Skip to content

Commit 2c713e5

Browse files
GioeeGioee
committed
refactor: replace OpenSSL with mbedTLS for Android binary size
1 parent 5217d71 commit 2c713e5

2 files changed

Lines changed: 50 additions & 37 deletions

File tree

.gitignore

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ dist/
55
*.a
66
*.sqlite
77
/curl/src
8-
openssl/
8+
mbedtls/
99

1010
# Test artifacts
1111
/coverage

Makefile

Lines changed: 49 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,8 @@ SQLITE3 ?= sqlite3
88
# set curl version to download and build
99
CURL_VERSION ?= 8.12.1
1010

11-
# set OpenSSL version to download and build
12-
OPENSSL_VERSION ?= openssl-3.6.0
11+
# set mbedTLS version for Android (3.6.x is LTS, 4.x has breaking API changes)
12+
MBEDTLS_VERSION ?= 3.6.5
1313

1414
# Set default platform if not specified
1515
ifeq ($(OS),Windows_NT)
@@ -32,6 +32,7 @@ MAKEFLAGS += -j$(CPUS)
3232

3333
# Compiler and flags
3434
CC = gcc
35+
OPT_LEVEL = -O3
3536
CFLAGS = -Wall -Wextra -Wno-unused-parameter -I$(SRC_DIR) -I$(SQLITE_DIR) -I$(CURL_DIR)/include
3637
T_CFLAGS = $(CFLAGS) -DSQLITE_CORE -DCLOUDSYNC_UNITTEST -DCLOUDSYNC_OMIT_NETWORK -DCLOUDSYNC_OMIT_PRINT_RESULT
3738
COVERAGE = false
@@ -48,15 +49,16 @@ VPATH = $(SRC_DIR):$(SQLITE_DIR):$(TEST_DIR)
4849
BUILD_RELEASE = build/release
4950
BUILD_TEST = build/test
5051
BUILD_DIRS = $(BUILD_TEST) $(BUILD_RELEASE)
51-
OPENSSL_DIR = openssl
52+
MBEDTLS_DIR = mbedtls
5253
CURL_DIR = curl
5354
CURL_SRC = $(CURL_DIR)/src/curl-$(CURL_VERSION)
55+
CURL_ZIP = $(CURL_DIR)/src/curl-$(CURL_VERSION).zip
5456
COV_DIR = coverage
5557
CUSTOM_CSS = $(TEST_DIR)/sqliteai.css
5658

57-
# Android OpenSSL local installation directory
59+
# Android SSL library installation directory
5860
ifeq ($(PLATFORM),android)
59-
OPENSSL_INSTALL_DIR = $(OPENSSL_DIR)/$(PLATFORM)/$(ARCH)
61+
MBEDTLS_INSTALL_DIR = $(MBEDTLS_DIR)/$(PLATFORM)/$(ARCH)
6062
endif
6163

6264
SRC_FILES = $(wildcard $(SRC_DIR)/*.c)
@@ -114,13 +116,14 @@ else ifeq ($(PLATFORM),android)
114116
ANDROID_ABI := android26
115117
endif
116118

