Backport 1.1: IAR build fixes after 1.1.0#708
Open
gilles-peskine-arm wants to merge 12 commits intoMbed-TLS:tf-psa-crypto-1.1from
Open
Backport 1.1: IAR build fixes after 1.1.0#708gilles-peskine-arm wants to merge 12 commits intoMbed-TLS:tf-psa-crypto-1.1from
gilles-peskine-arm wants to merge 12 commits intoMbed-TLS:tf-psa-crypto-1.1from
Conversation
gilles-peskine-arm
added
size-s
github-project-automation
Bot
moved this to In Development
in Roadmap pull requests (new board)
This was referenced Mar 11, 2026
There was a problem hiding this comment.
Pull request overview
Fixes IAR build issues/regressions in the library and unit tests (notably IAR-specific deprecation warnings and diagnostics).
Changes:
- Adds IAR-specific configuration and diagnostic suppressions to unblock compilation of library and test code.
- Updates unit tests to avoid constructs that trigger IAR warnings/errors (e.g.,
TEST_ASSERT(!"msg")→TEST_FAIL("msg")). - Adjusts platform/header behavior around C11 Annex K and zeroization functions; updates framework submodule.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/suites/test_suite_rsa.function | Simplifies a test callsite argument (always NULL). |
| tests/suites/test_suite_psa_crypto_pake.function | Replaces assertion idiom with explicit test failure to satisfy IAR. |
| tests/suites/test_suite_psa_crypto.function | Same as above for PSA crypto suite variant. |
| tests/suites/test_suite_alignment.function | Removes unused local buffer initialization from alignment test. |
| tests/suites/main_test.function | Adds IAR DLIB config and suppresses specific IAR diagnostics in test runner TU. |
| tests/suites/host_test.function | Changes integer parsing validation for IAR compatibility. |
| platform/platform_util.c | Enables memset_s path even under IAR. |
| framework | Updates framework submodule pointer. |
| drivers/builtin/src/psa_crypto_cipher.c | Suppresses IAR goto/initialization diagnostic in cipher module TU. |
| drivers/builtin/src/bignum.c | Suppresses IAR goto/initialization diagnostic in bignum module TU. |
| drivers/builtin/src/aes.c | Fixes logic for selecting AES implementation return value under hardware-only builds. |
| core/tf_psa_crypto_platform_requirements.h | Documents IAR Annex K side-effect on deprecations. |
| core/tf_psa_crypto_common.h | Adds IAR-specific workaround redefining __DEPREC after enabling Annex K. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
41
to
45
| long value = strtol(str, &end, 0); | ||
| if (errno == EINVAL || *end != '\0') { | ||
| if (*end != '\0' || end == str) { | ||
| mbedtls_fprintf(stderr, | ||
| "Expected integer for parameter and got: %s\n", str); | ||
| return KEY_VALUE_MAPPING_NOT_FOUND; |
There was a problem hiding this comment.
strtol() errors aren’t fully handled here: overflow/underflow sets errno = ERANGE and returns a clamped value, which would currently be accepted and can yield incorrect test parameter values. Consider setting errno = 0 before calling strtol() and rejecting inputs when errno == ERANGE (in addition to the existing end == str / trailing characters checks).
Comment on lines
+64
to
+80
| #if defined(__IAR_SYSTEMS_ICC__) | ||
| /* Suppress a very overeager warning from IAR: it dislikes a forward goto | ||
| * that bypasses the initialization of a variable, even if that variable | ||
| * is not used after the jump. (This is perfectly valid C; it would only | ||
| * be invalid C if jumping into a block from outside that block.) | ||
| */ | ||
| #pragma diag_suppress=Pe546 // transfer of control bypasses initialization | ||
|
|
||
| /* Temporarily suppress a perfectly reasonable warning from IAR that | ||
| * comes up very often in our unit tests: silent conversion of int to | ||
| * an enum type. | ||
| * | ||
| * Remove this when https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/707 | ||
| * is fixed. | ||
| */ | ||
| #pragma diag_suppress=Pe188 // enumerated type mixed with another type | ||
| #endif |
There was a problem hiding this comment.
These diagnostic suppressions apply to the remainder of the translation unit and are not restored, which can mask unrelated warnings and make future debugging harder. Consider scoping them (e.g., using IAR’s diagnostic push/pop if available, or restoring with #pragma diag_default=Pe546 / #pragma diag_default=Pe188 after the affected section) so only the intended code patterns are covered.
Comment on lines
+48
to
+51
| #include <stddef.h> | ||
| #undef __DEPREC | ||
| #define __DEPREC | ||
| #endif |
There was a problem hiding this comment.
Redefining a toolchain/system macro like __DEPREC in a widely-included header can leak into downstream includes and alter how unrelated headers declare deprecations (effectively disabling deprecation annotations beyond this library). A more contained approach would be to localize this workaround to implementation files, or to bracket only the specific system header inclusions that trigger the unwanted deprecations (and then restore the original macro), or to prefer a compiler pragma/warning-control mechanism where possible.
| #if defined(__IAR_SYSTEMS_ICC__) | ||
| /* In IAR (at least IAR 9.40 for Arm), enabling the C11 annex K functions | ||
| * (memset_s(), memcpy_s(), ...) with `#define __STDC_WANT_LIB_EXT1__ 1` | ||
| * causes the non-s functions to be declared as deprecatd. We want some |
There was a problem hiding this comment.
Corrected spelling of 'deprecatd' to 'deprecated'.
Suggested change
| * causes the non-s functions to be declared as deprecatd. We want some | |
| * causes the non-s functions to be declared as deprecated. We want some |
mpg
added
needs-work
and removed
needs-preceding-pr
gilles-peskine-arm
changed the title
gilles-peskine-arm
force-pushed
the
iar-1.1.0
branch
from
924231e to
d8d303b
Compare
gilles-peskine-arm
added
needs-preceding-pr
6 tasks
gilles-peskine-arm
force-pushed
the
iar-1.1.0
branch
from
d8d303b to
2764aa5
Compare
gilles-peskine-arm
added
needs-review
GCC is ok with it but IAR frowns. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We enable `__STDC_WANT_LIB_EXT1__` because we want some C11 Annex K functions (`memset_s()` and `gmtime_s()`). This causes IAR 9.40 (and likely other versions) to deprecate every function that has an annex K equivalent, which we don't want. Hack around the deprecation warning. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We had previously disabled the use of `memset_s` on IAR in Mbed-TLS/mbedtls#7950 because it wasn't found when building. But I believe the problem was not that IAR doesn't provide `memset_s`: as far as I can tell, IAR added C11 support in version 8, including Annex K. Rather, the problem was that at the time, we defined `__STDC_WANT_LIB_EXT1__` too late, after some system headers were already included, which made it ineffective. This ordering problem is fixed now, so do use `memset_s` when it's supposed to be available. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
IAR emits Pe546 a "transfer of control bypasses initialization" diagnostic in many cases that are perfectly valid and idiomatic C. Disable that warning in places where IAR complains. This includes a lot of test suites. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Standard C doesn't have `EINVAL`. Check for invalid inputs in a portable way. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Temporarily suppress a perfectly reasonable warning from IAR that comes up very often in our unit tests: silent conversion of int to an enum type. Improvement tracked as Mbed-TLS#707 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If `NULL` is an integer constant expression with the value 0 (which C allows), the expression `prng ? NULL : NULL` is not an integer constant expression so it is not a null pointer constant, and thus it is not a pointer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This gets rid of a warning from IAR. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Even without CI validation, we can promise that we've made the situation better, and an IAR warning has been reported in Mbed-TLS/mbedtls#10648 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
force-pushed
the
iar-1.1.0
branch
from
2764aa5 to
4ecafcf
Compare
gilles-peskine-arm
changed the base branch from
development
to
tf-psa-crypto-1.1
gilles-peskine-arm
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix the build of the library and the unit tests with IAR.
This is the 1.1 version. I'll do the development version once the 1.1 version is approved or close to being appoved, since development is a moving target and there's already one more warning (in the new MLDSA code) now.
The build was already broken in 1.0.0, but #694 made it worse by adding deprecation warnings on the use of many standard library functions.
Needs preceding PR: submodule update, although this is only needed to actually fix the IAR build, not to pass our CI.
Needs preceding PR:
PR checklist