Skip to content

IAR build fixes after 4.1.0 #10635

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gilles-peskine-arm wants to merge 4 commits into
base: development
Choose a base branch
from
Open

IAR build fixes after 4.1.0 #10635

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
a4fc46d
Silence some IAR warnings in SSL code
gilles-peskine-arm Mar 11, 2026
95edb2d
Fix the build on non-Unix platforms when MBEDTLS_FS_IO is disabled
gilles-peskine-arm Mar 11, 2026
90a56e0
Update submodules with TF-PSA-Crypto directory reorg and IAR build fixes
gilles-peskine-arm Mar 11, 2026
91350be
Add changelog entry
gilles-peskine-arm Mar 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions ChangeLog.d/iar-4.1.0.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Bugfix
* Fix some IAR warnings. Fixes #10648.
2 changes: 1 addition & 1 deletion framework
Open in desktop
Submodule framework updated 31 files
+1 −1 tests/include/test/arguments.h
+1 −1 tests/include/test/asn1_helpers.h
+1 −1 tests/include/test/bignum_codepath_check.h
+1 −1 tests/include/test/bignum_helpers.h
+24 −0 tests/include/test/build_info.h
+1 −1 tests/include/test/constant_flow.h
+1 −1 tests/include/test/fake_external_rng_for_test.h
+1 −1 tests/include/test/helpers.h
+1 −1 tests/include/test/macros.h
+1 −1 tests/include/test/memory.h
+1 −1 tests/include/test/pk_helpers.h
+1 −1 tests/include/test/psa_crypto_helpers.h
+1 −1 tests/include/test/psa_exercise_key.h
+1 −1 tests/include/test/psa_helpers.h
+1 −1 tests/include/test/psa_memory_poisoning_wrappers.h
+1 −1 tests/include/test/random.h
+1 −1 tests/include/test/threading_helpers.h
+1 −0 tests/src/asn1_helpers.c
+1 −0 tests/src/bignum_codepath_check.c
+2 −1 tests/src/bignum_helpers.c
+2 −0 tests/src/fake_external_rng_for_test.c
+2 −0 tests/src/helpers.c
+1 −0 tests/src/pk_helpers.c
+1 −0 tests/src/psa_crypto_helpers.c
+1 −0 tests/src/psa_crypto_stubs.c
+10 −0 tests/src/psa_exercise_key.c
+2 −0 tests/src/psa_memory_poisoning_wrappers.c
+1 −0 tests/src/random.c
+9 −7 tests/src/test_common.h
+1 −0 tests/src/test_memory.c
+1 −0 tests/src/threading_helpers.c
2 changes: 1 addition & 1 deletion library/ssl_tls.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8983,7 +8983,7 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,

int ciphersuite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(ssl);
const mbedtls_ssl_ciphersuite_t *ciphersuite = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
const mbedtls_md_type_t hash_alg = ciphersuite->mac;
const mbedtls_md_type_t hash_alg = (mbedtls_md_type_t) ciphersuite->mac;
Copy link

Copilot AI Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The explicit cast looks like it’s compensating for a type mismatch between ciphersuite->mac and mbedtls_md_type_t. Where practical, it’s better to address this at the source (e.g., ensure the mac field is typed as mbedtls_md_type_t, or introduce a clearly named conversion helper) so the codebase doesn’t accumulate casts that can obscure real type issues.

Copilot uses AI. Check for mistakes.

switch (mbedtls_ssl_get_version_number(ssl)) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Expand Down
23 changes: 17 additions & 6 deletions tests/src/test_helpers/ssl_helpers.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,15 @@

#include <limits.h>

#if defined(__IAR_SYSTEMS_ICC__)
/* Suppress a very overeager warning from IAR: it dislikes a forward goto
* that bypasses the initialization of a variable, even if that variable
* is not used after the jump. (This is perfectly valid C; it would only
* be invalid C if jumping into a block from outside that block.)
*/
#pragma diag_suppress=Pe546 // transfer of control bypasses initialization
#endif
Comment on lines +16 to +23
Copy link

Copilot AI Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This disables warning Pe546 for the remainder of the translation unit, which can mask real issues introduced later in the file. Prefer to scope the suppression as tightly as possible (e.g., use IAR’s diagnostic push/pop if available, or re-enable the diagnostic after the specific code section with the corresponding restore pragma).

Copilot uses AI. Check for mistakes.

