Hi all,
In this new installment of "let's discuss ideas for Mbed TLS 3.0" [1]:
should we remove memory_buffer_alloc.c from the code base?
[1]: https://developer.trustedfirmware.org/w/mbed-tls/tech-plans-3.0/
Currently the crypto library includes a module called memory_buffer_alloc.c,
disabled in the default build (config.h option MBEDTLS_MEMORY_BUFFER_ALLOC_C),
which provides implementations of calloc() and free() based on a user-provided
buffer (which could be static or on the stack), suitable for use in the rest
of the crypto, X.509 and TLS libraries as replacements to the standard
functions.
In addition to providing replacement calloc() and free(), the module also
offers some facilities for measurement and debugging.
We're considering dropping this module and removing it from the code base
entirely for the following reasons:
- Memory allocators are not our core area of expertise.
- This allocator is pretty basic and has a large allocation overhead. For
example for ECC computations, the overhead can be as large as the actual
memory used.
- Using this allocator also tends to slow things down, so we don't run many
tests with it enabled.
- In the future when we split between PSA Crypto on one side and Mbed TLS and
X.509 on the other, it's unclear on which side this allocator should fall.
Which can be taken as a sign that it doesn't really belong here.
On the other hand, we're hesitating for the following reasons:
- We know from bug reports and questions that some people are using it.
- Unlike other modules we'd like to drop, there isn't a strong security
incentive to dropping this allocator, it's merely a matter of how we spend
our maintenance resources.
What do you think? Should we keep maintaining this allocator as part of Mbed
TLS? Should we drop it and focus on our core instead? If you're using this
allocator, why did you pick it over other alternatives?
Regards,
Manuel.
--
mbed-tls mailing list
mbed-tls@lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls