Hi,
Semantic versioning applies only to API compatibility but not for ABI. When we break the ABI we increase the SO version for that part of the library and this is how linux distributions normally track our ABI compatibility. Additionally, we try very hard not to break ABI at all in LTS versions.
You can find a detailed description what Mbed TLS promises regarding API/ABI compatibility: https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md
Kind regards, Janos
From: mbed-tls mbed-tls-bounces@lists.trustedfirmware.org on behalf of Hugues De Valon via mbed-tls mbed-tls@lists.trustedfirmware.org Date: Wednesday, 14 July 2021 at 17:09 To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] Question about dynamic linking, versioning and API/ABI stability Hello,
We are using Mbed Crypto in our Parsec project through the psa-crypto Rust crate (https://github.com/parallaxsecond/rust-psa-crypto). We currently have Mbed Crypto through Mbed TLS 2.25.0 which we build statically from scratch by default. We also offer the option to dynamically link with an Mbed Crypto library available on the system. Ideally, this would offer an easy and simple way to patch bug fixes without having to recompile everything. However, as we observed API (and probably ABI) breaking changes over the past versions of Mbed TLS we were wondering if this (dynamic linking) was a model we should promote at all. Is there a semantic versioning process currently applied in Mbed TLS? If we use Mbed TLS 3.0.0 in our crate, can we be sure than 3.x.y versions won’t contain any API/ABI breaking changes or is there nothing of the sort?
I believe that Mbed Crypto is catching up to be fully compliant with PSA Crypto 1.0.1. Once that will be the case, will its API/ABI be stable and follow the PSA Crypto semantic versioning?
It might be that the good solution is that we shouldn’t dynamically link with Mbed Crypto but always compile it from scratch as we do by default. I am just sending this email so that we follow the good approach!
Kind regards, Hugues
Hi Janos,
Thanks for the answer. By the "SO version", do you mean the X number which is at the end of libmbedcrypto.so.X? I did not know that, that's helpful!
Concerning Mbed Crypto specifically, do you know when a LTS version will contain it? Will it be the same version which is completely compliant with PSA Crypto 1.0.1? For our dynamic linking use-case, it seems that it would be better to wait for that moment.
Kind regards, Hugues
From: Janos Follath Janos.Follath@arm.com Sent: 15 July 2021 08:33 To: Hugues De Valon Hugues.DeValon@arm.com; mbed-tls@lists.trustedfirmware.org Subject: Re: Question about dynamic linking, versioning and API/ABI stability
Hi,
Semantic versioning applies only to API compatibility but not for ABI. When we break the ABI we increase the SO version for that part of the library and this is how linux distributions normally track our ABI compatibility. Additionally, we try very hard not to break ABI at all in LTS versions.
You can find a detailed description what Mbed TLS promises regarding API/ABI compatibility: https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md
Kind regards, Janos
From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.orgmailto:mbed-tls-bounces@lists.trustedfirmware.org> on behalf of Hugues De Valon via mbed-tls <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Date: Wednesday, 14 July 2021 at 17:09 To: mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: [mbed-tls] Question about dynamic linking, versioning and API/ABI stability Hello,
We are using Mbed Crypto in our Parsec project through the psa-crypto Rust crate (https://github.com/parallaxsecond/rust-psa-crypto). We currently have Mbed Crypto through Mbed TLS 2.25.0 which we build statically from scratch by default. We also offer the option to dynamically link with an Mbed Crypto library available on the system. Ideally, this would offer an easy and simple way to patch bug fixes without having to recompile everything. However, as we observed API (and probably ABI) breaking changes over the past versions of Mbed TLS we were wondering if this (dynamic linking) was a model we should promote at all. Is there a semantic versioning process currently applied in Mbed TLS? If we use Mbed TLS 3.0.0 in our crate, can we be sure than 3.x.y versions won't contain any API/ABI breaking changes or is there nothing of the sort?
I believe that Mbed Crypto is catching up to be fully compliant with PSA Crypto 1.0.1. Once that will be the case, will its API/ABI be stable and follow the PSA Crypto semantic versioning?
It might be that the good solution is that we shouldn't dynamically link with Mbed Crypto but always compile it from scratch as we do by default. I am just sending this email so that we follow the good approach!
Kind regards, Hugues
Hi Hugues,
Yes, that is what I meant by SO version; I am happy that it was helpful!
We would like to make a new LTS branch soon (in a couple of months). At the moment, we are still working towards PSA Crypto 1.0.0 compliance and although the differences are minor, it is really hard to tell when we will have PSA Crypto 1.0.1. There are minor discrepancies and some missing functionality and overall Mbed TLS is reasonably close to PSA Crypto 1.0.0 compliance. It would be nice to have PSA Crypto 1.0.0 compliance for the next LTS version and it is imaginable that we will, but as far as I know we don’t consider it as a hard requirement.
Kind regards, Janos
From: Hugues De Valon Hugues.DeValon@arm.com Date: Thursday, 15 July 2021 at 12:12 To: Janos Follath Janos.Follath@arm.com, mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: RE: Question about dynamic linking, versioning and API/ABI stability Hi Janos,
Thanks for the answer. By the “SO version”, do you mean the X number which is at the end of libmbedcrypto.so.X? I did not know that, that’s helpful!
Concerning Mbed Crypto specifically, do you know when a LTS version will contain it? Will it be the same version which is completely compliant with PSA Crypto 1.0.1? For our dynamic linking use-case, it seems that it would be better to wait for that moment.
Kind regards, Hugues
From: Janos Follath Janos.Follath@arm.com Sent: 15 July 2021 08:33 To: Hugues De Valon Hugues.DeValon@arm.com; mbed-tls@lists.trustedfirmware.org Subject: Re: Question about dynamic linking, versioning and API/ABI stability
Hi,
Semantic versioning applies only to API compatibility but not for ABI. When we break the ABI we increase the SO version for that part of the library and this is how linux distributions normally track our ABI compatibility. Additionally, we try very hard not to break ABI at all in LTS versions.
You can find a detailed description what Mbed TLS promises regarding API/ABI compatibility: https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md
Kind regards, Janos
From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.orgmailto:mbed-tls-bounces@lists.trustedfirmware.org> on behalf of Hugues De Valon via mbed-tls <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Date: Wednesday, 14 July 2021 at 17:09 To: mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: [mbed-tls] Question about dynamic linking, versioning and API/ABI stability Hello,
We are using Mbed Crypto in our Parsec project through the psa-crypto Rust crate (https://github.com/parallaxsecond/rust-psa-crypto). We currently have Mbed Crypto through Mbed TLS 2.25.0 which we build statically from scratch by default. We also offer the option to dynamically link with an Mbed Crypto library available on the system. Ideally, this would offer an easy and simple way to patch bug fixes without having to recompile everything. However, as we observed API (and probably ABI) breaking changes over the past versions of Mbed TLS we were wondering if this (dynamic linking) was a model we should promote at all. Is there a semantic versioning process currently applied in Mbed TLS? If we use Mbed TLS 3.0.0 in our crate, can we be sure than 3.x.y versions won’t contain any API/ABI breaking changes or is there nothing of the sort?
I believe that Mbed Crypto is catching up to be fully compliant with PSA Crypto 1.0.1. Once that will be the case, will its API/ABI be stable and follow the PSA Crypto semantic versioning?
It might be that the good solution is that we shouldn’t dynamically link with Mbed Crypto but always compile it from scratch as we do by default. I am just sending this email so that we follow the good approach!
Kind regards, Hugues
mbed-tls@lists.trustedfirmware.org