From 22245cb2942531adf8010654757dcbde43c8064b Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Fri, 13 Mar 2026 15:15:09 +0000
Subject: [PATCH 1/2] Add unused fields to SSL structs

These fields reserve a small space for us to repurpose in the lifetime
of the 4.1 LTS release without breaking the ABI, if needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 include/mbedtls/ssl.h | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 8f58b3e9c0..c4cbaaf4e0 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1239,6 +1239,12 @@ struct mbedtls_ssl_session {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets);
 #endif
+
+    /* Unused field reserved for future use */
+    union {
+        size_t number;
+        void *ptr;
+    } MBEDTLS_PRIVATE(unused);
 };
 
 /*
@@ -1565,6 +1571,12 @@ struct mbedtls_ssl_config {
 #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
     const mbedtls_x509_crt *MBEDTLS_PRIVATE(dn_hints);/*!< acceptable client cert issuers    */
 #endif
+
+    /* Unused field reserved for future use */
+    union {
+        size_t number;
+        void *ptr;
+    } MBEDTLS_PRIVATE(unused);
 };
 
 struct mbedtls_ssl_context {
@@ -1848,6 +1860,12 @@ struct mbedtls_ssl_context {
      *          does not currently restore the user data.
      */
     mbedtls_ssl_user_data_t MBEDTLS_PRIVATE(user_data);
+
+    /* Unused field reserved for future use */
+    union {
+        size_t number;
+        void *ptr;
+    } MBEDTLS_PRIVATE(unused);
 };
 
 /**

From a9ba5975f8a2340ad43c194483d49ce8ab3ef2e5 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Fri, 13 Mar 2026 15:17:26 +0000
Subject: [PATCH 2/2] Add unused field to mbedtls_x509_crt structure

This field reserves a small space for us to repurpose in the lifetime
of the 4.1 LTS release without breaking the ABI, if needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 include/mbedtls/x509_crt.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 8ee7c464af..0a7b532404 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -82,6 +82,12 @@ typedef struct mbedtls_x509_crt {
     mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
     mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk);           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
 
+    /* Unused field reserved for future use */
+    union {
+        size_t number;
+        void *ptr;
+    } MBEDTLS_PRIVATE(unused);
+
     /** Next certificate in the linked list that constitutes the CA chain.
      * \p NULL indicates the end of the list.
      * Do not modify this field directly. */