Hi Hugues,
Yes, that is what I meant by SO version; I am happy that it was helpful!
We would like to make a new LTS branch soon (in a couple of months). At the moment, we are still working towards PSA Crypto 1.0.0 compliance and although the differences are minor, it is really hard
to tell when we will have PSA Crypto 1.0.1. There are minor discrepancies and some missing functionality and overall Mbed TLS is reasonably close to PSA Crypto 1.0.0 compliance. It would be nice to have PSA Crypto 1.0.0 compliance for the next LTS version
and it is imaginable that we will, but as far as I know we don’t consider it as a hard requirement.
Kind regards,
Janos
From:
Hugues De Valon <Hugues.DeValon@arm.com>
Date: Thursday, 15 July 2021 at 12:12
To: Janos Follath <Janos.Follath@arm.com>, mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: RE: Question about dynamic linking, versioning and API/ABI stability
Hi Janos,
Thanks for the answer.
By the “SO version”, do you mean the X number which is at the end of libmbedcrypto.so.X? I did not know that, that’s helpful!
Concerning Mbed Crypto specifically, do you know when a LTS version will contain it? Will it be the same version which is completely compliant with PSA Crypto 1.0.1?
For our dynamic linking use-case, it seems that it would be better to wait for that moment.
Kind regards,
Hugues
From: Janos Follath <Janos.Follath@arm.com>
Sent: 15 July 2021 08:33
To: Hugues De Valon <Hugues.DeValon@arm.com>; mbed-tls@lists.trustedfirmware.org
Subject: Re: Question about dynamic linking, versioning and API/ABI stability
Hi,
Semantic versioning applies only to API compatibility but not for ABI. When we break the ABI we increase the SO version for that part of the library and this is how linux distributions normally track
our ABI compatibility. Additionally, we try very hard not to break ABI at all in LTS versions.
You can find a detailed description what Mbed TLS promises regarding API/ABI compatibility:
https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md
Kind regards,
Janos
From:
mbed-tls <mbed-tls-bounces@lists.trustedfirmware.org>
on behalf of Hugues De Valon via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Date: Wednesday, 14 July 2021 at 17:09
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] Question about dynamic linking, versioning and API/ABI stability
Hello,
We are using Mbed Crypto in our Parsec project through the psa-crypto Rust crate (https://github.com/parallaxsecond/rust-psa-crypto). We currently have Mbed Crypto through Mbed TLS 2.25.0 which we build statically from scratch by default.
We also offer the option to dynamically link with an Mbed Crypto library available on the system. Ideally, this would offer an easy and simple way to patch bug fixes without having to recompile everything.
However, as we observed API (and probably ABI) breaking changes over the past versions of Mbed TLS we were wondering if this (dynamic linking) was a model we should promote at all.
Is there a semantic versioning process currently applied in Mbed TLS? If we use Mbed TLS 3.0.0 in our crate, can we be sure than 3.x.y versions won’t contain any API/ABI breaking changes or is there nothing of the sort?
I believe that Mbed Crypto is catching up to be fully compliant with PSA Crypto 1.0.1. Once that will be the case, will its API/ABI be stable and follow the PSA Crypto semantic versioning?
It might be that the good solution is that we shouldn’t dynamically link with Mbed Crypto but always compile it from scratch as we do by default. I am just sending this email so that we follow the good approach!
Kind regards,
Hugues