117-
OPENSSL := $(OPENSSL_INSTALL_DIR)/lib/libssl.a
119+
MBEDTLS := $(MBEDTLS_INSTALL_DIR)/lib/libmbedtls.a
118120
CC = $(BIN)/$(ARCH)-linux-$(ANDROID_ABI)-clang
119121
CURL_LIB = $(CURL_DIR)/$(PLATFORM)/$(ARCH)/libcurl.a
120-
CURL_CONFIG = --host $(ARCH)-linux-$(ANDROID_ABI) --with-openssl=$(CURDIR)/$(OPENSSL_INSTALL_DIR) LDFLAGS="-L$(CURDIR)/$(OPENSSL_INSTALL_DIR)/lib" LIBS="-lssl -lcrypto" AR=$(BIN)/llvm-ar AS=$(BIN)/llvm-as CC=$(CC) CXX=$(BIN)/$(ARCH)-linux-$(ANDROID_ABI)-clang++ LD=$(BIN)/ld RANLIB=$(BIN)/llvm-ranlib STRIP=$(BIN)/llvm-strip
122+
CURL_CONFIG = --host $(ARCH)-linux-$(ANDROID_ABI) --with-mbedtls=$(CURDIR)/$(MBEDTLS_INSTALL_DIR) LDFLAGS="-L$(CURDIR)/$(MBEDTLS_INSTALL_DIR)/lib" LIBS="-lmbedtls -lmbedx509 -lmbedcrypto" AR=$(BIN)/llvm-ar AS=$(BIN)/llvm-as CC=$(CC) CXX=$(BIN)/$(ARCH)-linux-$(ANDROID_ABI)-clang++ LD=$(BIN)/ld RANLIB=$(BIN)/llvm-ranlib STRIP=$(BIN)/llvm-strip
121123
TARGET := $(DIST_DIR)/cloudsync.so
122-
CFLAGS += -fPIC -I$(OPENSSL_INSTALL_DIR)/include
123-
LDFLAGS += -shared -fPIC -L$(OPENSSL_INSTALL_DIR)/lib -lssl -lcrypto -Wl,-z,max-page-size=16384
124+
OPT_LEVEL = -Os
125+
CFLAGS += -fPIC -I$(MBEDTLS_INSTALL_DIR)/include -ffunction-sections -fdata-sections -flto
126+
LDFLAGS += -shared -fPIC -L$(MBEDTLS_INSTALL_DIR)/lib -lmbedtls -lmbedx509 -lmbedcrypto -Wl,-z,max-page-size=16384 -Wl,--gc-sections -flto
124127
STRIP = $(BIN)/llvm-strip --strip-unneeded $@
125128
else ifeq ($(PLATFORM),ios)
126129
TARGET := $(DIST_DIR)/cloudsync.dylib
@@ -199,7 +202,7 @@ $(TEST_TARGET): $(TEST_OBJ)
199202

200203
# Object files
201204
$(BUILD_RELEASE)/%.o: %.c
202-
$(CC) $(CFLAGS) -O3 -fPIC -c $< -o $@
205+
$(CC) $(CFLAGS) $(OPT_LEVEL) -fPIC -c $< -o $@
203206
$(BUILD_TEST)/sqlite3.o: $(SQLITE_DIR)/sqlite3.c
204207
$(CC) $(CFLAGS) -DSQLITE_DQS=0 -DSQLITE_CORE -c $< -o $@
205208
$(BUILD_TEST)/%.o: %.c
@@ -215,36 +218,46 @@ ifneq ($(COVERAGE),false)
215218
genhtml $(COV_DIR)/coverage.info --output-directory $(COV_DIR)
216219
endif
217220

218-
OPENSSL_TARBALL = $(OPENSSL_DIR)/$(OPENSSL_VERSION).tar.gz
219-
220-
$(OPENSSL_TARBALL):
221-
mkdir -p $(OPENSSL_DIR)
222-
curl -L -o $(OPENSSL_TARBALL) https://github.com/openssl/openssl/releases/download/$(OPENSSL_VERSION)/$(OPENSSL_VERSION).tar.gz
223-
224-
$(OPENSSL): $(OPENSSL_TARBALL)
225-
mkdir -p $(OPENSSL_DIR)
226-
tar -xzf $(OPENSSL_TARBALL) -C $(OPENSSL_DIR)
227-
cd $(OPENSSL_DIR)/$(OPENSSL_VERSION) && \
228-
./Configure android-$(if $(filter aarch64,$(ARCH)),arm64,$(if $(filter armv7a,$(ARCH)),arm,$(ARCH))) \
229-
--prefix=$(CURDIR)/$(OPENSSL_INSTALL_DIR) \
230-
no-shared no-unit-test \
231-
-fPIC \
232-
-D__ANDROID_API__=26 && \
233-
$(MAKE) && $(MAKE) install_sw
234-
rm -rf $(OPENSSL_DIR)/$(OPENSSL_VERSION)
221+
# mbedTLS for Android - minimal TLS library (much smaller than OpenSSL)
222+
# Matches rustls capabilities: TLS 1.2/1.3, AES-GCM, ChaCha20-Poly1305, ECDHE
223+
MBEDTLS_TARBALL = $(MBEDTLS_DIR)/mbedtls-$(MBEDTLS_VERSION).tar.bz2
224+
225+
$(MBEDTLS_TARBALL):
226+
mkdir -p $(MBEDTLS_DIR)
227+
curl -L -o $(MBEDTLS_TARBALL) https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-$(MBEDTLS_VERSION)/mbedtls-$(MBEDTLS_VERSION).tar.bz2
228+
229+
$(MBEDTLS): $(MBEDTLS_TARBALL)
230+
mkdir -p $(MBEDTLS_DIR)
231+
tar -xjf $(MBEDTLS_TARBALL) -C $(MBEDTLS_DIR)
232+
mkdir -p $(MBEDTLS_DIR)/mbedtls-$(MBEDTLS_VERSION)/build
233+
cd $(MBEDTLS_DIR)/mbedtls-$(MBEDTLS_VERSION)/build && \
234+
cmake .. \
235+
-DCMAKE_TOOLCHAIN_FILE=$(ANDROID_NDK)/build/cmake/android.toolchain.cmake \
236+
-DANDROID_ABI=$(if $(filter aarch64,$(ARCH)),arm64-v8a,$(if $(filter armv7a,$(ARCH)),armeabi-v7a,x86_64)) \
237+
-DANDROID_PLATFORM=android-26 \
238+
-DCMAKE_BUILD_TYPE=MinSizeRel \
239+
-DCMAKE_INSTALL_PREFIX=$(CURDIR)/$(MBEDTLS_INSTALL_DIR) \
240+
-DENABLE_PROGRAMS=OFF \
241+
-DENABLE_TESTING=OFF \
242+
-DUSE_STATIC_MBEDTLS_LIBRARY=ON \
243+
-DUSE_SHARED_MBEDTLS_LIBRARY=OFF \
244+
-DCMAKE_C_FLAGS="-Os -ffunction-sections -fdata-sections" && \
245+
$(MAKE) && $(MAKE) install
246+
rm -rf $(MBEDTLS_DIR)/mbedtls-$(MBEDTLS_VERSION)
247+
248+
$(CURL_ZIP):
249+
mkdir -p $(CURL_DIR)/src
250+
curl -L -o $(CURL_ZIP) "https://github.com/curl/curl/releases/download/curl-$(subst .,_,${CURL_VERSION})/curl-$(CURL_VERSION).zip"
235251

236252
ifeq ($(PLATFORM),android)
237-
$(CURL_LIB): $(OPENSSL)
253+
$(CURL_LIB): $(MBEDTLS) $(CURL_ZIP)
238254
else
239-
$(CURL_LIB):
255+
$(CURL_LIB): $(CURL_ZIP)
240256
endif
241-
mkdir -p $(CURL_DIR)/src
242-
curl -L -o $(CURL_DIR)/src/curl.zip "https://github.com/curl/curl/releases/download/curl-$(subst .,_,${CURL_VERSION})/curl-$(CURL_VERSION).zip"
243-
244257
ifeq ($(HOST),windows)
245-
powershell -Command "Expand-Archive -Path '$(CURL_DIR)\src\curl.zip' -DestinationPath '$(CURL_DIR)\src\'"
258+
powershell -Command "Expand-Archive -Path '$(CURL_ZIP)' -DestinationPath '$(CURL_DIR)\src\'"
246259
else
247-
unzip $(CURL_DIR)/src/curl.zip -d $(CURL_DIR)/src/.
260+
unzip -o $(CURL_ZIP) -d $(CURL_DIR)/src/.
248261
endif
249262

250263
cd $(CURL_SRC) && ./configure \
@@ -318,7 +331,7 @@ endif
318331

319332
mkdir -p $(dir $(CURL_LIB))
320333
mv $(CURL_SRC)/lib/.libs/libcurl.a $(CURL_LIB)
321-
rm -rf $(CURL_DIR)/src
334+
rm -rf $(CURL_DIR)/src/curl-$(CURL_VERSION)
322335

323336
.NOTPARALLEL: %.dylib
324337
%.dylib:
@@ -398,7 +411,7 @@ version:
398411

399412
# Clean up generated files
400413
clean:
401-
rm -rf $(BUILD_DIRS) $(DIST_DIR)/* $(COV_DIR) *.gcda *.gcno *.gcov $(CURL_DIR)/src *.sqlite
414+
rm -rf $(BUILD_DIRS) $(DIST_DIR)/* $(COV_DIR) *.gcda *.gcno *.gcov *.sqlite
402415

403416
# Help message
404417
help:

0 commit comments

Comments
 (0)