From b1ee39e6c4f5a8aa15bf054ef43ca54c7fdc4bde Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Tue, 7 Jan 2025 10:59:08 +0100 Subject: [PATCH] [TLS] Move from OpenSSL to mbedTLS Update libdatachannel to 0.22.6 --- .github/workflows/build_release.yml | 4 +- .gitmodules | 6 +- README.md | 2 +- SConstruct | 11 +- thirdparty/README.md | 23 +-- thirdparty/libdatachannel | 2 +- thirdparty/mbedtls | 1 + thirdparty/openssl | 1 - tools/cmake.py | 83 +++++--- tools/mbedtls.py | 67 ++++++ tools/openssl.py | 304 ---------------------------- tools/rtc.py | 28 +-- 12 files changed, 162 insertions(+), 370 deletions(-) create mode 160000 thirdparty/mbedtls delete mode 160000 thirdparty/openssl create mode 100644 tools/mbedtls.py delete mode 100644 tools/openssl.py diff --git a/.github/workflows/build_release.yml b/.github/workflows/build_release.yml index 494af31..5ae948a 100644 --- a/.github/workflows/build_release.yml +++ b/.github/workflows/build_release.yml @@ -193,6 +193,7 @@ jobs: fi tar -xjf ${{ matrix.buildroot }}.tar.bz2 ${{ matrix.buildroot }}/relocate-sdk.sh + rm ${{ matrix.buildroot }}/bin/cmake echo "$GITHUB_WORKSPACE/${{ matrix.buildroot }}/bin" >> $GITHUB_PATH echo "PKG_CONFIG=$GITHUB_WORKSPACE/${{ matrix.buildroot }}/share/pkgconfig/" >> $GITHUB_ENV patch -p1 < misc/patches/scons_path.diff @@ -252,11 +253,10 @@ jobs: run: | cp LICENSE artifacts/LICENSE.webrtc-native cp thirdparty/libdatachannel/LICENSE artifacts/LICENSE.libdatachannel - cp thirdparty/openssl/LICENSE.txt artifacts/LICENSE.openssl + cp thirdparty/mbedtls/LICENSE artifacts/LICENSE.mbedtls cp thirdparty/libdatachannel/deps/libjuice/LICENSE artifacts/LICENSE.libjuice cp thirdparty/libdatachannel/deps/usrsctp/LICENSE.md artifacts/LICENSE.usrsctp cp thirdparty/libdatachannel/deps/libsrtp/LICENSE artifacts/LICENSE.libsrtp - cp thirdparty/libdatachannel/deps/json/LICENSE.MIT artifacts/LICENSE.json cp thirdparty/libdatachannel/deps/plog/LICENSE artifacts/LICENSE.plog - name: Package artifacts for release diff --git a/.gitmodules b/.gitmodules index ed1bc99..d0c2281 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,6 +7,6 @@ [submodule "libdatachannel"] path = thirdparty/libdatachannel url = https://github.com/paullouisageneau/libdatachannel.git -[submodule "openssl"] - path = thirdparty/openssl - url = https://github.com/openssl/openssl.git +[submodule "mbedtls"] + path = thirdparty/mbedtls + url = https://github.com/Mbed-TLS/mbedtls.git diff --git a/README.md b/README.md index 676048c..b10db0b 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ ### Compiling -Clone this repository with the following command to checkout all the dependencies: [godot-cpp](https://github.com/godotengine/godot-cpp), [openssl](https://www.openssl.org/) and [libdatachannel](https://github.com/paullouisageneau/libdatachannel) (and sub-dependencies). +Clone this repository with the following command to checkout all the dependencies: [godot-cpp](https://github.com/godotengine/godot-cpp), [mbedTLS](https://github.com/Mbed-TLS/mbedtls) and [libdatachannel](https://github.com/paullouisageneau/libdatachannel) (and sub-dependencies). ``` $ git clone --recurse-submodules https://github.com/godotengine/webrtc-native.git diff --git a/SConstruct b/SConstruct index 8be57d1..cc47427 100644 --- a/SConstruct +++ b/SConstruct @@ -177,18 +177,21 @@ else: