From bc48725b64c6ebec8dbdf1b1c4142c824a37a607 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 16 Jun 2025 13:37:03 +0200 Subject: [PATCH 1/7] Include fixups (headers moves to private directory) Signed-off-by: Anton Matkin --- include/mbedtls/debug.h | 2 +- include/mbedtls/error.h | 2 +- include/mbedtls/ssl.h | 6 +-- include/mbedtls/ssl_ciphersuites.h | 2 +- include/mbedtls/x509.h | 2 +- include/mbedtls/x509_crt.h | 2 +- library/pkcs7.c | 2 +- library/ssl_misc.h | 10 ++-- library/ssl_msg.c | 2 +- library/ssl_tls.c | 2 +- library/ssl_tls12_server.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_server.c | 2 +- library/x509.c | 2 +- library/x509_create.c | 2 +- library/x509_crl.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- library/x509_internal.h | 2 +- library/x509_oid.c | 2 +- library/x509write.c | 2 +- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- programs/fuzz/fuzz_client.c | 4 +- programs/fuzz/fuzz_dtlsclient.c | 4 +- programs/fuzz/fuzz_dtlsserver.c | 4 +- programs/fuzz/fuzz_server.c | 4 +- programs/ssl/dtls_client.c | 4 +- programs/ssl/dtls_server.c | 4 +- programs/ssl/mini_client.c | 4 +- programs/ssl/ssl_client1.c | 4 +- programs/ssl/ssl_fork_server.c | 4 +- programs/ssl/ssl_mail_client.c | 4 +- programs/ssl/ssl_pthread_server.c | 4 +- programs/ssl/ssl_server.c | 4 +- programs/ssl/ssl_test_lib.h | 6 +-- programs/test/selftest.c | 46 +++++++++---------- programs/x509/cert_app.c | 4 +- programs/x509/cert_req.c | 4 +- programs/x509/cert_write.c | 6 +-- .../psasim/src/aut_psa_random.c | 2 +- tests/suites/test_suite_pkcs7.function | 6 +-- tests/suites/test_suite_x509parse.function | 4 +- tests/suites/test_suite_x509write.function | 6 +-- tf-psa-crypto | 2 +- 45 files changed, 96 insertions(+), 96 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index b6d4e27052..c293e87315 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -15,7 +15,7 @@ #include "mbedtls/ssl.h" #if defined(MBEDTLS_ECP_C) -#include "mbedtls/ecp.h" +#include "mbedtls/private/ecp.h" #endif #if defined(MBEDTLS_DEBUG_C) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 7abb00fd03..ee3d093c93 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -11,7 +11,7 @@ #define MBEDTLS_ERROR_H #include "mbedtls/build_info.h" -#include "mbedtls/error_common.h" +#include "mbedtls/private/error_common.h" #include diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 628d5c7e71..36132c34e3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -14,8 +14,8 @@ #include "mbedtls/build_info.h" -#include "mbedtls/bignum.h" -#include "mbedtls/ecp.h" +#include "mbedtls/private/bignum.h" +#include "mbedtls/private/ecp.h" #include "mbedtls/ssl_ciphersuites.h" @@ -27,7 +27,7 @@ #include "mbedtls/md.h" #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) -#include "mbedtls/ecdh.h" +#include "mbedtls/private/ecdh.h" #endif #if defined(MBEDTLS_HAVE_TIME) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index b03123107c..c97f6abeee 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -14,7 +14,7 @@ #include "mbedtls/build_info.h" #include "mbedtls/pk.h" -#include "mbedtls/cipher.h" +#include "mbedtls/private/cipher.h" #include "mbedtls/md.h" #ifdef __cplusplus diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index b1a80e3011..f0742a8a87 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -17,7 +17,7 @@ #include "mbedtls/pk.h" #if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" #endif /** diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index bbe5fc45cf..a7bf0291aa 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -15,7 +15,7 @@ #include "mbedtls/x509.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/bignum.h" +#include "mbedtls/private/bignum.h" /** * \addtogroup x509_module diff --git a/library/pkcs7.c b/library/pkcs7.c index 3481cbdb1b..57b4e96bdf 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -9,7 +9,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/error.h" diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 981ac0ecf1..ed3c4a776f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -19,26 +19,26 @@ #include "mbedtls/debug.h" #include "debug_internal.h" -#include "mbedtls/cipher.h" +#include "mbedtls/private/cipher.h" #include "psa/crypto.h" #include "psa_util_internal.h" extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; #if defined(PSA_WANT_ALG_MD5) -#include "mbedtls/md5.h" +#include "mbedtls/private/md5.h" #endif #if defined(PSA_WANT_ALG_SHA_1) -#include "mbedtls/sha1.h" +#include "mbedtls/private/sha1.h" #endif #if defined(PSA_WANT_ALG_SHA_256) -#include "mbedtls/sha256.h" +#include "mbedtls/private/sha256.h" #endif #if defined(PSA_WANT_ALG_SHA_512) -#include "mbedtls/sha512.h" +#include "mbedtls/private/sha512.h" #endif #include "mbedtls/pk.h" diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 731cbc8ece..fd7e16cb97 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -30,7 +30,7 @@ #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #endif /* Define a local translating function to save code size by not using too many diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9144f9222b..c575a428e8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -34,7 +34,7 @@ #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #endif /* Define local translating functions to save code size by not using too many diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index b2b5e33c0b..181c6de3a0 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -34,7 +34,7 @@ static int local_err_translation(psa_status_t status) #endif #if defined(MBEDTLS_ECP_C) -#include "mbedtls/ecp.h" +#include "mbedtls/private/ecp.h" #endif #if defined(MBEDTLS_HAVE_TIME) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index e88c00a564..756d5290b4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -13,7 +13,7 @@ #include "mbedtls/error.h" #include "debug_internal.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "psa/crypto.h" diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index dc50bee868..2a4744572b 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -13,7 +13,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "mbedtls/psa_util.h" #include "ssl_tls13_keys.h" diff --git a/library/x509.c b/library/x509.c index 1adff8fafc..9d7b4b7e23 100644 --- a/library/x509.c +++ b/library/x509.c @@ -21,7 +21,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_create.c b/library/x509_create.c index 370eb9b2e1..341d74189e 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -11,7 +11,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_crl.c b/library/x509_crl.c index 0b98ba4664..e8aca5bb80 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "mbedtls/platform_util.h" #include diff --git a/library/x509_crt.c b/library/x509_crt.c index e6b9252859..df1dbf6179 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -23,7 +23,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_csr.c b/library/x509_csr.c index 32a3bb2e78..e78b5d7e60 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_internal.h b/library/x509_internal.h index b44b957f9b..5505b9778c 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -19,7 +19,7 @@ #include "pk_internal.h" #if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" #endif int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, diff --git a/library/x509_oid.c b/library/x509_oid.c index cc0063bcd3..8963529853 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -14,7 +14,7 @@ * disabled. */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include diff --git a/library/x509write.c b/library/x509write.c index 0906a5a9d1..1d4d556291 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -11,7 +11,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 663b308d62..ccf5a92281 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -18,7 +18,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 8e37278f95..88e5e5ae81 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -17,7 +17,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 0878480ea7..70eb656487 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -1,8 +1,8 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "fuzz_common.h" #include diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index ca7626d5ba..c83f314138 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -6,8 +6,8 @@ #include "fuzz_common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/timing.h" #include "test/certs.h" diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 4f159fbefe..dd2a8b644b 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -7,8 +7,8 @@ #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/timing.h" #include "mbedtls/ssl_cookie.h" diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 3a5e502fe5..3b1054e16a 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -1,8 +1,8 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" #include "fuzz_common.h" diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 26eb20d49f..bb1d5af2e3 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -31,8 +31,8 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "mbedtls/timing.h" #include "test/certs.h" diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 0e155fd0d2..479b5430f9 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -45,8 +45,8 @@ int main(void) #include #include -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_cookie.h" diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index e3adb3cf8a..96d41b35ba 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -43,8 +43,8 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include #include diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index dba8aab658..c56ff0702f 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -27,8 +27,8 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "test/certs.h" diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index f8752bb604..ff1c877ee2 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -31,8 +31,8 @@ int main(void) } #else -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 521bc5418a..0c2822cb30 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -38,8 +38,8 @@ int main(void) #include "mbedtls/error.h" #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "mbedtls/x509.h" diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 5701a7b838..867926d98c 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -38,8 +38,8 @@ int main(void) #include #endif -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 2f26ca4801..fd9da18490 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -31,8 +31,8 @@ int main(void) #include #endif -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 20dbe61dfe..1dda8d62ac 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -43,9 +43,9 @@ #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/hmac_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" +#include "mbedtls/private/hmac_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/error.h" #include "mbedtls/debug.h" diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 372a84dc79..2c2b48ed82 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -9,31 +9,31 @@ #include "mbedtls/build_info.h" -#include "mbedtls/entropy.h" -#include "mbedtls/hmac_drbg.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/gcm.h" -#include "mbedtls/ccm.h" -#include "mbedtls/cmac.h" -#include "mbedtls/md5.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/sha3.h" -#include "mbedtls/aes.h" -#include "mbedtls/camellia.h" -#include "mbedtls/aria.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/poly1305.h" -#include "mbedtls/chachapoly.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/hmac_drbg.h" +#include "mbedtls/private/ctr_drbg.h" +#include "mbedtls/private/gcm.h" +#include "mbedtls/private/ccm.h" +#include "mbedtls/private/cmac.h" +#include "mbedtls/private/md5.h" +#include "mbedtls/private/ripemd160.h" +#include "mbedtls/private/sha1.h" +#include "mbedtls/private/sha256.h" +#include "mbedtls/private/sha512.h" +#include "mbedtls/private/sha3.h" +#include "mbedtls/private/aes.h" +#include "mbedtls/private/camellia.h" +#include "mbedtls/private/aria.h" +#include "mbedtls/private/chacha20.h" +#include "mbedtls/private/poly1305.h" +#include "mbedtls/private/chachapoly.h" #include "mbedtls/base64.h" -#include "mbedtls/bignum.h" -#include "mbedtls/rsa.h" +#include "mbedtls/private/bignum.h" +#include "mbedtls/private/rsa.h" #include "mbedtls/x509.h" -#include "mbedtls/pkcs5.h" -#include "mbedtls/ecp.h" -#include "mbedtls/ecjpake.h" +#include "mbedtls/private/pkcs5.h" +#include "mbedtls/private/ecp.h" +#include "mbedtls/private/ecjpake.h" #include "mbedtls/timing.h" #include "mbedtls/nist_kw.h" #include "mbedtls/debug.h" diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index c747505519..2f31a8e3ae 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -27,8 +27,8 @@ int main(void) } #else -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/x509.h" diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 02fd567841..c20f08d569 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -29,8 +29,8 @@ int main(void) #else #include "mbedtls/x509_csr.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index fb55c3f291..be3223088e 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -30,9 +30,9 @@ int main(void) #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" -#include "mbedtls/oid.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/oid.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "test/helpers.h" diff --git a/tests/psa-client-server/psasim/src/aut_psa_random.c b/tests/psa-client-server/psasim/src/aut_psa_random.c index 5880c4deb9..203f4d44ba 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_random.c +++ b/tests/psa-client-server/psasim/src/aut_psa_random.c @@ -10,7 +10,7 @@ #include #include -#include "mbedtls/entropy.h" +#include "mbedtls/private/entropy.h" #define BUFFER_SIZE 100 diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 0c4a00b9e3..335bec5a88 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -1,14 +1,14 @@ /* BEGIN_HEADER */ -#include "mbedtls/bignum.h" +#include "mbedtls/private/bignum.h" #include "mbedtls/pkcs7.h" #include "mbedtls/x509.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" #include "x509_internal.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "sys/types.h" #include "sys/stat.h" -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" #include "mbedtls/error.h" /* END_HEADER */ diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 079dca48c9..4ce66e9074 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1,12 +1,12 @@ /* BEGIN_HEADER */ -#include "mbedtls/bignum.h" +#include "mbedtls/private/bignum.h" #include "mbedtls/x509.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/base64.h" #include "mbedtls/error.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 000c09a950..0c0e7993e2 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -1,12 +1,12 @@ /* BEGIN_HEADER */ -#include "mbedtls/bignum.h" +#include "mbedtls/private/bignum.