Review requested MBEDTLS_PRIVATE accessors.

[minosgalanakis]

Suggested enhancement

As specified in the MBed-TLS 3.X migration guide most structure fields are now private . Community can request the addition of private getter/setter functions for their use cases.

There has been a range of such requests #6151, #5441, #8456, #4383 , #7722 as well as some already planned as part of the transition work #5016, #5017

In some cases it may not be a straighforward ask e.g. #4383

The scope of this task is to collect all such requests under one design-review ticket and decide which one we will be implemented as part of the next relase, and which ones have special considerations.

Scope

The output of this issue is a collection of s-sized subtasks, for accepted getters/setters, appropriately linked with the others items in the epic, and reviewed and approved by members of the team.

[minosgalanakis]

Guidance

Please review as per your field of expertise the following table containing data which have been made private during the 2->3 transition.

This is a comprehensive list of things we have been planning or have been asked to add accessors to.

Comments will be used as a design review in order to design which ones we will be impementing at 3.6 LTS.

• ❓ = still in debate
• 👍 = we should add
• 👎 = we should not add
• ✔️ = already exists

Struct	Member	Getter	Setter	Links/Comments
mbedtls_ssl_session				#8456
	ciphersuite	👎	👎
	ciphersuite-> id	👍	👎
	master	❓	❓	There is a value to implement for fuzzer
	id_len, id	👍	👎
mbedtls_ssl_context				#8456
	handshake	👎	👎	The full sturture is internal, may add getters for specific field
	state	👎	👎	Will not add. We have introduced mbedtls_ssl_is_handshake_over and Allow per-context SNI callback(state) callback that is suffient for more use cases ref-> #4383
	in_window_top	👎	👎	No security concerns, but may change as an internal field. TODO: Ask users as to the use-case
	in_window	👎	👎	No security concerns, but may change as an internal field. TODO: Ask users as to the use-case
	cur_out_ctr	👎	👎	No security concerns, but may change as an internal field. TODO: Ask users as to the use-case
	session_negotiate	👎	👎	No security concerns, but may change as an internal field. TODO: Ask users as to the use-case
mbedtls_rsa_context			#5014
	len	✔️	👎
	N, P, Q, D, E	✔️	✔️
	DP, DQ, QP	✔️	👎
mbedtls_dhm_context			#5015
	len	✔️	👎
	P, Q	✔️	👎	We have methods to extract those members
mbedtls_ecp_keypair			#5441, #5017, #4838
	grp, D, Q	✔️	✔️	Utility functions have been added as of #7815. Group information can be created by calling ecp_group_load on the id exposed by the ecp_pair_get_id()
	grp->, group_id, group_pbits, group_nbits	✔️	👎	Many group fields are already public
mbedtls_ecp_point			#5441, #5017, #4838
	X, Y, Z	👎	👎	There is value as exposing the keypoint, as it is not represented in a usable by the appplication format.
mbedtls_ecdh_context			#5016
	grp, Q, Qp	👎	👎	There is no need to expose the group. If required the users can call ecp_group_load() on the exposed ID
	grp->, group_id, group_pbits, group_buts	👍	👎	Only need to expose the id
mbedtls_x509_crt			#6151
	ca_istrue	👍	✔️	mbedtls_x509write_crt_set_basic_constraints is already present

[mpg]

Thanks for collecting everything into a nice table! One point though: I don't think checkboxes are ideal here as unchecked could mean either "not reviewed yet" or "reviewed and decided against it". I suggest a tri-state Y / N / ? instead.