mbedtls Backport 3.6: Document check-config.h and *adjust*.h as internal headers

Backport 3.6: Document check-config.h and adjust.h as internal headers

Open gilles-peskine-arm opened this issue 9 months ago • 0 comments

It's technically possible to #include those headers, so users are doing it, and then complaining about the consequences. Resolve #9147.

Including *adjust* directly, as several projects have done, may lead to inconsistencies in buffer size calculations, which could result in buffer overflows. Since this is dangerous, deliberately break the build. Note: I've added this in the backport. If approved, it'll need to be forward-ported back to the development PR.

PR checklist

[x] changelog provided
[x] 3.6 backport of https://github.com/Mbed-TLS/mbedtls/pull/9061
[x] 2.28 backport N/A
[x] tests manually for the new compile-time error conditions

May 16 '24 13:05 gilles-peskine-arm

mbedtls mbedtls copied to clipboard

Backport 3.6: Document check-config.h and *adjust*.h as internal headers

PR checklist

mbedtls
mbedtls copied to clipboard

Backport 3.6: Document check-config.h and adjust.h as internal headers