search

openthread / openthread

OpenThread released by Google is an open-source implementation of the Thread networking protocol
https://openthread.io
BSD 3-Clause "New" or "Revised" License
3.53k stars 1.08k forks source link

[mebdtls] issue with generated `openthread-mbedtls-config.h` #10772

Open abtink opened 1 month ago

abtink commented 1 month ago

After updating MacOS to Sonoma 14.7 which also updated the clang toolchain. I noticed the following error message generated when building using ./test/toranj/build.sh all:

FAILED: examples/apps/cli/ot-cli-mtd 
...
Undefined symbols for architecture arm64:
  "_mbedtls_ssl_conf_sig_algs", referenced from:
      ot::MeshCoP::SecureTransport::Setup(bool) in libopenthread-mtd.a[133](secure_transport.cpp.o)
ld: symbol(s) not found for architecture arm64
c++: error: linker command failed with exit code 1 (use -v to see invocation)

This points to a undefined function mbedtls_ssl_conf_sig_algs() which is used from MeshCoP::SecureTransport::Setup(bool).

abtink commented 1 month ago

The issue seems to be related with the generated openthread-mbedtls-config.h.

The mebdtls/CMakeLists.txt file contains the following: https://github.com/openthread/openthread/blob/09698fae24521ab6f10f7df3fab5b1619f43bfca/third_party/mbedtls/CMakeLists.txt#L51-L65

This uses unifdef tool to remove #if checks from third_party/mbedtls/mbedtls-config.h and generate openthread-mbedtls-config.h which is then used as config header when building mbedtls library.

The issue is that in generated openthread-mbedtls-config.h we still see some of #if checks remaining:

#if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE || OPENTHREAD_CONFIG_TLS_ENABLE
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#endif

The issue seems to be related to limitation of unifdef:

     When evaluating an expression, unifdef does not expand macros first.  The
     value of a macro must be a simple number, not an expression.  A limited
     form of indirection is allowed, where one macro's value is the name of
     another.

In particular with the use of OPENTHREAD_CONFIG_TLS_ENABLE which is itself defined as:

/**
 * @def OPENTHREAD_CONFIG_TLS_ENABLE
 *
 * Define as 1 to enable support for TLS over TCP.
 */
#ifndef OPENTHREAD_CONFIG_TLS_ENABLE
#define OPENTHREAD_CONFIG_TLS_ENABLE (OPENTHREAD_CONFIG_TCP_ENABLE || OPENTHREAD_CONFIG_BLE_TCAT_ENABLE)
#endif
abtink commented 1 month ago

Submitted the PR below to fix the build failure:

However, it would be good to see if we can find a different (hopefully better) way to generate mbedtls-config that does not use unifdef.