sources.append("src/init_gdextension.cpp") # Add our build tools -for tool in ["openssl", "cmake", "rtc"]: +for tool in ["cmake", "mbedtls", "rtc"]: env.Tool(tool, toolpath=["tools"]) -ssl = env.OpenSSL() +# Make sure Substfile is also loaded +env.Tool("textfile") -rtc = env.BuildLibDataChannel(ssl) +mbedtls = env.BuildMbedTLS() + +rtc = env.BuildLibDataChannel(mbedtls) # Forces building our sources after OpenSSL and libdatachannel. # This is because OpenSSL headers are generated by their build system and SCons doesn't know about them. # Note: This might not be necessary in this specific case since our sources doesn't include OpenSSL headers directly, # but it's better to be safe in case of indirect inclusions by one of our other dependencies. -env.Depends(sources, ssl + rtc) +env.Depends(sources, rtc + mbedtls) # We want to statically link against libstdc++ on Linux to maximize compatibility, but we must restrict the exported # symbols using a GCC version script, or we might end up overriding symbols from other libraries. diff --git a/thirdparty/README.md b/thirdparty/README.md index 95bfbea..107ff8f 100644 --- a/thirdparty/README.md +++ b/thirdparty/README.md @@ -5,21 +5,10 @@ respective folder names. Use two empty lines to separate categories for readability. -## json - -- Upstream: https://github.com/nlohmann/json -- Version: 3.11.3 (9cca280a4d0ccf0c08f47a99aa71d1b0e52f8d03, 2023) -- License: MIT - -Module location: - -- thirdparty/libdatachannel/deps/json - - ## libdatachannel - Upstream: https://github.com/paullouisageneau/libdatachannel -- Version: 0.22.3 (d74748fd46f75cee5090d187841c6921820eb9d0, 2024) +- Version: 0.22.6 (0d6adc021953d7263fd4503482ea7bde33553724, 2025) - License: MPL 2.0 Module location: @@ -30,7 +19,7 @@ Module location: # libjuice - Upstream: https://github.com/paullouisageneau/libjuice -- Version: 1.5.7 (70ba50cce33350b64404557ea63658e925758ce6, 2024) +- Version: 1.5.9 (8d1a99a0683a811876c03a73ff764a92774027ad, 2025) - License: MPL 2.0 Module location: @@ -49,15 +38,15 @@ Module location: - thirdparty/libdatachannel/deps/libsrtp -## openssl +## mbedTLS -- Upstream: git://git.openssl.org/openssl.git -- Version: 3.4.0 (98acb6b02839c609ef5b837794e08d906d965335, 2024) +- Upstream: https://github.com/Mbed-TLS/mbedtls.git +- Version: 3.6.3 (22098d41c6620ce07cf8a0134d37302355e1e5ef, 2025) - License: Apache 2.0 Module location: -- thirdparty/openssl +- thirdparty/mbedtls ## plog diff --git a/thirdparty/libdatachannel b/thirdparty/libdatachannel index d74748f..0d6adc0 160000 --- a/thirdparty/libdatachannel +++ b/thirdparty/libdatachannel @@ -1 +1 @@ -Subproject commit d74748fd46f75cee5090d187841c6921820eb9d0 +Subproject commit 0d6adc021953d7263fd4503482ea7bde33553724 diff --git a/thirdparty/mbedtls b/thirdparty/mbedtls new file mode 160000 index 0000000..22098d4 --- /dev/null +++ b/thirdparty/mbedtls @@ -0,0 +1 @@ +Subproject commit 22098d41c6620ce07cf8a0134d37302355e1e5ef diff --git a/thirdparty/openssl b/thirdparty/openssl deleted file mode 160000 index 98acb6b..0000000 --- a/thirdparty/openssl +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 98acb6b02839c609ef5b837794e08d906d965335 diff --git a/tools/cmake.py b/tools/cmake.py index 5f170fd..9aa54ca 100644 --- a/tools/cmake.py +++ b/tools/cmake.py @@ -1,8 +1,10 @@ -import os, sys +import os +import shlex +import sys -import SCons.Util -import SCons.Builder import SCons.Action +import SCons.Builder +import SCons.Util # This must be kept in sync with the value in https://github.com/godotengine/godot/blob/master/platform/android/detect.py#L58. @@ -12,7 +14,7 @@ def get_ndk_version(): def cmake_default_flags(env): if env.get("cmake_default_flags", ""): - return SCons.Util.CLVar(env["cmake_default_flags"]) + return shlex.split(env["cmake_default_flags"]) config = {} @@ -79,18 +81,17 @@ def cmake_default_flags(env): elif env["platform"] == "windows": config["CMAKE_SYSTEM_NAME"] = "Windows" - - flags = ["-D%s=%s" % it for it in config.items()] - if env["CMAKEGENERATOR"]: - flags.extend(["-G", env["CMAKEGENERATOR"]]) - elif env["platform"] == "windows": if env.get("is_msvc", False): - flags.extend(["-G", "NMake Makefiles"]) - elif sys.platform in ["win32", "msys", "cygwin"]: - flags.extend(["-G", "Ninja"]) - else: - flags.extend(["-G", "Unix Makefiles"]) - return flags + config["CMAKE_POLICY_DEFAULT_CMP0091"] = "NEW" + if env.get("debug_crt", False): + config["CMAKE_MSVC_RUNTIME_LIBRARY"] = "MultiThreadedDebugDLL" + else: + if env.get("use_static_cpp", False): + config["CMAKE_MSVC_RUNTIME_LIBRARY"] = "MultiThreaded" + else: + config["CMAKE_MSVC_RUNTIME_LIBRARY"] = "MultiThreadedDLL" + + return ["-D%s=%s" % it for it in config.items()] def cmake_emitter(target, source, env): @@ -100,26 +101,63 @@ def cmake_emitter(target, source, env): def cmake_generator(target, source, env, for_signature): # Strip the -j option for signature to avoid rebuilding when num_jobs changes. build = env["CMAKEBUILDCOM"].replace("-j$CMAKEBUILDJOBS", "") if for_signature else env["CMAKEBUILDCOM"] - return [ + actions = [ SCons.Action.Action("$CMAKECONFCOM", "$CMAKECONFCOMSTR"), SCons.Action.Action(build, "$CMAKEBUILDCOMSTR"), ] + if env["CMAKE_INSTALL"]: + actions.append( + SCons.Action.Action("$CMAKEINSTALLCOM", "$CMAKEINSTALLCOMSTR"), + ) + return actions -def cmake_build(env, target_dir, source_dir, cmake_outputs=[], cmake_targets=[], cmake_options=[], dependencies=[]): +def cmake_build( + env, target_dir, source_dir, cmake_outputs=[], cmake_targets=[], cmake_options=[], dependencies=[], install=False +): cmake_env = env.Clone() target = env.Dir("{}/{}/{}".format(target_dir, env["platform"], env["arch"])) source = env.Dir(source_dir) builder_targets = [target] + [str(target) + "/" + f for f in cmake_outputs] builder_sources = [source] + dependencies - cmake_env.Append(CMAKECONFFLAGS=["-D%s=%s" % it for it in cmake_options.items()]) + default_flags = cmake_default_flags(env) + + # Merge flags + flags = [] + for df in default_flags: + if not df.startswith("-D"): + flags.append(df) + else: + f = df[2:].split("=")[0] + if f in cmake_options: + df += " " + cmake_options[f] + cmake_options.pop(f) + flags.append(df) + for opt in cmake_options: + flags.append("-D%s=%s" % (opt, cmake_options[opt])) + + # Select generator + if env["cmake_generator"]: + flags.extend(["-G", env["cmake_generator"]]) + elif env["platform"] == "windows": + if env.get("is_msvc", False): + flags.extend(["-G", "NMake Makefiles"]) + elif sys.platform in ["win32", "msys", "cygwin"]: + flags.extend(["-G", "Ninja"]) + else: + flags.extend(["-G", "Unix Makefiles"]) + + cmake_env.Append(CMAKECONFFLAGS=flags) if len(cmake_targets) > 0: cmake_env.Append(CMAKEBUILDFLAGS=["-t"] + [t