Thanks to visit codestin.com
Credit goes to github.com

Skip to content

unix: switch default build to use mbedtls (not axtls) #8916

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jul 18, 2022
Merged

unix: switch default build to use mbedtls (not axtls) #8916

merged 7 commits into from
Jul 18, 2022

Conversation

dpgeorge
Copy link
Member

This PR:

  • adds custom mbedtls config to the unix port which matches closely the bare-metal configs (eg stm32, rp2)
  • switches unix to build with mbedtls by default, instead of axtls

Switching from axtls to mbedtls increases the unix build by about 134k on x64 architectures.

The reasons to make this switch are:

  1. axtls is not being maintained/updated, mbedtls is.
  2. So CI and tests can run against mbedtls, which is now the main TLS library used by the ports (eg stm32, rp2, mimxrt, esp32). Only esp8266 uses axtls.

@dpgeorge dpgeorge force-pushed the unix-switch-to-mbedtls branch from 3491616 to f109b4f Compare July 16, 2022 15:14
@Carglglz Carglglz mentioned this pull request Jul 18, 2022
Closed
@Carglglz
Copy link
Contributor

I've tested these changes locally and added #8252 on top and now all test/multi_net/ssl*.py are properly passing, although I had to change key, cert in ssl_data.py to the ones I generated in #8252. (I enabled PEM parse)

Here is the full config diff:

diff --git a/ports/unix/mbedtls/mbedtls_config.h b/ports/unix/mbedtls/mbedtls_config.h
index 1b6b4d14c..1cdf2770c 100644
--- a/ports/unix/mbedtls/mbedtls_config.h
+++ b/ports/unix/mbedtls/mbedtls_config.h
@@ -49,6 +49,7 @@
 #define MBEDTLS_ECP_NIST_OPTIM
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 #define MBEDTLS_NO_PLATFORM_ENTROPY
 #define MBEDTLS_PKCS1_V15
 #define MBEDTLS_SHA256_SMALLER
@@ -65,10 +66,12 @@
 // Enable mbedtls modules
 #define MBEDTLS_AES_C
 #define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
 #define MBEDTLS_BIGNUM_C
 #define MBEDTLS_CIPHER_C
 #define MBEDTLS_CTR_DRBG_C
 #define MBEDTLS_ECDH_C
+#define MBEDTLS_ECDSA_C
 #define MBEDTLS_ECP_C
 #define MBEDTLS_ENTROPY_C
 #define MBEDTLS_ERROR_C
@@ -91,7 +94,12 @@
 #define MBEDTLS_TIMING_C
 #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
 #define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_CRL_PARSE_C
+#define MBEDTLS_X509_CSR_PARSE_C
 #define MBEDTLS_X509_USE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_PEM_PARSE_C
+

(I enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED so I could test unix->esp32 and works both ways too👍🏼 .)

Also not sure if there is a bug in tests/run-multitest.py

diff --git a/tests/run-multitests.py b/tests/run-multitests.py
index d8a4a48fa..6dad04c74 100755
--- a/tests/run-multitests.py
+++ b/tests/run-multitests.py
@@ -36,6 +36,8 @@ class multitest:
             sys.stdout.flush()
         except AttributeError:
             pass
+        except OSError:
+            pass
     @staticmethod
     def skip():
         print("SKIP")

Otherwise OSError: 45 in flush makes the tests fail.

+Traceback (most recent call last):
+  File "<stdin>", line 117, in <module>
+  File "<stdin>", line 42, in instance0
+  File "<stdin>", line 98, in globals
+  File "<stdin>", line 72, in flush
+OSError: 45

🤷🏼

dpgeorge added 2 commits July 18, 2022 18:12
@dpgeorge
tests/extmod/ussl_basic: Make test run on axtls and mbedtls.
18ecc29 
Fixes issue micropython#4364.

Signed-off-by: Damien George <[email protected]>
@dpgeorge
unix/mpconfigport: Make MICROPY_EVENT_POLL_HOOK call usleep directly.
e30e7ce 
So that MICROPY_EVENT_POLL_HOOK can be used without including py/mphal.h.

Signed-off-by: Damien George <[email protected]>
@dpgeorge dpgeorge force-pushed the unix-switch-to-mbedtls branch 2 times, most recently from edeea6a to 2c46c1b Compare July 18, 2022 08:21
@dpgeorge
Copy link
Member Author

I trimmed down the mbedtls options a bit to match stm32. The change in code size is now about +94000 bytes. And the tests now pass.

dpgeorge added 5 commits July 18, 2022 22:42
@dpgeorge
unix/mbedtls: Add custom config for mbedtls.
26dec1f 
Based on existing bare-metal config from stm32.  Also uses shorter error
messages from lib/mbedtls_errors.

Signed-off-by: Damien George <[email protected]>
@dpgeorge
unix/mpconfigport: Switch ussl from axtls to mbedtls.
13c78ab 
The reasons to make this switch are:
- The axtls library is not being maintained/updated, mbedtls is.
- So CI and tests can run against mbedtls, which is now the main TLS
  library used by the ports (eg stm32, rp2, mimxrt, esp32). Only esp8266
  uses axtls.

Increases unix standard build on x86-64 by about 89000 bytes.

Signed-off-by: Damien George <[email protected]>
@dpgeorge
unix/Makefile: Only include axtls in GIT_SUBMODULES list when enabled.
b87f796 
Signed-off-by: Damien George <[email protected]>
@dpgeorge
extmod: Always use custom mbedtls error message code.
b89422c 
All ports that use mbedtls use the custom error messages in
mp_mbedtls_errors.c.  This commit simplifies the build so that ports don't
need to explicitly add this file, it's now used by default when mbedtls is
enabled.

Signed-off-by: Damien George <[email protected]>
@dpgeorge
examples/embedding: Remove obsolete axtls build target.
5e20dcf 
axtls is now built as part of the standard make process, using rules in
extmod/extmod.mk.

Signed-off-by: Damien George <[email protected]>
@dpgeorge dpgeorge force-pushed the unix-switch-to-mbedtls branch from 2c46c1b to 5e20dcf Compare July 18, 2022 13:02
@dpgeorge
Copy link
Member Author

I made unix use the more compact mbedtls error message strings, and it now adds +89000 bytes to the executable, compared to axtls.

@dpgeorge dpgeorge merged commit 5e20dcf into micropython:master Jul 18, 2022
@dpgeorge dpgeorge deleted the unix-switch-to-mbedtls branch July 18, 2022 13:22
louis993546 added a commit to louis993546/homebrew-core that referenced this pull request May 2, 2023
@louis993546
Update micropython.rb
d4eb46b 
See micropython/micropython#8916
BrewTestBot pushed a commit to Homebrew/homebrew-core that referenced this pull request May 3, 2023
@louis993546 @branchvincent @BrewTestBot
micropython 1.20.0
bbf35ef 
* micropython 1.20.0
* Update micropython.rb
  See micropython/micropython#8916
* micropython: fix and simplify build

Closes #129998.

Co-authored-by: Louis Tsai <[email protected]>
Co-authored-by: Branch Vincent <[email protected]>
Signed-off-by: BrewTestBot <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
port-unix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dpgeorge @Carglglz