New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MbedTLS TLS 1.3 PSA dependency #6780
Comments
Hi @tomvaneyck, The PSA functions were removed only for simplicity and ease of maintenance and because there were not strictly needed. However your use case seems totally valid. I believe the right thing to do would be to upgrade MbedTLS as we do from time to time, but this time keep the PSA API add it to the build. The process is described at https://optee.readthedocs.io/en/latest/building/gits/optee_os.html#import-branches. I can create the import branch ; then would you mind doing the rest and opening a pull request against that import branch? |
Hello @jforissier Thanks for the response! I'm fine with going through the import process. v3.6.0 should be good as well. |
I've started the import process on branch import/mbedtls-3.6.0 on my fork. Currently it is able to compile. There were quite some changes between v3.4 and v3.6 in for example |
@tomvaneyck thanks for taking care of this! After a quick glance I would say the series looks good, however it did not pass my testing:
How did you test on your side? Any idea what's wrong before I dig further in the code? |
I quickly tested it with something I was doing on the side, did not come to thourough testing yet. I'll take a look tomorrow and let you know what I find! |
Sorry for the delay. I've fixed the above test, but I had to increase the thread stack size to prevent stack overflows in that same and some other tests. I don't know if this is to be expected or not. |
All tests succeed, except for pkcs11_1021 and pkcs11_1026, which also don't succeed on the master branch. @jforissier, I think I'm ready for creating a pull request. |
@tomvaneyck that's good, please do so. I have created branch |
I think the branch name is wrong, it seems to be called |
Oops! Fixed 😉 |
This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time. |
I'm trying to implement the Global Platform TLS Sockets API using MbedTLS. I want to limit the implementation to TLS 1.31 for now.
As the features that enable TLS 1.3 require the use of functions defined by/in PSA [1], at least in MbedTLS v3.4.0, I added
MBEDTLS_PSA_CRYPTO_C
to the configuration header.However, and this is the issue, the files implementing these PSA functions have been removed while importing MbedTLS in commit dfafe50. This seems to have been the default action since one of the first imports of MbedTLS. Was this done just to remove unnecessary code, or was there a more fundamental reason? In other words, would the inclusion of those files pose issues for the rest of OP-TEE OS?
As an aside, I would like to submit a pull request once I've got a semi-decent version. I wonder, is there still some interest in adding such a wrapper to OP-TEE OS? Thanks!
[1] TLS 1.3 support in MbedTLS v3.4.0
Footnotes
This seems to be allowed by the API specification (v1.0.3, section C.3). ↩
The text was updated successfully, but these errors were encountered: