commit e5507d5f20354d24e03ff94864da610860f3912c
author Gilles Peskine <Gilles.Peskine@arm.com> Sun Jun 25 21:41:58 2023 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Jul 26 17:22:04 2023 +0200
tree 34622ba2d097ba27783caf9b53e35c0b6335c091
parent b98d39ce2ab2c5db0e1208177367c86dca38f459

Fix empty union when TLS is disabled

When all TLS 1.2 support is disabled, union mbedtls_ssl_premaster_secret was
empty, which is not valid C even if the union is never used. Fixes #6628.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

ChangeLog.d/ssl_premaster_secret-empty.txt

diff --git a/ChangeLog.d/ssl_premaster_secret-empty.txt b/ChangeLog.d/ssl_premaster_secret-empty.txt
new file mode 100644
index 0000000..0ce5f36
--- /dev/null
+++ b/ChangeLog.d/ssl_premaster_secret-empty.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Fix a compilation error on some platforms when including mbedtls/ssl.h
+     with all TLS support disabled. Fixes #6628.

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index e07da11..cc9a270 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -494,6 +494,7 @@
 
 /* Dummy type used only for its size */
 union mbedtls_ssl_premaster_secret {
+    unsigned char dummy; /* Make the union non-empty even with SSL disabled */
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
     unsigned char _pms_rsa[48];                         /* RFC 5246 8.1.1 */
 #endif