Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support latest LTS (2.28.0 ) release of mbedts #103

Open
nullr0ute opened this issue Feb 23, 2022 · 1 comment
Open

Support latest LTS (2.28.0 ) release of mbedts #103

nullr0ute opened this issue Feb 23, 2022 · 1 comment

Comments

@nullr0ute
Copy link
Contributor

The #88 commit moved to mbedtls 3.0 but it seems MbedTLS has made 2.28.x the new LTS release.

It would be good to be able to support that in the psa-crypto and allow distros to build against their supported version of MBedTLS so that when there's CVEs in MBedTLS the psa-crypto pieces aren't affected and can just consume the distro updates directly.
@ionut-arm
Copy link
Member

Hi @nullr0ute !

The psa-crypto-sys crate can work with 2.28.x without any issues (at least from my checks) if you specify the MbedTLS include and lib directories as environment variables. The version that we have in the vendor submodule is used as a fallback if the library isn't available locally, and thus we need to link to it statically. Dynamic linking is only possible by setting MBEDTLS_LIB_DIR and MBEDTLS_INCLUDE_DIR. This applies to Parsec service builds as well.

If you'd like, we can also add some checks on the CI against 2.28.x of MbedTLS, either here or in the Parsec service.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nullr0ute @ionut-arm