Merge pull request #4801 from hanno-arm/ssl_session_exported_private

Explicitly mark fields as private via MBEDTLS_PRIVATE(...)
2025-03-30 07:20:59 +00:00 · 2021-07-30 14:39:07 +01:00 · 2021-07-30 14:39:07 +01:00 · 677c6c4cac
commit 677c6c4cac
parent 8da9dc05e8 5d26efdea3
2 changed files with 7 additions and 2 deletions
--- a/ChangeLog.d/session_export_private.txt
+++ b/ChangeLog.d/session_export_private.txt
@ -0,0 +1,5 @@
+Changes
+    * Explicitly mark the fields mbedtls_ssl_session.exported and
+      mbedtls_ssl_config.respect_cli_pref as private. This was an
+      oversight during the run-up to the release of Mbed TLS 3.0.
+      The fields were never intended to be public.
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -925,7 +925,7 @@ struct mbedtls_ssl_session
    unsigned char MBEDTLS_PRIVATE(id)[32];       /*!< session identifier */
    unsigned char MBEDTLS_PRIVATE(master)[48];   /*!< the master secret  */

-    unsigned char exported;
+    unsigned char MBEDTLS_PRIVATE(exported);

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
@ -1214,7 +1214,7 @@ struct mbedtls_ssl_config
 #if defined(MBEDTLS_SSL_SRV_C)
    unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1;  /*!< enable sending CA list in
                                          Certificate Request messages?     */
-    unsigned int respect_cli_pref : 1;  /*!< pick the ciphersuite according to
+    unsigned int MBEDTLS_PRIVATE(respect_cli_pref) : 1;  /*!< pick the ciphersuite according to
                                          the client's preferences rather
                                          than ours                         */
 #endif