unix: switch default build to use mbedtls (not axtls)#8916
Merged
Conversation
dpgeorge
force-pushed
the
unix-switch-to-mbedtls
branch
from
3491616 to
f109b4f
Compare
Contributor
|
I've tested these changes locally and added #8252 on top and now all Here is the full config diff: diff --git a/ports/unix/mbedtls/mbedtls_config.h b/ports/unix/mbedtls/mbedtls_config.h
index 1b6b4d14c..1cdf2770c 100644
--- a/ports/unix/mbedtls/mbedtls_config.h
+++ b/ports/unix/mbedtls/mbedtls_config.h
@@ -49,6 +49,7 @@
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_SHA256_SMALLER
@@ -65,10 +66,12 @@
// Enable mbedtls modules
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ECDH_C
+#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_ERROR_C
@@ -91,7 +94,12 @@
#define MBEDTLS_TIMING_C
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_CRL_PARSE_C
+#define MBEDTLS_X509_CSR_PARSE_C
#define MBEDTLS_X509_USE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_PEM_PARSE_C
+(I enabled Also not sure if there is a bug in diff --git a/tests/run-multitests.py b/tests/run-multitests.py
index d8a4a48fa..6dad04c74 100755
--- a/tests/run-multitests.py
+++ b/tests/run-multitests.py
@@ -36,6 +36,8 @@ class multitest:
sys.stdout.flush()
except AttributeError:
pass
+ except OSError:
+ pass
@staticmethod
def skip():
print("SKIP")Otherwise 🤷🏼 |
Fixes issue micropython#4364. Signed-off-by: Damien George <[email protected]>
So that MICROPY_EVENT_POLL_HOOK can be used without including py/mphal.h. Signed-off-by: Damien George <[email protected]>
dpgeorge
force-pushed
the
unix-switch-to-mbedtls
branch
2 times, most recently
from
edeea6a to
2c46c1b
Compare
Member
Author
|
I trimmed down the mbedtls options a bit to match stm32. The change in code size is now about +94000 bytes. And the tests now pass. |
Based on existing bare-metal config from stm32. Also uses shorter error messages from lib/mbedtls_errors. Signed-off-by: Damien George <[email protected]>
The reasons to make this switch are: - The axtls library is not being maintained/updated, mbedtls is. - So CI and tests can run against mbedtls, which is now the main TLS library used by the ports (eg stm32, rp2, mimxrt, esp32). Only esp8266 uses axtls. Increases unix standard build on x86-64 by about 89000 bytes. Signed-off-by: Damien George <[email protected]>
Signed-off-by: Damien George <[email protected]>
All ports that use mbedtls use the custom error messages in mp_mbedtls_errors.c. This commit simplifies the build so that ports don't need to explicitly add this file, it's now used by default when mbedtls is enabled. Signed-off-by: Damien George <[email protected]>
axtls is now built as part of the standard make process, using rules in extmod/extmod.mk. Signed-off-by: Damien George <[email protected]>
dpgeorge
force-pushed
the
unix-switch-to-mbedtls
branch
from
2c46c1b to
5e20dcf
Compare
Member
Author
|
I made unix use the more compact mbedtls error message strings, and it now adds +89000 bytes to the executable, compared to axtls. |
louis993546
added a commit
to louis993546/homebrew-core
that referenced
this pull request
May 2, 2023
BrewTestBot
pushed a commit
to Homebrew/homebrew-core
that referenced
this pull request
May 3, 2023
* micropython 1.20.0 * Update micropython.rb See micropython/micropython#8916 * micropython: fix and simplify build Closes #129998. Co-authored-by: Louis Tsai <[email protected]> Co-authored-by: Branch Vincent <[email protected]> Signed-off-by: BrewTestBot <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR:
Switching from axtls to mbedtls increases the unix build by about 134k on x64 architectures.
The reasons to make this switch are: