From f13cd90762247661f9bd508303d830055e135ec0 Mon Sep 17 00:00:00 2001
From: Raymond Mao <raymond.mao@linaro.org>
Date: Mon, 3 Feb 2025 14:08:13 -0800
Subject: mbedtls: access mbedtls private members in mscode and pkcs7 parser

U-Boot requires to access x509_internal.h, mbedtls_sha256_context and
mbedtls_sha1_context in the porting layer, and this requires to
enable MBEDTLS_ALLOW_PRIVATE_ACCESS.

Enable it to mscode and pkcs7_parser to fix a mbedtls internal building
error when X509 is selected.

Moreover, Move it to a separate file to avoid enabling it in multiple
places.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
 lib/mbedtls/port/mbedtls_options.h | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 lib/mbedtls/port/mbedtls_options.h

(limited to 'lib/mbedtls/port/mbedtls_options.h')

diff --git a/lib/mbedtls/port/mbedtls_options.h b/lib/mbedtls/port/mbedtls_options.h
new file mode 100644
index 00000000000..885ed6990b6
--- /dev/null
+++ b/lib/mbedtls/port/mbedtls_options.h
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Internal build options for MbedTLS
+ *
+ * Copyright (c) 2025 Linaro Limited
+ * Author: Raymond Mao <raymond.mao@linaro.org>
+ */
+
+#ifndef _MBEDTLS_OPT_H
+#define _MBEDTLS_OPT_H
+
+/*
+ * FIXME:
+ * U-Boot/MbedTLS port requires to access a few of members which are defined
+ * as private in MbedTLS context.
+ * E.g: x509_internal.h, mbedtls_sha256_context and mbedtls_sha1_context.
+ * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external
+ * access, but directly including <external/mbedtls/library/common.h> is not
+ * allowed, since this will include <malloc.h> and break the sandbox test.
+ */
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
+#endif /* _MBEDTLS_OPT_H */
-- 
cgit v1.2.3