Fix spurious -Wstringop-overflow with GCC 11.1

A previous fix in d596ca8a1e worked with
beta versions of GCC 11, but not with the final 11.1 release.

This time, just disable the warning locally.

Fix #4130

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/ssl_tls.c

@@ -3265,8 +3265,6 @@ static void ssl_calc_finished_tls_sha256(
 
 #if defined(MBEDTLS_SHA512_C)
 
-typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char*);
-
 static void ssl_calc_finished_tls_sha384(
                 mbedtls_ssl_context *ssl, unsigned char *buf, int from )
 {
@@ -3325,13 +3323,19 @@ static void ssl_calc_finished_tls_sha384(
     MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
                    sha512.state, sizeof( sha512.state ) );
 #endif
-    /*
+    /* mbedtls_sha512_finish_ret's output parameter is declared as a
-     * For SHA-384, we can save 16 bytes by keeping padbuf 48 bytes long.
+     * 64-byte buffer, but sice we're using SHA-384, we know that the
-     * However, to avoid stringop-overflow warning in gcc, we have to cast
+     * output fits in 48 bytes. This is correct C, but GCC 11.1 warns
-     * mbedtls_sha512_finish_ret().
+     * about it.
      */
-    finish_sha384_t finish = (finish_sha384_t)mbedtls_sha512_finish_ret;
+#if defined(__GNUC__) && __GNUC__ >= 11
-    finish( &sha512, padbuf );
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wstringop-overflow"
+#endif
+    mbedtls_sha512_finish_ret( &sha512, padbuf );
+#if defined(__GNUC__) && __GNUC__ >= 11
+#pragma GCC diagnostic pop
+#endif
 
     mbedtls_sha512_free( &sha512 );
 #endif