Fix empty union when TLS is disabled #7835
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When all TLS 1.2 support is disabled, union mbedtls_ssl_premaster_secret was empty, which is not valid C even if the union is never used. Fixes Mbed-TLS#6628. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
added
bug
component-tls
needs-ci
daverodgman
approved these changes
Jul 24, 2023
daverodgman
added
approved
3 tasks
|
A slightly better hack for typical configurations - no extra byte.
|
|
@irwir It's a union. There's an extra byte only if it would be empty otherwise, and that's the point. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When all TLS 1.2 support is disabled,
union mbedtls_ssl_premaster_secretwas empty, which is not valid C even if the union is never used. Fixes #6628.As this is a bit of an edge case and has a simple workaround (don't include
mbedtls/ssl.hif you aren't going to use it), I haven't gone through the effort of adding a test. If we think this really needs a test, I think we should use the following strategy: have a test program that includes all headers, which is built by a plainmake— this way we would test that all headers work correctly in all the configurations we test (including ones with no TLS, and ones with picky compilers). We already have such a test program, but it's a C++ program, which we don't build in most configurations. So the implementation of this test would be to changeprograms/test/generate_cpp_dummy_build.shto generate a header that includes all the library headers, and separate out the trivial C++ wrapping and make a similar C wrapping that is always built. Then make sure we pass-pedanticinCFLAGSinall.sh(otherwise gcc doesn't mind).Manual testing:
Before: “error: union has no members”; after: passes.
PR checklist
Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")
Notes for the submitter
Please refer to the contributing guidelines, especially the
checklist for PR contributors.