Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Should MBEDTLS_PSA_CRYPTO_CLIENT be a configuration option? #112

Open
gilles-peskine-arm opened this issue Oct 4, 2024 · 0 comments
Open

Comments

@gilles-peskine-arm
Copy link

From Mbed TLS 3.x, we've inherited MBEDTLS_PSA_CRYPTO_CLIENT as an option guarding client-side PSA crypto code, a small subset of MBEDTLS_PSA_CRYPTO_C which covers the generic PSA crypto code (key store functionality, generic dispatch code). Should we keep supporting builds without MBEDTLS_PSA_CRYPTO_CLIENT? On the one hand, you can't have any stable API for cryptography. On the other hand, this could be ok for corner cases, e.g. just for ASN.1.

Tentative definition of done — may be revised based on the architectural decision:

  • If we do keep MBEDTLS_PSA_CRYPTO_CLIENT as an option, there should be an all.sh component that builds the library with it disabled.
  • If we don't want MBEDTLS_PSA_CRYPTO_CLIENT as an option, it shouldn't be listed in the configuration file, and in fact it probably shouldn't appear in the library source code at all.
@gilles-peskine-arm gilles-peskine-arm moved this to Design needed in Mbed TLS 4.0 planning Oct 4, 2024
@gilles-peskine-arm gilles-peskine-arm moved this from Design needed to Requirements needed in Mbed TLS 4.0 planning Oct 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Requirements needed
Development

No branches or pull requests

1 participant