Merge pull request #123 from codypiersall/mbedtls_upgrade_3.5.1

Update mbedtls library version to 3.5.1
codypiersall · Jan 15, 2024 · 41b6ae8 · 41b6ae8
2 parents 75bc440 + 543bb6b
commit 41b6ae8
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 28 deletions.
diff --git a/build_pynng.py b/build_pynng.py
@@ -20,7 +20,7 @@
     ]
 
     # system libraries determined to be necessary through trial and error
-    libraries = ["Ws2_32", "Advapi32"]
+    libraries = ["Ws2_32", "Advapi32", "Bcrypt"]
 # comment out this block if you want to build this with you own libraries
 # e.g.: python setup.py build_ext -I<inc_path> -L<lib_path> -l<lib>
 # elif True:

diff --git a/pyproject.toml b/pyproject.toml
@@ -94,6 +94,8 @@ skip = "cp36-*"
 # https://github.com/johnnoone/pytest-curio/pull/7
 test-skip = "cp312*"
 
+build-verbosity = 1
+
 [tool.cibuildwheel.windows]
 # Windows builds fail because they try to use the same directory for different
 # architectures, and that's no good.

diff --git a/setup.cfg b/setup.cfg
@@ -4,7 +4,7 @@ rev=v1.6.0
 
 [build_mbedtls]
 repo=https://github.com/ARMmbed/mbedtls.git
-rev=04a049bda1ceca48060b57bc4bcf5203ce591421
+rev=v3.5.1
 
 [build_ext]
 inplace = 1
diff --git a/setup.py b/setup.py
@@ -1,14 +1,23 @@
 import os
 from subprocess import check_call
+import platform
 import shutil
 import sys
 
+if platform.machine() == "i686" and platform.system() == "Linux":
+    # mbedtls v3.5.1 will not build without these flags on 32-bit linux.
+    # https://github.com/Mbed-TLS/mbedtls/issues/8334
+    # this is hopefully going to be fixed in another release.
+    # There is probably a better way to do this...
+    os.environ["CFLAGS"] = "-mpclmul -msse2 -maes"
 from setuptools import Command, setup, find_packages
 from setuptools.command.build_ext import build_ext
 from distutils.command.build import build as dbuild
 
 WINDOWS = sys.platform == "win32"
 
+THIS_DIR = os.path.abspath(os.path.dirname(__file__))
+
 
 def maybe_copy(src, dst):
     os.makedirs(os.path.dirname(dst), exist_ok=True)
@@ -24,11 +33,9 @@ class BuilderBase(Command):
         ("rev=", None, "GitHub repository revision."),
     ]
 
-    windows = sys.platform == "win32"
-
     flags = ["-DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=true"]
     is_64bit = sys.maxsize > 2**32
-    if windows:
+    if WINDOWS:
         if is_64bit:
             flags += ["-A", "x64"]
         else:
@@ -60,26 +67,27 @@ def run(self):
         if not os.path.exists(self.build_dir):
             os.mkdir(self.build_dir)
 
-        self.cmake_cmd += self.cmake_extra_args
-        self.cmake_cmd.append("..")
-        print(f"building {self.git_dir} with:", self.cmake_cmd)
-        check_call(self.cmake_cmd, cwd=self.build_dir)
+        cmake_cmd = [*self.cmake_cmd, *self.cmake_extra_args, ".."]
+        print(f"building {self.git_dir} with:", cmake_cmd, flush=True)
+        check_call(cmake_cmd, cwd=self.build_dir)
 
         self.finalize_build()
 
 
 class BuildNng(BuilderBase):
     description = "build the nng library"
-    git_dir = "nng"
     build_dir = "nng/build"
-    this_dir = os.path.abspath(os.path.dirname(__file__))
-    cmake_extra_args = [
-        "-DNNG_ENABLE_TLS=ON",
-        "-DNNG_TESTS=OFF",
-        "-DNNG_TOOLS=OFF",
-        "-DCMAKE_BUILD_TYPE=Release",
-        "-DMBEDTLS_ROOT_DIR={}/mbedtls/prefix/".format(this_dir),
-    ]
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.git_dir = "nng"
+        self.cmake_extra_args = [
+            "-DNNG_ENABLE_TLS=ON",
+            "-DNNG_TESTS=OFF",
+            "-DNNG_TOOLS=OFF",
+            "-DCMAKE_BUILD_TYPE=Release",
+            "-DMBEDTLS_ROOT_DIR={}/mbedtls/prefix/".format(THIS_DIR),
+        ]
 
     def finalize_build(self):
         check_call(
@@ -95,14 +103,17 @@ def finalize_build(self):
 
 class BuildMbedTls(BuilderBase):
     description = "build the mbedtls library"
-    git_dir = "mbedtls"
     build_dir = "mbedtls/build"
-    cmake_extra_args = [
-        "-DENABLE_PROGRAMS=OFF",
-        "-DCMAKE_BUILD_TYPE=Release",
-        "-DCMAKE_INSTALL_PREFIX=../prefix",
-        "-DENABLE_TESTING=OFF",
-    ]
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.git_dir = "mbedtls"
+        self.cmake_extra_args = [
+            "-DENABLE_PROGRAMS=OFF",
+            "-DCMAKE_BUILD_TYPE=Release",
+            "-DCMAKE_INSTALL_PREFIX=../prefix",
+            "-DENABLE_TESTING=OFF",
+        ]
 
     def finalize_build(self):
         check_call(
@@ -118,6 +129,16 @@ def finalize_build(self):
             maybe_copy(src + "mbedtls.lib", dst + "mbedtls.lib")
             maybe_copy(src + "mbedx509.lib", dst + "mbedx509.lib")
             maybe_copy(src + "mbedcrypto.lib", dst + "mbedcrypto.lib")
+        else:
+            # kinda hacky...
+            # In CI, mbedtls installs its libraries into mbedtls/prefix/lib64.
+            # Not totally sure when this happened, but something in mbedtls changed,
+            # likely commit 0f2e87bdf534a967937882e7381e067d9b1cb135, when they started
+            # using GnuInstallDirs. Couldn't build to verify but likely enough.
+            src = f"{THIS_DIR}/mbedtls/prefix/lib64"
+            dst = f"{THIS_DIR}/mbedtls/prefix/lib"
+            if os.path.exists(src) and not os.path.exists(dst):
+                shutil.copytree(src, dst)
 
 
 class BuildBuild(build_ext):

diff --git a/test/test_tls.py b/test/test_tls.py
@@ -1,5 +1,4 @@
 from pynng import Pair0, TLSConfig
-import pytest
 
 SERVER_CERT = """
 -----BEGIN CERTIFICATE-----
@@ -64,7 +63,6 @@
 BYTES = b"1234567890"
 
 
-@pytest.mark.skip
 def test_config_string():
     with Pair0(recv_timeout=1000, send_timeout=1000) as server, Pair0(
         recv_timeout=1000, send_timeout=1000
@@ -86,7 +84,6 @@ def test_config_string():
         assert client.recv() == BYTES
 
 
-@pytest.mark.skip
 def test_config_file(tmp_path):
     ca_crt_file = tmp_path / "ca.crt"
     ca_crt_file.write_text(CA_CERT)