From 79b513894a28718604f7cb531380bfea0354844f Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 11 Jun 2025 16:04:06 +0100 Subject: [PATCH 1/6] Add __attribute__ ((nonstring)) to remove unterminated-string-initialization warning Signed-off-by: Felix Conway --- library/ssl_tls13_keys.c | 3 ++- library/ssl_tls13_keys.h | 3 ++- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 3 ++- .../psasim/src/aut_psa_cipher_encrypt_decrypt.c | 3 ++- tests/suites/test_suite_ssl_decrypt.function | 3 ++- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index dbc703a6c1..51afb044cc 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -80,7 +80,8 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = * the HkdfLabel structure on success. */ -static const char tls13_label_prefix[6] = "tls13 "; +/* We need to tell the compiler that we meant to leave out the null character. */ +static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 "; #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ (2 /* expansion length */ \ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 14f6e4876c..f6d02b522a 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -40,8 +40,9 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) +/* We need to tell the compiler that we meant to leave out the null character. */ #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - const unsigned char name [sizeof(string) - 1]; + const unsigned char name [sizeof(string) - 1] __attribute__ ((nonstring)); union mbedtls_ssl_tls13_labels_union { MBEDTLS_SSL_TLS1_3_LABEL_LIST diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index ca090ccc66..83cd3c00dd 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -25,7 +25,8 @@ int psa_aead_encrypt_decrypt_main(void) uint8_t encrypt[BUFFER_SIZE] = { 0 }; uint8_t decrypt[BUFFER_SIZE] = { 0 }; const uint8_t plaintext[] = "Hello World!"; - const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + /* We need to tell the compiler that we meant to leave out the null character. */ + const uint8_t key_bytes[32] __attribute__ ((nonstring)) = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)]; size_t nonce_length = sizeof(nonce); size_t ciphertext_length; diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c index a923feb618..22d0bfb0f0 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c @@ -25,7 +25,8 @@ int psa_cipher_encrypt_decrypt_main(void) uint8_t original[BUFFER_SIZE] = { 0 }; uint8_t encrypt[BUFFER_SIZE] = { 0 }; uint8_t decrypt[BUFFER_SIZE] = { 0 }; - const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + /* We need to tell the compiler that we meant to leave out the null character. */ + const uint8_t key_bytes[32] __attribute__ ((nonstring)) = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; size_t encrypted_length; size_t decrypted_length; diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function index 909e6cfa44..72824163a5 100644 --- a/tests/suites/test_suite_ssl_decrypt.function +++ b/tests/suites/test_suite_ssl_decrypt.function @@ -37,7 +37,8 @@ void ssl_decrypt_null(int hash_id) mbedtls_ssl_write_version(rec_good.ver, MBEDTLS_SSL_TRANSPORT_STREAM, version); - const char sample_plaintext[3] = "ABC"; + /* We need to tell the compiler that we meant to leave out the null character. */ + const char sample_plaintext[3] __attribute__ ((nonstring)) = "ABC"; mbedtls_ssl_context ssl; mbedtls_ssl_init(&ssl); uint8_t *buf = NULL; From 5b84ae14e9f09aae0597d1ab5bd3ed356159f9ba Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 12 Jun 2025 11:28:56 +0100 Subject: [PATCH 2/6] Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING This macro applies __attribute__((nonstring)) when using a compiler that supports it Signed-off-by: Felix Conway --- library/ssl_tls13_keys.c | 2 +- library/ssl_tls13_keys.h | 2 +- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 3 ++- .../psasim/src/aut_psa_cipher_encrypt_decrypt.c | 3 ++- tests/suites/test_suite_ssl_decrypt.function | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 51afb044cc..865e02c2dc 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -81,7 +81,7 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = */ /* We need to tell the compiler that we meant to leave out the null character. */ -static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 "; +static const char tls13_label_prefix[6] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "tls13 "; #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ (2 /* expansion length */ \ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index f6d02b522a..1509e9a4d4 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -42,7 +42,7 @@ /* We need to tell the compiler that we meant to leave out the null character. */ #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - const unsigned char name [sizeof(string) - 1] __attribute__ ((nonstring)); + const unsigned char name [sizeof(string) - 1] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING; union mbedtls_ssl_tls13_labels_union { MBEDTLS_SSL_TLS1_3_LABEL_LIST diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index 83cd3c00dd..313397bbcd 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -26,7 +26,8 @@ int psa_aead_encrypt_decrypt_main(void) uint8_t decrypt[BUFFER_SIZE] = { 0 }; const uint8_t plaintext[] = "Hello World!"; /* We need to tell the compiler that we meant to leave out the null character. */ - const uint8_t