Hi Janos,

 

Thanks for the answer.

By the “SO version”, do you mean the X number which is at the end of libmbedcrypto.so.X? I did not know that, that’s helpful!

 

Concerning Mbed Crypto specifically, do you know when a LTS version will contain it? Will it be the same version which is completely compliant with PSA Crypto 1.0.1?

For our dynamic linking use-case, it seems that it would be better to wait for that moment.

 

Kind regards,

Hugues

 

From: Janos Follath <Janos.Follath@arm.com>
Sent: 15 July 2021 08:33
To: Hugues De Valon <Hugues.DeValon@arm.com>; mbed-tls@lists.trustedfirmware.org
Subject: Re: Question about dynamic linking, versioning and API/ABI stability

 

Hi,

 

Semantic versioning applies only to API compatibility but not for ABI. When we break the ABI we increase the SO version for that part of the library and this is how linux distributions normally track our ABI compatibility. Additionally, we try very hard not to break ABI at all in LTS versions.

 

You can find a detailed description what Mbed TLS promises regarding API/ABI compatibility:
https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md

 

Kind regards,

Janos

 

 

From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.org> on behalf of Hugues De Valon via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Date: Wednesday, 14 July 2021 at 17:09
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] Question about dynamic linking, versioning and API/ABI stability

Hello,

 

We are using Mbed Crypto in our Parsec project through the psa-crypto Rust crate (https://github.com/parallaxsecond/rust-psa-crypto). We currently have Mbed Crypto through Mbed TLS 2.25.0 which we build statically from scratch by default.

We also offer the option to dynamically link with an Mbed Crypto library available on the system. Ideally, this would offer an easy and simple way to patch bug fixes without having to recompile everything.

However, as we observed API (and probably ABI) breaking changes over the past versions of Mbed TLS we were wondering if this (dynamic linking) was a model we should promote at all.

Is there a semantic versioning process currently applied in Mbed TLS? If we use Mbed TLS 3.0.0 in our crate, can we be sure than 3.x.y versions won’t contain any API/ABI breaking changes or is there nothing of the sort?

 

I believe that Mbed Crypto is catching up to be fully compliant with PSA Crypto 1.0.1. Once that will be the case, will its API/ABI be stable and follow the PSA Crypto semantic versioning?

 

It might be that the good solution is that we shouldn’t dynamically link with Mbed Crypto but always compile it from scratch as we do by default. I am just sending this email so that we follow the good approach!

 

Kind regards,

Hugues