#if defined(MBEDTLS_SSL_TLS_C)
int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len)
{
Expand Down Expand Up @@ -1358,16 +1367,18 @@ static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_

int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out,
int cipher_type, int hash_id,
int cipher_type_arg, int md_type_arg,
int etm, int tag_mode,
mbedtls_ssl_protocol_version tls_version,
size_t cid0_len,
size_t cid1_len)
{
mbedtls_md_type_t md_type = (mbedtls_md_type_t) md_type_arg;
mbedtls_cipher_type_t cipher_type = (mbedtls_cipher_type_t) cipher_type_arg;

Comment on lines +1370 to +1378
Copy link

Copilot AI Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Converting from int to enum types inside the function removes compile-time type checking and can hide invalid values flowing into the helper. If feasible within the test-helper API, consider changing the function parameters to mbedtls_cipher_type_t cipher_type and mbedtls_md_type_t md_type (and adjusting callers accordingly) so the compiler enforces correct usage without relying on casts.

Suggested change
int cipher_type_arg, int md_type_arg,
int etm, int tag_mode,
mbedtls_ssl_protocol_version tls_version,
size_t cid0_len,
size_t cid1_len)
{
mbedtls_md_type_t md_type = (mbedtls_md_type_t) md_type_arg;
mbedtls_cipher_type_t cipher_type = (mbedtls_cipher_type_t) cipher_type_arg;
mbedtls_cipher_type_t cipher_type,
mbedtls_md_type_t md_type,
int etm, int tag_mode,
mbedtls_ssl_protocol_version tls_version,
size_t cid0_len,
size_t cid1_len)
{

Copilot uses AI. Check for mistakes.
mbedtls_cipher_mode_t cipher_mode = MBEDTLS_MODE_NONE;
size_t key_bits = 0;
int ret = 0;

psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
Expand All @@ -1390,7 +1401,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */

maclen = 0;
mbedtls_test_ssl_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type,
mbedtls_test_ssl_cipher_info_from_type(cipher_type,
&cipher_mode, &key_bits, &ivlen);

/* Pick keys */
Expand All @@ -1407,15 +1418,15 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
if (cipher_mode == MBEDTLS_MODE_CBC ||
cipher_mode == MBEDTLS_MODE_STREAM) {
maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id);
maclen = mbedtls_md_get_size_from_type(md_type);
CHK(maclen != 0);
/* Pick hash keys */
CHK((md0 = mbedtls_calloc(1, maclen)) != NULL);
CHK((md1 = mbedtls_calloc(1, maclen)) != NULL);
memset(md0, 0x5, maclen);
memset(md1, 0x6, maclen);

alg = mbedtls_md_psa_alg_from_type(hash_id);
alg = mbedtls_md_psa_alg_from_type(md_type);

CHK(alg != 0);

Expand Down Expand Up @@ -1457,7 +1468,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
&t_out->psa_mac_dec) == PSA_SUCCESS);
}
#else
((void) hash_id);
(void) md_type;
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */


Expand Down
8 changes: 6 additions & 2 deletions tests/suites/test_suite_pkcs7.function
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,14 @@
#include "mbedtls/x509_crl.h"
#include "x509_internal.h"
#include "mbedtls/oid.h"
#include "sys/types.h"
#include "sys/stat.h"
#include "mbedtls/private/rsa.h"
#include "mbedtls/error.h"

#if defined(MBEDTLS_FS_IO)
#include "sys/types.h"
#include "sys/stat.h"
#endif

/* END_HEADER */

/* BEGIN_DEPENDENCIES
Expand Down
2 changes: 1 addition & 1 deletion tf-psa-crypto
Open in desktop
Submodule tf-psa-crypto updated 14 files
+2 −0 ChangeLog.d/iar-1.1.0.txt
+24 −0 core/tf_psa_crypto_common.h
+2 −0 core/tf_psa_crypto_platform_requirements.h
+3 −2 drivers/builtin/src/aes.c
+8 −1 drivers/builtin/src/bignum.c
+9 −0 drivers/builtin/src/psa_crypto_cipher.c
+1 −1 framework
+1 −1 platform/platform_util.c
+1 −1 tests/suites/host_test.function
+24 −1 tests/suites/main_test.function
+0 −6 tests/suites/test_suite_alignment.function
+12 −12 tests/suites/test_suite_psa_crypto.function
+12 −12 tests/suites/test_suite_psa_crypto_pake.function
+1 −1 tests/suites/test_suite_rsa.function