key_bytes[32] __attribute__ ((nonstring)) = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)]; size_t nonce_length = sizeof(nonce); size_t ciphertext_length; diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c index 22d0bfb0f0..30b6982e04 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c @@ -26,7 +26,8 @@ int psa_cipher_encrypt_decrypt_main(void) uint8_t encrypt[BUFFER_SIZE] = { 0 }; uint8_t decrypt[BUFFER_SIZE] = { 0 }; /* We need to tell the compiler that we meant to leave out the null character. */ - const uint8_t key_bytes[32] __attribute__ ((nonstring)) = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; size_t encrypted_length; size_t decrypted_length; diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function index 72824163a5..37265def88 100644 --- a/tests/suites/test_suite_ssl_decrypt.function +++ b/tests/suites/test_suite_ssl_decrypt.function @@ -38,7 +38,7 @@ void ssl_decrypt_null(int hash_id) MBEDTLS_SSL_TRANSPORT_STREAM, version); /* We need to tell the compiler that we meant to leave out the null character. */ - const char sample_plaintext[3] __attribute__ ((nonstring)) = "ABC"; + const char sample_plaintext[3] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "ABC"; mbedtls_ssl_context ssl; mbedtls_ssl_init(&ssl); uint8_t *buf = NULL; From b9891f1fd2eb3238fc852cb52c9054c7937e51e1 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Fri, 13 Jun 2025 09:36:28 +0100 Subject: [PATCH 3/6] Add changelog Signed-off-by: Felix Conway --- ChangeLog.d/unterminated-string-initialization.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/unterminated-string-initialization.txt diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt new file mode 100644 index 0000000000..75a72cae6b --- /dev/null +++ b/ChangeLog.d/unterminated-string-initialization.txt @@ -0,0 +1,3 @@ +Bugfix + * Silence spurious -Wunterminated-string-initialization warnings introduced + by GCC 15. Fixes #9944. From cfbee27b45d81f784b12fce96888a0b6ae52b4f4 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Sat, 14 Jun 2025 22:13:35 +0100 Subject: [PATCH 4/6] Add include so psasim files can find new macro Signed-off-by: Felix Conway --- .../psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c | 1 + .../psasim/src/aut_psa_cipher_encrypt_decrypt.c | 1 + 2 files changed, 2 insertions(+) diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index 313397bbcd..a8b57c2efb 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -4,6 +4,7 @@ */ #include "psa/crypto.h" +#include "../tf-psa-crypto/core/common.h" #include #include #include diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c index 30b6982e04..25c0b8a61e 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c @@ -4,6 +4,7 @@ */ #include "psa/crypto.h" +#include "../tf-psa-crypto/core/common.h" #include #include #include From 69f570643174ecab710b81f713cfd792d3a21d4a Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Thu, 19 Jun 2025 08:55:15 +0100 Subject: [PATCH 5/6] Add explanatory comment above #include "../tf-psa-crypto/core/common.h" Signed-off-by: Ari Weiler-Ofek --- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index a8b57c2efb..17219938b8 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -4,6 +4,22 @@ */ #include "psa/crypto.h" +/* + * Temporary hack: psasim’s Makefile only does: + * -Itests/psa-client-server/psasim/include + * -I$(MBEDTLS_ROOT_PATH)/include + * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include + * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include + * + * None of those cover tf-psa-crypto/core, so we rely on the + * “-I$(MBEDTLS_ROOT_PATH)/include” entry plus a parent-relative + * include "../tf-psa-crypto/core/common.h" in order to pull in common.h here, + * which in turn gets MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING (to silence the + * new GCC-15 unterminated-string-initialization warning). + * + * See GitHub issue #10223 for the proper long-term fix. + * https://github.com/Mbed-TLS/mbedtls/issues/10223 + */ #include "../tf-psa-crypto/core/common.h" #include #include From 78b0521449ed6efda145028574a29096786ea412 Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Thu, 19 Jun 2025 18:23:32 +0100 Subject: [PATCH 6/6] Remove trailing whitespace Signed-off-by: Ari Weiler-Ofek --- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index 17219938b8..71173d2b52 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -6,17 +6,15 @@ #include "psa/crypto.h" /* * Temporary hack: psasim’s Makefile only does: - * -Itests/psa-client-server/psasim/include - * -I$(MBEDTLS_ROOT_PATH)/include - * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include - * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include - * + * -Itests/psa-client-server/psasim/include + * -I$(MBEDTLS_ROOT_PATH)/include + * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include + * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include * None of those cover tf-psa-crypto/core, so we rely on the * “-I$(MBEDTLS_ROOT_PATH)/include” entry plus a parent-relative * include "../tf-psa-crypto/core/common.h" in order to pull in common.h here, * which in turn gets MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING (to silence the * new GCC-15 unterminated-string-initialization warning). - * * See GitHub issue #10223 for the proper long-term fix. * https://github.com/Mbed-TLS/mbedtls/issues/10223 */