From 4b873874a3269363ec7317f065dd4570be29d4bb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 20 Jun 2022 18:50:09 +0200 Subject: [PATCH] Backward compatibility: the key store with drivers Promise that we will try to keep backward compatibility with basic driver usage, but not with more experimental aspects. Signed-off-by: Gilles Peskine --- BRANCHES.md | 6 ++++++ include/mbedtls/mbedtls_config.h | 5 +++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/BRANCHES.md b/BRANCHES.md index e08ae871bb..f6cdd65b13 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -78,6 +78,12 @@ Mbed TLS 3.x can also read keys written by Mbed TLS 2.25.0 through 2.28.x LTS, but future major version upgrades (for example from 2.28.x/3.x to 4.y) may require the use of an upgrade tool. +Note that this guarantee does not currently fully extend to drivers, which +are an experimental feature. We intend to maintain compatibility with the +basic use of drivers from Mbed TLS 2.28.0 onwards, even if driver APIs +change. However, for more experimental parts of the driver interface, such +as the use of driver state, we do not yet guarantee backward compatibility. + ## Long-time support branches For the LTS branches, additionally we try very hard to also maintain ABI diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 65260bc573..f9642e71aa 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1184,8 +1184,9 @@ * * Requires: MBEDTLS_PSA_CRYPTO_C * - * \warning This interface is experimental and may change or be removed - * without notice. + * \warning This interface is experimental. We intend to maintain backward + * compatibility with application code that relies on drivers, + * but the driver interfaces may change without notice. */ //#define MBEDTLS_PSA_CRYPTO_DRIVERS