From 1434e2b57639d881920fe3b2427dca78c59c48b6 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 16 Apr 2025 15:28:01 +0100 Subject: [PATCH 1/3] Privatize functions and some types/macros in cipher.h Signed-off-by: Felix Conway --- drivers/builtin/include/mbedtls/cipher.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/builtin/include/mbedtls/cipher.h b/drivers/builtin/include/mbedtls/cipher.h index 2650cb4714..a442cef484 100644 --- a/drivers/builtin/include/mbedtls/cipher.h +++ b/drivers/builtin/include/mbedtls/cipher.h @@ -49,8 +49,10 @@ /** The context is invalid. For example, because it was freed. */ #define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 +#if defined(MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS) #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */ #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */ +#endif #ifdef __cplusplus extern "C" { @@ -168,6 +170,7 @@ typedef enum { MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */ } mbedtls_cipher_type_t; +#if defined(MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS) /** Supported cipher modes. */ typedef enum { MBEDTLS_MODE_NONE = 0, /**< None. */ @@ -194,6 +197,7 @@ typedef enum { MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */ MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */ } mbedtls_cipher_padding_t; +#endif /* MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS */ /** Type of operation. */ typedef enum { @@ -202,6 +206,7 @@ typedef enum { MBEDTLS_ENCRYPT, } mbedtls_operation_t; +#if defined(MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS) enum { /** Undefined key length. */ MBEDTLS_KEY_LENGTH_NONE = 0, @@ -212,6 +217,7 @@ enum { /** Key length in bits, including parity, for DES in three-key EDE. \warning 3DES is considered weak. */ MBEDTLS_KEY_LENGTH_DES_EDE3 = 192, }; +#endif /* MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS */ /** Maximum length of any IV, in Bytes. */ /* This should ideally be derived automatically from list of ciphers. @@ -302,10 +308,13 @@ typedef struct mbedtls_cipher_info_t { } mbedtls_cipher_info_t; +#if defined(MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS) /* For internal use only. * These are used to more compactly represent the fields above. */ #define MBEDTLS_KEY_BITLEN_SHIFT 6 #define MBEDTLS_IV_SIZE_SHIFT 2 +#endif + /** * Generic cipher context. */ @@ -363,6 +372,7 @@ typedef struct mbedtls_cipher_context_t { } mbedtls_cipher_context_t; +#if defined(MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS) /** * \brief This function retrieves the list of ciphers supported * by the generic cipher module. @@ -1160,6 +1170,9 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len); #endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ + +#endif /* MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS */ + #ifdef __cplusplus } #endif From 458ec1ea5ff537404c3eba7432df1a408ce64f06 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 17 Apr 2025 10:58:26 +0100 Subject: [PATCH 2/3] Unprivatized some macros and types to fix CI Signed-off-by: Felix Conway --- drivers/builtin/include/mbedtls/cipher.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/builtin/include/mbedtls/cipher.h b/drivers/builtin/include/mbedtls/cipher.h index a442cef484..a54866c3d5 100644 --- a/drivers/builtin/include/mbedtls/cipher.h +++ b/drivers/builtin/include/mbedtls/cipher.h @@ -170,7 +170,6 @@ typedef enum { MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */ } mbedtls_cipher_type_t; -#if defined(MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS) /** Supported cipher modes. */ typedef enum { MBEDTLS_MODE_NONE = 0, /**< None. */ @@ -189,6 +188,7 @@ typedef enum { MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */ } mbedtls_cipher_mode_t; +#if defined(MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS) /** Supported cipher padding types. */ typedef enum { MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */ @@ -308,12 +308,10 @@ typedef struct mbedtls_cipher_info_t { } mbedtls_cipher_info_t; -#if defined(MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS) /* For internal use only. * These are used to more compactly represent the fields above. */ #define MBEDTLS_KEY_BITLEN_SHIFT 6 #define MBEDTLS_IV_SIZE_SHIFT 2 -#endif /** * Generic cipher context. From a940ddeec2cc38b5690a8c17d05701a4f7aaa225 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 22 Apr 2025 14:57:11 +0100 Subject: [PATCH 3/3] Re-privatize KEY_BITLEN_SHIFT & IV_SIZE_SHIFT Signed-off-by: Felix Conway --- drivers/builtin/include/mbedtls/cipher.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/builtin/include/mbedtls/cipher.h b/drivers/builtin/include/mbedtls/cipher.h index a54866c3d5..e5ce3d9b29 100644 --- a/drivers/builtin/include/mbedtls/cipher.h +++ b/drivers/builtin/include/mbedtls/cipher.h @@ -272,13 +272,13 @@ typedef struct mbedtls_cipher_info_t { /** The block size, in bytes. */ unsigned int MBEDTLS_PRIVATE(block_size) : 5; - /** IV or nonce size, in bytes (right shifted by #MBEDTLS_IV_SIZE_SHIFT). + /** IV or nonce size, in bytes (right shifted by MBEDTLS_IV_SIZE_SHIFT). * For ciphers that accept variable IV sizes, * this is the recommended size. */ unsigned int MBEDTLS_PRIVATE(iv_size) : 3; - /** The cipher key length, in bits (right shifted by #MBEDTLS_KEY_BITLEN_SHIFT). + /** The cipher key length, in bits (right shifted by MBEDTLS_KEY_BITLEN_SHIFT). * This is the default length for variable sized ciphers. * Includes parity bits for ciphers like DES. */ @@ -308,10 +308,12 @@ typedef struct mbedtls_cipher_info_t { } mbedtls_cipher_info_t; +#if defined(MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS) /* For internal use only. * These are used to more compactly represent the fields above. */ #define MBEDTLS_KEY_BITLEN_SHIFT 6 #define MBEDTLS_IV_SIZE_SHIFT 2 +#endif /** * Generic cipher context.