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "mbedtls/pk.h" diff --git a/tf-psa-crypto b/tf-psa-crypto index 3fd4e754b2..20524a8972 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 3fd4e754b283d7b766d8f3798fe07d42b3bcf961 +Subproject commit 20524a89722972a7dbf06a32ab7bb225053713f6 From 5fe229da406288db00f566ab42721311b8997222 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 16 Jun 2025 15:06:22 +0200 Subject: [PATCH 2/7] Update framework submodule git link: Signed-off-by: Anton Matkin --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 3f2ef1ecf6..f6e287cd79 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 3f2ef1ecf6d70b1e6bb7ad587f9a5bd6eaf65a2a +Subproject commit f6e287cd798535f56b9fd33cdd5585fbc399ad0e From 7a65ce6737ff83b1f22081ecfdddb0510c8739ef Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 16 Jun 2025 23:23:36 +0200 Subject: [PATCH 3/7] Unfortunately, we had two files named oid.h - one in the main repo, and one in the tf-psa-crypto repo, and these files included the mbedtls one, so I restored the header include Signed-off-by: Anton Matkin --- library/pkcs7.c | 2 +- library/ssl_msg.c | 2 +- library/ssl_tls.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_server.c | 2 +- library/x509.c | 2 +- library/x509_create.c | 2 +- library/x509_crl.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- library/x509_oid.c | 2 +- library/x509write.c | 2 +- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- programs/x509/cert_write.c | 2 +- tests/suites/test_suite_pkcs7.function | 2 +- tests/suites/test_suite_x509parse.function | 2 +- tests/suites/test_suite_x509write.function | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 57b4e96bdf..3481cbdb1b 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -9,7 +9,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/error.h" diff --git a/library/ssl_msg.c b/library/ssl_msg.c index fd7e16cb97..731cbc8ece 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -30,7 +30,7 @@ #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #endif /* Define a local translating function to save code size by not using too many diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c575a428e8..9144f9222b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -34,7 +34,7 @@ #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #endif /* Define local translating functions to save code size by not using too many diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 756d5290b4..e88c00a564 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -13,7 +13,7 @@ #include "mbedtls/error.h" #include "debug_internal.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "psa/crypto.h" diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2a4744572b..dc50bee868 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -13,7 +13,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/psa_util.h" #include "ssl_tls13_keys.h" diff --git a/library/x509.c b/library/x509.c index 9d7b4b7e23..1adff8fafc 100644 --- a/library/x509.c +++ b/library/x509.c @@ -21,7 +21,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_create.c b/library/x509_create.c index 341d74189e..370eb9b2e1 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -11,7 +11,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_crl.c b/library/x509_crl.c index e8aca5bb80..0b98ba4664 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/platform_util.h" #include diff --git a/library/x509_crt.c b/library/x509_crt.c index df1dbf6179..e6b9252859 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -23,7 +23,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_csr.c b/library/x509_csr.c index e78b5d7e60..32a3bb2e78 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_oid.c b/library/x509_oid.c index 8963529853..cc0063bcd3 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -14,7 +14,7 @@ * disabled. */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509write.c b/library/x509write.c index 1d4d556291..0906a5a9d1 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -11,7 +11,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index ccf5a92281..663b308d62 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -18,7 +18,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 88e5e5ae81..8e37278f95 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -17,7 +17,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index be3223088e..2ed63f08de 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -30,7 +30,7 @@ int main(void) #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/private/entropy.h" #include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 335bec5a88..91e0e46ae3 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -5,7 +5,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" #include "x509_internal.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "sys/types.h" #include "sys/stat.h" #include "mbedtls/private/rsa.h" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 4ce66e9074..f813cc1ac3 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -6,7 +6,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/base64.h" #include "mbedtls/error.