mbedtls icon indicating copy to clipboard operation
mbedtls copied to clipboard

Published 20 hours ago verified publisher icon Mbed-TLS

Backport 3.6: dynamically sized key store

Open gilles-peskine-arm opened this issue 8 months ago • 0 comments

Resolve the static limitation on the number of PSA keys at the expense of code size. The new option MBEDTLS_PSA_KEY_SLOT_DYNAMIC is enabled by the default mbedtls_config.h, but will remain disabled by default in projects that have their own configuration file. Fixes https://github.com/Mbed-TLS/mbedtls/issues/9216.

See https://github.com/Mbed-TLS/mbedtls/pull/9309 for a design document.

I tried to keep the code changes when MBEDTLS_PSA_KEY_SLOT_DYNAMIC is enabled to a minimum.

Status: mostly ready. But as this is getting long, I am going to try to split this in two: some preliminaries (test improvements, auxiliary bug fixes) and the main work (adding the dynamic key store). This will involve some restructuring of the commit history.

PR checklist

  • [x] changelog provided
  • [ ] 3.6 backport this is it — needed in 3.6 LTS because it's needed for proper TLS 1.3 support, see https://github.com/Mbed-TLS/mbedtls/issues/9216 and https://github.com/Mbed-TLS/mbedtls/issues/9223
  • [x] 2.28 backport only of some incidental bug fixes: https://github.com/Mbed-TLS/mbedtls/pull/9256
  • [ ] tests provided

gilles-peskine-arm avatar Jun 10 '24 16:06 gilles-peskine-arm