for t in cmake_targets]) + cmake_env["CMAKE_INSTALL"] = install return cmake_env.CMake(builder_targets, builder_sources) def options(opts): opts.Add("cmake_default_flags", "Default CMake platform flags override, will be autodetected if not specified.", "") + opts.Add("cmake_generator", "CMake generator override, will be autodetected from platform if not specified.", "") + opts.Add("cmake", "CMake binary to use", "cmake") def exists(env): @@ -127,14 +165,13 @@ def exists(env): def generate(env): - env["CMAKE"] = "cmake" - env["_cmake_default_flags"] = cmake_default_flags - env["CMAKEDEFAULTFLAGS"] = "${_cmake_default_flags(__env__)}" - env["CMAKEGENERATOR"] = "" + env["CMAKE"] = env["cmake"] env["CMAKECONFFLAGS"] = SCons.Util.CLVar("") - env["CMAKECONFCOM"] = "$CMAKE -B ${TARGET.dir} $CMAKEDEFAULTFLAGS $CMAKECONFFLAGS ${SOURCE.dir}" + env["CMAKECONFCOM"] = "$CMAKE -B ${TARGET.dir} $CMAKECONFFLAGS ${SOURCE.dir}" env["CMAKEBUILDJOBS"] = "${__env__.GetOption('num_jobs')}" env["CMAKEBUILDFLAGS"] = SCons.Util.CLVar("") + env["CMAKEINSTALLFLAGS"] = SCons.Util.CLVar("") env["CMAKEBUILDCOM"] = "$CMAKE --build ${TARGET.dir} $CMAKEBUILDFLAGS -j$CMAKEBUILDJOBS" + env["CMAKEINSTALLCOM"] = "$CMAKE --install ${TARGET.dir} $CMAKEINSTALLFLAGS" env["BUILDERS"]["CMake"] = SCons.Builder.Builder(generator=cmake_generator, emitter=cmake_emitter) env.AddMethod(cmake_build, "CMakeBuild") diff --git a/tools/mbedtls.py b/tools/mbedtls.py new file mode 100644 index 0000000..cdad730 --- /dev/null +++ b/tools/mbedtls.py @@ -0,0 +1,67 @@ +def build_library(env): + mbedtls_bin = env.Dir("bin/thirdparty/mbedtls/{}/{}/install".format(env["platform"], env["arch"])) + is_msvc = env.get("is_msvc", False) + c_flags = "-DMBEDTLS_SSL_DTLS_SRTP" + if env["platform"] == "linux": + # This is needed on some arch when building with the godot buildroot toolchain + c_flags += " -fPIC" + elif env["platform"] == "windows" and not is_msvc: + c_flags += " -D__USE_MINGW_ANSI_STDIO=0" # See https://github.com/Mbed-TLS/mbedtls/issues/10161 + + mbedtls_config = { + "CMAKE_BUILD_TYPE": "RelWithDebInfo" if env["debug_symbols"] else "Release", + "ENABLE_TESTING": 0, + "ENABLE_PROGRAMS": 0, + "CMAKE_INSTALL_PREFIX": env.Dir(mbedtls_bin).abspath, + "CMAKE_C_FLAGS": c_flags, + } + lib_ext = ".lib" if is_msvc else ".a" + lib_prefix = "" if is_msvc else "lib" + mbedtls_libs = [ + "/install/lib/{}mbedtls{}".format(lib_prefix, lib_ext), + "/install/lib/{}mbedx509{}".format(lib_prefix, lib_ext), + "/install/lib/{}mbedcrypto{}".format(lib_prefix, lib_ext), + ] + + mbedtls_cmake_config = [ + "/install/lib/cmake/MbedTLS/MbedTLSConfig.cmake", + "/install/lib/cmake/MbedTLS/MbedTLSConfigVersion.cmake", + "/install/lib/cmake/MbedTLS/MbedTLSTargets.cmake", + ] + + # Build libdatachannel + mbedtls = env.CMakeBuild( + env.Dir("bin/thirdparty/mbedtls/"), + env.Dir("thirdparty/mbedtls"), + cmake_options=mbedtls_config, + cmake_outputs=mbedtls_libs + mbedtls_cmake_config, + install=True, + ) + + # Configure env. + if env["platform"] == "windows": + env.PrependUnique(LIBS=["bcrypt", "ws2_32", "iphlpapi"]) + if env["platform"] == "linux": + env.PrependUnique(LIBS=["pthread"]) + env.Prepend(LIBS=list(filter(lambda f: str(f).endswith(lib_ext), mbedtls))) + env.Append(CPPPATH=[env.Dir("thirdparty/mbedtls/include")]) + + return mbedtls + + +def