Merge pull request #10240 from valeriosetti/prereq-for-psa298
library: Makefile: use wildcard to select sources for crypto library
diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt
new file mode 100644
index 0000000..75a72ca
--- /dev/null
+++ b/ChangeLog.d/unterminated-string-initialization.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Silence spurious -Wunterminated-string-initialization warnings introduced
+ by GCC 15. Fixes #9944.
diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h
index 3fec3d0..dd304c1 100644
--- a/configs/crypto-config-suite-b.h
+++ b/configs/crypto-config-suite-b.h
@@ -49,7 +49,6 @@
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
-#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h
index f71b1f0..18206e1 100644
--- a/configs/crypto-config-thread.h
+++ b/configs/crypto-config-thread.h
@@ -58,7 +58,6 @@
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_MD_C
-#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index dbc703a..865e02c 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -80,7 +80,8 @@
* the HkdfLabel structure on success.
*/
-static const char tls13_label_prefix[6] = "tls13 ";
+/* We need to tell the compiler that we meant to leave out the null character. */
+static const char tls13_label_prefix[6] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "tls13 ";
#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \
(2 /* expansion length */ \
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 14f6e48..1509e9a 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -40,8 +40,9 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+/* We need to tell the compiler that we meant to leave out the null character. */
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
- const unsigned char name [sizeof(string) - 1];
+ const unsigned char name [sizeof(string) - 1] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING;
union mbedtls_ssl_tls13_labels_union {
MBEDTLS_SSL_TLS1_3_LABEL_LIST
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index f1ed511..4d329f2 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -7,7 +7,7 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/platform.h"
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 92d9660..1598986 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -7,7 +7,7 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/platform.h"
/* md.h is included this early since MD_CAN_XXX macros are defined there. */
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 8ae612b..d9e3bf1 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -7,7 +7,7 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/platform.h"
/* md.h is included this early since MD_CAN_XXX macros are defined there. */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index a5e06fb..94333ae 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -7,7 +7,7 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/platform.h"
/* md.h is included this early since MD_CAN_XXX macros are defined there. */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 2bb140f..19f92af 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -7,7 +7,7 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/platform.h"
/* md.h is included this early since MD_CAN_XXX macros are defined there. */
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 089f8a6..9497084 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -2,20 +2,16 @@
${mbedtls_target}
)
-set(executables_libs
+set(executables
metatest
query_compile_time_config
query_included_headers
selftest
udp_proxy
-)
-add_dependencies(${programs_target} ${executables_libs})
-add_dependencies(${ssl_opt_target} udp_proxy)
-
-set(executables_mbedcrypto
zeroize
)
-add_dependencies(${programs_target} ${executables_mbedcrypto})
+add_dependencies(${programs_target} ${executables})
+add_dependencies(${ssl_opt_target} udp_proxy)
add_dependencies(${ssl_opt_target} query_compile_time_config)
if(TEST_CPP)
@@ -74,7 +70,7 @@
link_to_source(query_config.c)
endif()
-foreach(exe IN LISTS executables_libs executables_mbedcrypto)
+foreach(exe IN LISTS executables)
set(source ${exe}.c)
set(extra_sources "")
if(NOT EXISTS ${source} AND
@@ -102,16 +98,9 @@
# Request C11, required for memory poisoning
set_target_properties(${exe} PROPERTIES C_STANDARD 11)
-
- # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3
- list(FIND executables_libs ${exe} exe_index)
- if (${exe_index} GREATER -1)
- target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
- else()
- target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- endif()
+ target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
endforeach()
-install(TARGETS ${executables_libs} ${executables_mbedcrypto}
+install(TARGETS ${executables}
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt
index 85270bc..287a0c3 100644
--- a/programs/test/cmake_package/CMakeLists.txt
+++ b/programs/test/cmake_package/CMakeLists.txt
@@ -35,4 +35,4 @@
add_executable(cmake_package cmake_package.c)
target_link_libraries(cmake_package
- MbedTLS::tfpsacrypto MbedTLS::mbedtls MbedTLS::mbedx509)
+ MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto)
diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt
index f10109e..0d7dbe4 100644
--- a/programs/test/cmake_package_install/CMakeLists.txt
+++ b/programs/test/cmake_package_install/CMakeLists.txt
@@ -38,4 +38,4 @@
add_executable(cmake_package_install cmake_package_install.c)
target_link_libraries(cmake_package_install
- MbedTLS::tfpsacrypto MbedTLS::mbedtls MbedTLS::mbedx509)
+ MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto)
diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt
index 7acdcc3..5bd0c87 100644
--- a/programs/test/cmake_subproject/CMakeLists.txt
+++ b/programs/test/cmake_subproject/CMakeLists.txt
@@ -14,9 +14,9 @@
# Link against all the Mbed TLS libraries. Verifies that the targets have been
# created using the specified prefix
set(libs
- subproject_test_tfpsacrypto
- subproject_test_mbedx509
subproject_test_mbedtls
+ subproject_test_mbedx509
+ subproject_test_tfpsacrypto
)
add_executable(cmake_subproject cmake_subproject.c)
diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt
index c1b6b75..fb3ba18 100644
--- a/programs/util/CMakeLists.txt
+++ b/programs/util/CMakeLists.txt
@@ -1,6 +1,6 @@
set(libs
- ${tfpsacrypto_target}
${mbedx509_target}
+ ${tfpsacrypto_target}
)
set(executables
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index f4154e3..977047a 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -38,7 +38,7 @@
my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM
CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES
ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5
- NET OID PBKDF2 PLATFORM POLY1305 RIPEMD160
+ NET PBKDF2 PLATFORM POLY1305 RIPEMD160
SHA1 SHA256 SHA512 SHA3 THREADING );
my @high_level_modules = qw( CIPHER ECP MD
PEM PK PKCS12 PKCS5
diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c
index ca090cc..71173d2 100644
--- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c
+++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c
@@ -4,6 +4,21 @@
*/
#include "psa/crypto.h"
+/*
+ * Temporary hack: psasim’s Makefile only does:
+ * -Itests/psa-client-server/psasim/include
+ * -I$(MBEDTLS_ROOT_PATH)/include
+ * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include
+ * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include
+ * None of those cover tf-psa-crypto/core, so we rely on the
+ * “-I$(MBEDTLS_ROOT_PATH)/include” entry plus a parent-relative
+ * include "../tf-psa-crypto/core/common.h" in order to pull in common.h here,
+ * which in turn gets MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING (to silence the
+ * new GCC-15 unterminated-string-initialization warning).
+ * See GitHub issue #10223 for the proper long-term fix.
+ * https://github.com/Mbed-TLS/mbedtls/issues/10223
+ */
+#include "../tf-psa-crypto/core/common.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
@@ -25,7 +40,9 @@
uint8_t encrypt[BUFFER_SIZE] = { 0 };
uint8_t decrypt[BUFFER_SIZE] = { 0 };
const uint8_t plaintext[] = "Hello World!";
- const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+ /* We need to tell the compiler that we meant to leave out the null character. */
+ const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING =
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)];
size_t nonce_length = sizeof(nonce);
size_t ciphertext_length;
diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c
index a923feb..25c0b8a 100644
--- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c
+++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c
@@ -4,6 +4,7 @@
*/
#include "psa/crypto.h"
+#include "../tf-psa-crypto/core/common.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
@@ -25,7 +26,9 @@
uint8_t original[BUFFER_SIZE] = { 0 };
uint8_t encrypt[BUFFER_SIZE] = { 0 };
uint8_t decrypt[BUFFER_SIZE] = { 0 };
- const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+ /* We need to tell the compiler that we meant to leave out the null character. */
+ const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING =
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
size_t encrypted_length;
size_t decrypted_length;
diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function
index 909e6cf..37265de 100644
--- a/tests/suites/test_suite_ssl_decrypt.function
+++ b/tests/suites/test_suite_ssl_decrypt.function
@@ -37,7 +37,8 @@
mbedtls_ssl_write_version(rec_good.ver,
MBEDTLS_SSL_TRANSPORT_STREAM,
version);
- const char sample_plaintext[3] = "ABC";
+ /* We need to tell the compiler that we meant to leave out the null character. */
+ const char sample_plaintext[3] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "ABC";
mbedtls_ssl_context ssl;
mbedtls_ssl_init(&ssl);
uint8_t *buf = NULL;
diff --git a/tf-psa-crypto b/tf-psa-crypto
index 1a7ceaf..eb77caa 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 1a7ceaf8e28e6b2a48f3743ce706a339dabeb509
+Subproject commit eb77caabba98c415fe68d2440779b9f9aec6b2a4