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 0c0e7993e2..40677f2338 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -4,7 +4,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/private/rsa.h" #include "mbedtls/asn1.h" From 4e091786cab3fda62331e8597a69bad29c19c751 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 4 Jul 2025 15:07:15 +0200 Subject: [PATCH 4/7] Moved the MbedTLS config adjust headers to a private subdirectory Signed-off-by: Anton Matkin --- include/mbedtls/build_info.h | 4 ++-- include/mbedtls/{ => private}/config_adjust_ssl.h | 2 +- include/mbedtls/{ => private}/config_adjust_x509.h | 2 +- tests/scripts/libtestdriver1_rewrite.pl | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) rename include/mbedtls/{ => private}/config_adjust_ssl.h (98%) rename include/mbedtls/{ => private}/config_adjust_x509.h (96%) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index c6e89db677..b46db36d1f 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -74,9 +74,9 @@ */ #define MBEDTLS_CONFIG_FILES_READ -#include "mbedtls/config_adjust_x509.h" +#include "mbedtls/private/config_adjust_x509.h" -#include "mbedtls/config_adjust_ssl.h" +#include "mbedtls/private/config_adjust_ssl.h" /* Indicate that all configuration symbols are set, * even the ones that are calculated programmatically. diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/private/config_adjust_ssl.h similarity index 98% rename from include/mbedtls/config_adjust_ssl.h rename to include/mbedtls/private/config_adjust_ssl.h index 36641e18b6..4e006f86da 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/private/config_adjust_ssl.h @@ -1,5 +1,5 @@ /** - * \file mbedtls/config_adjust_ssl.h + * \file mbedtls/private/config_adjust_ssl.h * \brief Adjust TLS configuration * * This is an internal header. Do not include it directly. diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/private/config_adjust_x509.h similarity index 96% rename from include/mbedtls/config_adjust_x509.h rename to include/mbedtls/private/config_adjust_x509.h index cfb2d88916..4af976666b 100644 --- a/include/mbedtls/config_adjust_x509.h +++ b/include/mbedtls/private/config_adjust_x509.h @@ -1,5 +1,5 @@ /** - * \file mbedtls/config_adjust_x509.h + * \file mbedtls/private/config_adjust_x509.h * \brief Adjust X.509 configuration * * This is an internal header. Do not include it directly. diff --git a/tests/scripts/libtestdriver1_rewrite.pl b/tests/scripts/libtestdriver1_rewrite.pl index f96ff5e05c..36143b0caf 100755 --- a/tests/scripts/libtestdriver1_rewrite.pl +++ b/tests/scripts/libtestdriver1_rewrite.pl @@ -22,8 +22,8 @@ my $private_files_regex = join('|', map { quotemeta($_) } @private_files); while (<>) { s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!${1}libtestdriver1/include/mbedtls/build_info.h!; s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; - s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; - s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/private/config_adjust_x509.h!${1}libtestdriver1/include/mbedtls/private/config_adjust_x509.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/private/config_adjust_ssl.h!${1}libtestdriver1/include/mbedtls/private/config_adjust_ssl.h!; s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!${1}libtestdriver1/include/mbedtls/check_config.h!; # Files in include/mbedtls and drivers/builtin/include/mbedtls are both # included in files via #include mbedtls/.h, so when expanding to the From 34b3bb3a3ff1bfa38db3354c80647d6d3bfffc7f Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 29 Aug 2025 07:18:06 +0200 Subject: [PATCH 5/7] Updated the framework pointer Signed-off-by: Anton Matkin --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index f6e287cd79..a85d4bfa3b 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit f6e287cd798535f56b9fd33cdd5585fbc399ad0e +Subproject commit a85d4bfa3b25dced8229a27800b9498b9fbb5439 From bb7b2b765fb4178e756b5087bc4195b07f43dd11 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 29 Aug 2025 08:04:35 +0200 Subject: [PATCH 6/7] Fixed the mbedtls installation cmake: now private headers, which are used in the installation, are included in it too Signed-off-by: Anton Matkin --- include/CMakeLists.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index 755efedd1c..9ea17af8b8 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -7,6 +7,12 @@ if(INSTALL_MBEDTLS_HEADERS) install(FILES ${headers} DESTINATION include/mbedtls PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) + + file(GLOB private_headers "mbedtls/private/*.h") + + install(FILES ${private_headers} + DESTINATION include/mbedtls/private + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endif(INSTALL_MBEDTLS_HEADERS) # Make mbedtls_config.h available in an out-of-source build. ssl-opt.sh requires it. From 55862e126fc724bf147840ba086dc9b17dae8704 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 29 Aug 2025 09:39:34 +0200 Subject: [PATCH 7/7] Updated the framework pointer Signed-off-by: Anton Matkin --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index a85d4bfa3b..6cb0bcb7d8 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit a85d4bfa3b25dced8229a27800b9498b9fbb5439 +Subproject commit 6cb0bcb7d8dad05e29f611117b69accc4626a62f