exists(env): + return "CMake" in env + + +def generate(env): + mbedtls_install_dir = "bin/thirdparty/mbedtls/{}/{}/install".format(env["platform"], env["arch"]) + lib_ext = ".lib" if env.get("is_msvc", False) else ".a" + mbedtls = env.File(mbedtls_install_dir + "/lib/libmbedtls" + lib_ext) + crypto = env.File(mbedtls_install_dir + "/lib/libmbedcrypto" + lib_ext) + x509 = env.File(mbedtls_install_dir + "/lib/libmbedx509" + lib_ext) + includes = env.Dir("thirdparty/mbedtls/include") + env.AddMethod(build_library, "BuildMbedTLS") + env["MBEDTLS_LIBRARY"] = mbedtls.abspath + env["MBEDTLS_CRYPTO_LIBRARY"] = crypto.abspath + env["MBEDTLS_X509_LIBRARY"] = x509.abspath + env["MBEDTLS_INCLUDE"] = includes.abspath diff --git a/tools/openssl.py b/tools/openssl.py deleted file mode 100644 index 2731564..0000000 --- a/tools/openssl.py +++ /dev/null @@ -1,304 +0,0 @@ -import os, sys -import SCons.Util -import SCons.Builder -import SCons.Action -from SCons.Defaults import Mkdir -from SCons.Variables import PathVariable, BoolVariable - - -# This must be kept in sync with the value in https://github.com/godotengine/godot/blob/master/platform/android/detect.py#L58. -def get_ndk_version(): - return "23.2.8568313" - - -def ssl_platform_target(env): - targets = {} - platform = env["platform"] - if platform == "linux": - targets = { - "x86_32": "linux-x86", - "x86_64": "linux-x86_64", - "arm64": "linux-aarch64", - "arm32": "linux-armv4", - "rv64": "linux64-riscv64", - } - elif platform == "android": - targets = { - "arm64": "android-arm64", - "arm32": "android-arm", - "x86_32": "android-x86", - "x86_64": "android-x86_64", - } - elif platform == "macos": - targets = { - "x86_64": "darwin64-x86_64", - "arm64": "darwin64-arm64", - } - elif platform == "ios": - if env["ios_simulator"]: - targets = { - "x86_64": "iossimulator-x86_64-xcrun", - "arm64": "iossimulator-arm64-xcrun", - } - else: - targets = { - "arm64": "ios64-xcrun", - "arm32": "ios-xcrun", - } - elif platform == "windows": - if env.get("is_msvc", False): - targets = { - "x86_32": "VC-WIN32", - "x86_64": "VC-WIN64A", - } - else: - targets = { - "x86_32": "mingw", - "x86_64": "mingw64", - } - - arch = env["arch"] - target = targets.get(arch, "") - if target == "": - raise ValueError("Architecture '%s' not supported for platform: '%s'" % (arch, platform)) - return target - - -def ssl_platform_options(env): - ssl_config_options = [ - "no-ssl2", - "no-ssl3", - "no-weak-ssl-ciphers", - "no-legacy", - "no-shared", - "no-tests", - ] - if env["platform"] == "windows": - ssl_config_options.append("enable-capieng") - return ssl_config_options - - -def ssl_platform_flags(env): - args = [] - if env["platform"] == "android": - if env.get("android_api_level", ""): - api = int(env["android_api_level"]) - args.append("-D__ANDROID_API__=%s" % api) - elif env["platform"] == "ios": - if env.get("ios_min_version", "default") != "default": - if env.get("ios_simulator", False): - args.append("-mios-simulator-version-min=%s" % env["ios_min_version"]) - else: - args.append("-miphoneos-version-min=%s" % env["ios_min_version"]) - elif env["platform"] == "macos": - if env.get("macos_deployment_target", "default") != "default": - args.append("-mmacosx-version-min=%s" % env["macos_deployment_target"]) - # OSXCross toolchain setup. - if sys.platform != "darwin" and "OSXCROSS_ROOT" in