mpg
commented
3 years ago Generally speaking, I'm a big fan of incremental plans. In this instance, having a step where dual-builds waste RAM (even a large amount, I assume 32kB by default) is acceptable IMO, as it allows people to start testing on non-constrained platforms (and highly-constrained platforms can use mono builds). So in addition to being convenient for us, it's a way to deliver earlier something that people can use for testing, which is always good.
yanesca
Once all MPS components have been upstreamed, this issue tracks the integration of MPS into the SSL context:
Details: It's my understanding that while we aim to eventually use MPS throughout, including for TLS <= 1.2, we'll initially have a version of the library which supports TLS 1.3 on the basis of MPS and TLS <= 1.2 on the basis of the old messaging layer. In this latter situation, we need to find a way to have MPS and the legacy messaging layer coexist with minimal waste of resources. In a build which enables just TLS <= 1.2 or just TLS 1.3, this is simple, but in a dual-build, we may need to switch between legacy messaging layer and MPS based on whether TLS 1.3 is negotiated, and in this case, both messaging layers need to be present at compile-time.
There are multiple levels of sophistication here:
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTALis enabled, both MPS and the legacy messaging layer are setup unconditionally, including their respective I/O buffers, even though this leads to a very high RAM waste.union, for example).The purpose of this issue is solely to establish 1., accepting the RAM waste if
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTALis enabled, while solving 2. is left for a separate stage.cc @mpg @yanesca I wonder if you have thoughts on this strategy.