Skip to content

Support upstream Mbed TLS #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 8 commits into from
Closed

Support upstream Mbed TLS #99

wants to merge 8 commits into from

Conversation

gbryant-arm
Copy link

@gbryant-arm gbryant-arm commented Mar 24, 2020
edited
Loading

AFAIK, in the current state of this project, the Mbed TLS "vendor" (hardcoded) version is tightly coupled to the wrapper and difficult to upgrade to a more recent version since Mbed TLS is now built around a self-contained crypto module.
Mbed Crypto is actually back into Mbed TLS (ARMmbed/mbed-crypto#374).
This work aims at supporting upstream Mbed TLS and potentially decoupling it from the wrapper.

What has been done so far:

  • Removed the hardcoded version of Mbed TLS
  • Added upstream Mbed TLS as a submodule
  • Added the crypto module to the build system
    • A new header dedicated to the crypto module is generated and passed to bindgen
  • Adjusted the rest of the wrapper to the new version of Mbed TLS
  • Removed the crypto module from the build system (revert)

This branch is based on jseyfried's branch fixing the issue with bindgen (and clang?) (#88).

@hanno-becker
Copy link

Ping @jethrogb and @jack-fortanix.

The essence of @gbryant-arm's change is the introduction of Mbed TLS as a submodule, and while there's still some cleanup to do here on our side, it would be good to know if you're in general supportive of this change.

The rationale is that it will be easier to keep track of and update the version of Mbed TLS that the wrapper works with. We'd like this not only to ease support of upstream Mbed TLS, but also because we'd like to integrate the wrapper with an ongoing TLS 1.3 prototype implementation in Mbed TLS that we're working on.

What are your thoughts?

@jethrogb
Copy link
Member

jethrogb commented May 14, 2020
edited
Loading

Sorry for the late response. I haven't looked at the changes in this PR yet, but we actually did think about the desired architecture here a couple of months ago with some folks from Red Hat. We think something more akin to the way the openssl-sys and openssl-src crates are organized is better. That way we can separate the bindings version from the MbedTLS version.

A separate thing is the long-standing concern regarding bindgen. That's blocked on me spending some time evaluating the various open PRs for that.

@Taowyoo
Copy link
Collaborator

Taowyoo commented Nov 4, 2022

Close PR since long time no update

@Taowyoo Taowyoo closed this Nov 4, 2022
mcr pushed a commit to mcr/rust-mbedtls that referenced this pull request Aug 10, 2023
@jsha
Validate header field names. (fortanix#99)
4d7bf5d 
This rejects spaces after field names as well as various other invalid
characters.

Fixes fortanix#96
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jethrogb jethrogb Awaiting requested review from jethrogb

@jack-fortanix jack-fortanix Awaiting requested review from jack-fortanix

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gbryant-arm @hanno-becker @jethrogb @Taowyoo