@@ -12,11 +12,6 @@ At any point in time, we have a number of maintained branches, currently consist
1212- One or more long-time support (LTS) branches: these only get bug fixes and
1313 security fixes. Currently, the only supported LTS branch is:
1414 [ ` mbedtls-2.28 ` ] ( https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28 ) .
15- - For a short time we also have the previous LTS, which has recently ended its
16- support period,
17- [ ` mbedtls-2.16 ` ] ( https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.16 ) .
18- This branch will move into the ` archive ` namespace around the time of
19- the next release.
2015
2116We retain a number of historical branches, whose names are prefixed by ` archive/ ` ,
2217such as [ ` archive/mbedtls-2.7 ` ] ( https://github.com/Mbed-TLS/mbedtls/tree/archive/mbedtls-2.7 ) .
@@ -28,14 +23,22 @@ the API of 3.(x+1) is backward compatible with 3.x). We only break API
2823compatibility on major version changes (e.g. from 3.x to 4.0). We also maintain
2924ABI compatibility within LTS branches; see the next section for details.
3025
31- ## Backwards Compatibility
26+ ## Backwards Compatibility for application code
3227
3328We maintain API compatibility in released versions of Mbed TLS. If you have
3429code that's working and secure with Mbed TLS x.y.z and does not rely on
3530undocumented features, then you should be able to re-compile it without
3631modification with any later release x.y'.z' with the same major version
3732number, and your code will still build, be secure, and work.
3833
34+ Note that this guarantee only applies if you either use the default
35+ compile-time configuration (` mbedtls/mbedtls_config.h ` ) or the same modified
36+ compile-time configuration. Changing compile-time configuration options can
37+ result in an incompatible API or ABI, although features will generally not
38+ affect unrelated features (for example, enabling or disabling a
39+ cryptographic algorithm does not break code that does not use that
40+ algorithm).
41+
3942Note that new releases of Mbed TLS may extend the API. Here are some
4043examples of changes that are common in minor releases of Mbed TLS, and are
4144not considered API compatibility breaks:
@@ -57,6 +60,25 @@ crypto that was found to be weak) may need to be changed. In case security
5760comes in conflict with backwards compatibility, we will put security first,
5861but always attempt to provide a compatibility option.
5962
63+ ## Backward compatibility for the key store
64+
65+ We maintain backward compatibility with previous versions of the
66+ PSA Crypto persistent storage since Mbed TLS 2.25.0, provided that the
67+ storage backend (PSA ITS implementation) is configured in a compatible way.
68+ We intend to maintain this backward compatibility throughout a major version
69+ of Mbed TLS (for example, all Mbed TLS 3.y versions will be able to read
70+ keys written under any Mbed TLS 3.x with x <= y).
71+
72+ Mbed TLS 3.x can also read keys written by Mbed TLS 2.25.0 through 2.28.x
73+ LTS, but future major version upgrades (for example from 2.28.x/3.x to 4.y)
74+ may require the use of an upgrade tool.
75+
76+ Note that this guarantee does not currently fully extend to drivers, which
77+ are an experimental feature. We intend to maintain compatibility with the
78+ basic use of drivers from Mbed TLS 2.28.0 onwards, even if driver APIs
79+ change. However, for more experimental parts of the driver interface, such
80+ as the use of driver state, we do not yet guarantee backward compatibility.
81+
6082## Long-time support branches
6183
6284For the LTS branches, additionally we try very hard to also maintain ABI
0 commit comments