os.environ: - for k in ["CC", "CXX", "AR", "AS", "RANLIB"]: - args.append("%s=%s" % (k, env[k])) - elif env["platform"] == "windows": - is_win_host = sys.platform in ["win32", "msys", "cygwin"] - if not (is_win_host or env.get("is_msvc", False)): - mingw_prefixes = { - "x86_32": "--cross-compile-prefix=i686-w64-mingw32-", - "x86_64": "--cross-compile-prefix=x86_64-w64-mingw32-", - } - args.append(mingw_prefixes[env["arch"]]) - return args - - -def ssl_configure_args(env): - if env.get("openssl_configure_options", ""): - opts = SCons.Util.CLVar(env["openssl_configure_options"]) - else: - opts = ssl_platform_options(env) - - if env.get("openssl_configure_target", ""): - target = [env["openssl_configure_target"]] - else: - target = [ssl_platform_target(env)] - - if env.get("openssl_configure_flags", ""): - flags = SCons.Util.CLVar(env["openssl_configure_flags"]) - else: - flags = ssl_platform_flags(env) - - return opts + target + flags - - -def ssl_emitter(target, source, env): - return env["SSL_LIBS"], [env.File(env["SSL_SOURCE"] + "/Configure"), env.File(env["SSL_SOURCE"] + "/VERSION.dat")] - - -def build_openssl(env, jobs=None): - if env["SSL_EXTERNAL"]: - # Setup the env to use the provided libraries, and return them without building. - env.Prepend(CPPPATH=[env["SSL_INCLUDE"]]) - env.Prepend(LIBPATH=[env["SSL_BUILD"]]) - if env["platform"] == "windows": - env.PrependUnique(LIBS=["crypt32", "ws2_32", "advapi32", "user32"]) - if env["platform"] == "linux": - env.PrependUnique(LIBS=["pthread", "dl"]) - env.Prepend(LIBS=env["SSL_LIBS"]) - return [env["SSL_CRYPTO_LIBRARY"], env["SSL_LIBRARY"]] - - if jobs is None: - jobs = int(env.GetOption("num_jobs")) - - # Since the OpenSSL build system does not support macOS universal binaries, we first need to build the two libraries - # separately, then we join them together using lipo. - if env["platform"] == "macos" and env["arch"] == "universal": - build_envs = { - "x86_64": env.Clone(), - "arm64": env.Clone(), - } - arch_ssl = [] - for arch in build_envs: - benv = build_envs[arch] - benv["arch"] = arch - generate(benv) - benv["SSLBUILDJOBS"] = max([1, int(jobs / len(build_envs))]) - ssl = benv.OpenSSLBuilder() - arch_ssl.extend(ssl) - benv.NoCache(ssl) # Needs refactoring to properly cache generated headers. - - # x86_64 and arm64 includes are equivalent. - env["SSL_INCLUDE"] = build_envs["arm64"]["SSL_INCLUDE"] - - # Join libraries using lipo. - lipo_action = "lipo $SOURCES -create -output $TARGET" - ssl_libs = list(map(lambda arch: build_envs[arch]["SSL_LIBRARY"], build_envs)) - ssl_crypto_libs = list(map(lambda arch: build_envs[arch]["SSL_CRYPTO_LIBRARY"], build_envs)) - ssl = env.Command(env["SSL_LIBRARY"], ssl_libs, lipo_action) - ssl += env.Command(env["SSL_CRYPTO_LIBRARY"], ssl_crypto_libs, lipo_action) - env.Depends(ssl, arch_ssl) - else: - benv = env.Clone() - benv["SSLBUILDJOBS"] = jobs - ssl = benv.OpenSSLBuilder() - benv.NoCache(ssl) # Needs refactoring to properly cache generated headers. - - # Setup the environment to use the freshly built openssl. - env.Prepend(CPPPATH=[env["SSL_INCLUDE"]]) - env.Prepend(LIBPATH=[env["SSL_BUILD"]]) - if env["platform"] == "windows": - env.PrependUnique(LIBS=["crypt32", "ws2_32", "advapi32", "user32"]) - if env["platform"] == "linux": - env.PrependUnique(LIBS=["pthread", "dl"]) - env.Prepend(LIBS=env["SSL_LIBS"]) - - return