mbedtls icon indicating copy to clipboard operation
mbedtls copied to clipboard

Published 20 hours ago verified publisher icon Mbed-TLS

Mechanism for marking a compilation option as private

Open gilles-peskine-arm opened this issue 7 months ago • 2 comments

Create a mechanism for marking a configuration option as private.

  • Private options must not be set by mbedtls_config.h, crypto_config.h or their alternatives and extensions (MBEDTLS_CONFIG_FILE, MBEDTLS_USER_CONFIG_FILE, etc.). Any attempt to test them is rejected with an #error raised whenever build_info.h is enabled.
  • Nice-to-have: also reject private options passed on the compiler command line with -D.
  • Private options may be set by adjust*.h headers.
  • If MBEDTLS_ALLOW_REMOVED_FEATURES or TF_PSA_CRYPTO_ALLOW_REMOVED_FEATURES (as applicable) is enabled, then private options are allowed. These options are enabled in the full config, so it's ok to make an option private and default-off if our test coverage depends on it (e.g. removing an elliptic curve that is still used in test data).
  • This applies to both TF-PSA-Crypto and Mbed TLS.
  • Nice-to-have: complain if users try to define crypto options in mbedtls_config.h or X.509/TLS options in crypto_config.h. However, there must not be any complaints if the same configuration is used for both.
  • Document a simple way to make more options private.
  • Make legacy crypto options that are subsubmed by PSA_WANT_ private. (This may be done in a follow-up, but it's a good way to validate the new mechanism.)

The goal is to reject incomplete migrations of configurations from Mbed TLS 3.x. In particular, if the user attempts to set a legacy crypto option because of an incomplete migration from a configuration without MBEDTLS_PSA_CRYPTO_CONFIG, this should be rejected.

See “Strategy for removing a compilation option” in https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/145 (published soon) for further considerations.

gilles-peskine-arm avatar Apr 24 '25 16:04 gilles-peskine-arm

See https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/145#discussion_r2059752115 and https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/145#discussion_r2059752115

mpg avatar Apr 25 '25 08:04 mpg

Consider the following user story:

As a developer of some middleware using Mbed TLS (especially for cryptography), I want to write a single configuration file that works both with Mbed TLS 3.6 and TF-PSA-Crypto 1.x, so that my middleware can be built indifferently with an LTS branch or the latest release of Mbed TLS and TF-PSA-Crypto.

This is mostly doable through conditionals on MBEDTLS_VERSION_MAJOR, which is set by including the configuration file. Note that we don't have a TF-PSA-Crypto equivalent yet.

Note that it gets a little complicated if the same configuration file is parsed first by tf-psa-crypto/build_info.h, and then again by mbedtls/build_info.h. The first time round, MBEDTLS_VERSION_MAJOR is not defined yet!

gilles-peskine-arm avatar Apr 25 '25 12:04 gilles-peskine-arm