ..
+python3 apply_MBEDTLS_PRIVATE.py
+git checkout include/mbedtls/config.h doxygen/mbedtls.doxyfile
+
+make clean
+sed -i 's/GENERATE_XML           = NO/GENERATE_XML           = YES/g' doxygen/mbedtls.doxyfile
+scripts/config.py realfull
+cd doxygen
+doxygen mbedtls.doxyfile
+cd ..
+python3 apply_MBEDTLS_PRIVATE.py
+git checkout include/mbedtls/config.h doxygen/mbedtls.doxyfile
+