ssl - - -def ssl_generator(target, source, env, for_signature): - # Strip the -j option for signature to avoid rebuilding when num_jobs changes. - build = env["SSLBUILDCOM"].replace("-j$SSLBUILDJOBS", "") if for_signature else env["SSLBUILDCOM"] - return [ - Mkdir("$SSL_BUILD"), - Mkdir("$SSL_INSTALL"), - SCons.Action.Action("$SSLCONFIGCOM", "$SSLCONFIGCOMSTR"), - SCons.Action.Action(build, "$SSLBUILDCOMSTR"), - ] - - -def options(opts): - opts.Add(PathVariable("openssl_source", "Path to the openssl sources.", "thirdparty/openssl")) - opts.Add("openssl_build", "Destination path of the openssl build.", "bin/thirdparty/openssl") - opts.Add( - "openssl_configure_options", - "OpenSSL configure options override. Will use a reasonable default if not specified.", - "", - ) - opts.Add( - "openssl_configure_target", "OpenSSL configure target override, will be autodetected if not specified.", "" - ) - opts.Add( - "openssl_configure_flags", - "OpenSSL configure compiler flags override. Will be autodetected if not specified.", - "", - ) - opts.Add( - "openssl_external_crypto", - 'An external libcrypto static library (e.g. "/usr/lib/x86_64-linux-gnu/libcrypto.a"). If not provided, OpenSSL will be built from source.', - "", - ) - opts.Add( - "openssl_external_ssl", - 'An external libssl static library (e.g. "/usr/lib/x86_64-linux-gnu/libssl.a"). If not provided, OpenSSL will be built from source.', - "", - ) - opts.Add( - "openssl_external_include", - 'An external OpenSSL "include" folder (e.g. "/usr/include/openssl").', - "", - ) - - -def exists(env): - return True - - -def generate(env): - env.AddMethod(build_openssl, "OpenSSL") - - # Check if the user specified infos about external OpenSSL files. - external_opts = ["openssl_external_crypto", "openssl_external_ssl", "openssl_external_include"] - is_set = lambda k: env.get(k, "") != "" - if any(map(is_set, external_opts)): - # Need provide the whole (crypto, ssl, include) triple to proceed. - if not all(map(is_set, external_opts)): - print('Error: The options "%s" must all be set to use a external library.' % '", "'.join(external_opts)) - sys.exit(255) - - env["SSL_CRYPTO_LIBRARY"] = env.File("${openssl_external_crypto}") - env["SSL_LIBRARY"] = env.File("${openssl_external_ssl}") - env["SSL_BUILD"] = env.Dir("${SSL_LIBRARY.dir}").abspath - env["SSL_INSTALL"] = env.Dir("${SSL_LIBRARY.dir}").abspath - env["SSL_INCLUDE"] = env.Dir("${openssl_external_include}").abspath - env["SSL_LIBS"] = [env["SSL_LIBRARY"], env["SSL_CRYPTO_LIBRARY"]] - env["SSL_EXTERNAL"] = True - return - - # We will need to build our own OpenSSL library. - env["SSL_EXTERNAL"] = False - - # Android needs the NDK in ENV, and proper PATH setup. - if env["platform"] == "android" and env["ENV"].get("ANDROID_NDK_ROOT", "") == "": - cc_path = os.path.dirname(env["CC"]) - if cc_path and cc_path not in env["ENV"]: - env.PrependENVPath("PATH", cc_path) - if "ANDROID_NDK_ROOT" not in env["ENV"]: - ndk_root = os.environ.get("ANDROID_NDK_ROOT", env.get("ANDROID_HOME", "") + "/ndk/" + get_ndk_version()) - env["ENV"]["ANDROID_NDK_ROOT"] = ndk_root - - env["SSL_SOURCE"] = env.Dir(env["openssl_source"]).abspath - env["SSL_BUILD"] = env.Dir(env["openssl_build"] + "/{}/{}".format(env["platform"], env["arch"])).abspath - env["SSL_INSTALL"] = env.Dir(env["SSL_BUILD"] + "/dest").abspath - env["SSL_INCLUDE"] = env.Dir(env["SSL_INSTALL"] + "/include").abspath - lib_ext = ".lib" if env.get("is_msvc", False) else ".a" - env["SSL_LIBRARY"] = env.File(env["SSL_BUILD"] + "/libssl" + lib_ext) - env["SSL_CRYPTO_LIBRARY"] = env.File(env["SSL_BUILD"] + "/libcrypto" + lib_ext) - env["SSL_LIBS"] = [env["SSL_LIBRARY"], env["SSL_CRYPTO_LIBRARY"]] - - # Configure action - env["PERL"] = env.get("PERL", "perl") - env["_ssl_configure_args"] = ssl_configure_args - env["SSLPLATFORMCONFIG"] = "${_ssl_configure_args(__env__)}" - env["SSLCONFFLAGS"] = SCons.Util.CLVar("") - # fmt: off - env["SSLCONFIGCOM"] = 'cd ${TARGET.dir} && $PERL -- ${SOURCE.abspath} --prefix="${SSL_INSTALL}" --openssldir="${SSL_INSTALL}" $SSLPLATFORMCONFIG $SSLCONFFLAGS' - # fmt: on - - # Build action - env["SSLBUILDJOBS"] = "${__env__.GetOption('num_jobs')}" - # fmt: off - env["SSLBUILDCOM"] = "make -j$SSLBUILDJOBS -C ${TARGET.dir} && make -j$SSLBUILDJOBS -C ${TARGET.dir} install_sw install_ssldirs" - # fmt: on - - # Windows MSVC needs to build using NMake - if env["platform"] == "windows" and env.get("is_msvc", False): - env["SSLBUILDCOM"] = "cd ${TARGET.dir} && nmake install_sw install_ssldirs" - - env["BUILDERS"]["OpenSSLBuilder"] = SCons.Builder.Builder(generator=ssl_generator, emitter=ssl_emitter) - env.AddMethod(build_openssl, "OpenSSL") diff --git a/tools/rtc.py b/tools/rtc.py index b4d9173..608ce4c 100644 --- a/tools/rtc.py +++ b/tools/rtc.py @@ -1,19 +1,17 @@ -import os - - -def build_library(env, ssl): +def build_library(env, mbedtls): rtc_config = { "CMAKE_BUILD_TYPE": "RelWithDebInfo" if env["debug_symbols"] else "Release", + "CMAKE_CXX_FLAGS": "-DMBEDTLS_SSL_DTLS_SRTP", "USE_NICE": 0, "NO_WEBSOCKET": 1, "NO_EXAMPLES": 1, "NO_TESTS": 1, "BUILD_WITH_WARNINGS": "0", # Disables werror in libsrtp. - "OPENSSL_USE_STATIC_LIBS": 1, - "OPENSSL_INCLUDE_DIR": env["SSL_INCLUDE"], - "OPENSSL_SSL_LIBRARY": env["SSL_LIBRARY"], - "OPENSSL_CRYPTO_LIBRARY": env["SSL_CRYPTO_LIBRARY"], - "OPENSSL_ROOT_DIR": env["SSL_INSTALL"], + "USE_MBEDTLS": 1, + "MbedTLS_LIBRARY": env["MBEDTLS_LIBRARY"], + "MbedCrypto_LIBRARY": env["MBEDTLS_CRYPTO_LIBRARY"], + "MbedX509_LIBRARY": env["MBEDTLS_X509_LIBRARY"], + "MbedTLS_INCLUDE_DIR": env["MBEDTLS_INCLUDE"], } is_msvc = env.get("is_msvc", False) lib_ext = ".lib" if is_msvc else ".a" @@ -24,23 +22,25 @@ def build_library(env, ssl): "deps/libsrtp/{}srtp2{}".format(lib_prefix, lib_ext), "deps/usrsctp/usrsctplib/{}usrsctp{}".format(lib_prefix, lib_ext), ] + # Build libdatachannel rtc = env.CMakeBuild( - "#bin/thirdparty/libdatachannel/", - "#thirdparty/libdatachannel", + env.Dir("bin/thirdparty/libdatachannel/"), + env.Dir("thirdparty/libdatachannel"), cmake_options=rtc_config, cmake_outputs=rtc_libs, cmake_targets=["datachannel-static"], - dependencies=ssl, + dependencies=mbedtls, ) # Configure env. if env["platform"] == "windows": - env.PrependUnique(LIBS=["iphlpapi", "bcrypt"]) + env.PrependUnique(LIBS=["iphlpapi", "ws2_32", "bcrypt"]) if env["platform"] == "linux": env.PrependUnique(LIBS=["pthread"]) env.Prepend(LIBS=list(filter(lambda f: str(f).endswith(lib_ext), rtc))) - env.Append(CPPPATH=["#thirdparty/libdatachannel/include"]) + env.Append(CPPPATH=[env.Dir("thirdparty/libdatachannel/include")]) + env.Append(CPPDEFINES=["RTC_STATIC"]) # For Windows MSVC return rtc