Backport 3.6: IAR build fixes after 3.6.6#10636
Open
gilles-peskine-arm wants to merge 11 commits into
Open
Conversation
gilles-peskine-arm
added
needs-ci
github-project-automation
Bot
moved this to In Development
in Roadmap pull requests (new board)
This was referenced Mar 11, 2026
There was a problem hiding this comment.
Pull request overview
Backports fixes to restore IAR (and related) build compatibility for the library and unit tests ahead of the 3.6.6 release.
Changes:
- Replace “intentional fail”
TEST_ASSERT(!"…")patterns withTEST_FAIL("…")in PAKE-related tests. - Add IAR-specific diagnostic suppressions and IAR DLIB configuration for unit test builds.
- Guard filesystem-only includes behind
MBEDTLS_FS_IOand apply small cleanups to avoid IAR warnings.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/suites/test_suite_rsa.function | Simplifies always-NULL RNG callback argument to avoid warning/noise. |
| tests/suites/test_suite_psa_crypto_pake.function | Uses TEST_FAIL() instead of always-false TEST_ASSERT() expressions. |
| tests/suites/test_suite_psa_crypto.function | Same TEST_FAIL() change for PAKE error-injection paths. |
| tests/suites/test_suite_pkcs7.function | Guards filesystem headers under MBEDTLS_FS_IO. |
| tests/suites/test_suite_ecdh.function | Fixes malformed comment. |
| tests/suites/test_suite_alignment.function | Removes unused local buffer initialization. |
| tests/suites/main_test.function | Adds IAR DLIB _DLIB_FILE_DESCRIPTOR and suppresses specific IAR diagnostics for tests. |
| tests/suites/host_test.function | Adjusts integer parsing validation condition for IAR compatibility. |
| tests/src/test_helpers/ssl_helpers.c | Adds IAR diagnostic suppression; reduces enum/int warning noise by casting once. |
| library/ssl_tls.c | Adds explicit cast to mbedtls_md_type_t to address enum/int diagnostics. |
| library/psa_crypto_cipher.c | Adds IAR diagnostic suppression for forward-goto warning. |
| library/bignum.c | Adds IAR diagnostic suppression for forward-goto warning. |
| framework | Updates subproject pointer to pick up framework-side changes. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
+42
to
45
| if (*end != '\0' || end == str) { | ||
| mbedtls_fprintf(stderr, | ||
| "Expected integer for parameter and got: %s\n", str); | ||
| return KEY_VALUE_MAPPING_NOT_FOUND; |
There was a problem hiding this comment.
strtol() overflow/underflow is not rejected anymore. If the input is out of range, strtol() typically sets errno = ERANGE and returns a clamped value, which would currently be treated as valid. Consider setting errno = 0 before strtol() and rejecting the parse when errno == ERANGE (in addition to the existing end == str / trailing characters checks). This keeps the “limit the range to long” behavior aligned with the comment above.
Comment on lines
+66
to
+82
| #if defined(__IAR_SYSTEMS_ICC__) | ||
| /* Suppress a very overeager warning from IAR: it dislikes a forward goto | ||
| * that bypasses the initialization of a variable, even if that variable | ||
| * is not used after the jump. (This is perfectly valid C; it would only | ||
| * be invalid C if jumping into a block from outside that block.) | ||
| */ | ||
| #pragma diag_suppress=Pe546 // transfer of control bypasses initialization | ||
|
|
||
| /* Temporarily suppress a perfectly reasonable warning from IAR that | ||
| * comes up very often in our unit tests: silent conversion of int to | ||
| * an enum type. | ||
| * | ||
| * Remove this when https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/707 | ||
| * is fixed. | ||
| */ | ||
| #pragma diag_suppress=Pe188 // enumerated type mixed with another type | ||
| #endif |
There was a problem hiding this comment.
These #pragma diag_suppress directives apply for the remainder of the translation unit, which can unintentionally mask new warnings in unrelated code. Prefer using IAR’s diagnostic push/pop (or restoring with #pragma diag_default=Pe546 / Pe188) to scope the suppression to just the minimal region that triggers it. Since the same suppression is also introduced in multiple source files in this PR, it may be worth centralizing the IAR-specific suppression in a shared header to reduce duplication and ensure consistent scoping.
mpg
added
needs-review
gilles-peskine-arm
changed the title
IAR emits Pe546 a "transfer of control bypasses initialization" diagnostic in many cases that are perfectly valid and idiomatic C. Disable that warning in places where IAR complains. This includes a lot of test suites. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Standard C doesn't have `EINVAL`. Check for invalid inputs in a portable way. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Temporarily suppress a perfectly reasonable warning from IAR that comes up very often in our unit tests: silent conversion of int to an enum type. Improvement tracked as Mbed-TLS/TF-PSA-Crypto#707 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If `NULL` is an integer constant expression with the value 0 (which C allows), the expression `prng ? NULL : NULL` is not an integer constant expression so it is not a null pointer constant, and thus it is not a pointer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This gets rid of a warning from IAR. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't try to include a Unix header when we don't need one. The tests will still fail to build if `MBEDTLS_FS_IO` is enabled and the platform has stdio but not Unix extensions. (This is also the case for some of our X.509 library code.) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Even without CI validation, we can promise that we've made the situation better, and an IAR warning has been reported in Mbed-TLS#10648 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
force-pushed
the
iar-3.6.6
branch
from
048ccab to
f5e1cb2
Compare
gilles-peskine-arm
removed
the
needs-reviewer
bjwtaylor
approved these changes
Mar 23, 2026
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix the build of the library and the unit tests with IAR. Fixes #10648.
The build was already broken in 3.6.5, it's not much worse now.
A backport of Mbed-TLS/TF-PSA-Crypto#707 and #10635. Not completely straightforward because there were some merge conflicts, some parts that don't apply to 3.6, and some extra parts (in separate commits) that only apply to 3.6.
PR checklist