Decentralize Python native module linkage

We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2025-06-27 14:58:30 +00:00 · 2021-09-07 11:40:11 -07:00 · 2021-09-07 11:40:11 -07:00 · 559b024e1d
commit 559b024e1d
parent dfa0359b50
129 changed files with 2798 additions and 13514 deletions
--- a/third_party/mbedtls/blake2b256.c
+++ b/third_party/mbedtls/blake2b256.c
@ -0,0 +1,33 @@
+/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│
+│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8                                :vi│
+╞══════════════════════════════════════════════════════════════════════════════╡
+│ Copyright 2021 Justine Alexandra Roberts Tunney                              │
+│                                                                              │
+│ Permission to use, copy, modify, and/or distribute this software for         │
+│ any purpose with or without fee is hereby granted, provided that the         │
+│ above copyright notice and this permission notice appear in all copies.      │
+│                                                                              │
+│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL                │
+│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED                │
+│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE             │
+│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL         │
+│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR        │
+│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER               │
+│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR             │
+│ PERFORMANCE OF THIS SOFTWARE.                                                │
+╚─────────────────────────────────────────────────────────────────────────────*/
+#include "libc/str/blake2.h"
+#include "third_party/mbedtls/md.h"
+/* clang-format off */
+
+const mbedtls_md_info_t mbedtls_blake2b256_info = {
+    "BLAKE2B256",
+    MBEDTLS_MD_BLAKE2B256,
+    BLAKE2B256_DIGEST_LENGTH,
+    BLAKE2B_CBLOCK,
+    (void *)BLAKE2B256_Init,
+    (void *)BLAKE2B256_Update,
+    (void *)BLAKE2B256_Process,
+    (void *)BLAKE2B256_Final,
+    (void *)BLAKE2B256,
+};
--- a/third_party/mbedtls/config.h
+++ b/third_party/mbedtls/config.h
@ -19,10 +19,12 @@
 #endif

 /* hash functions */
-#define MBEDTLS_MD5_C
 #define MBEDTLS_SHA1_C
 #define MBEDTLS_SHA256_C
 #define MBEDTLS_SHA512_C
+#ifdef MBEDTLS_SSL_PROTO_TLS1
+#define MBEDTLS_MD5_C
+#endif

 /* random numbers */
 #define ENTROPY_HAVE_STRONG
--- a/third_party/mbedtls/md.c
+++ b/third_party/mbedtls/md.c
@ -17,6 +17,7 @@
 ╚─────────────────────────────────────────────────────────────────────────────*/
 #include "libc/mem/mem.h"
 #include "libc/stdio/stdio.h"
+#include "libc/str/blake2.h"
 #include "third_party/mbedtls/common.h"
 #include "third_party/mbedtls/error.h"
 #include "third_party/mbedtls/md.h"
@ -69,6 +70,7 @@ asm(".include \"libc/disclaimer.inc\"");
 * Reminder: update profiles in x509_crt.c when adding a new hash!
 */
 static const uint8_t supported_digests[] = {
+        MBEDTLS_MD_BLAKE2B256,
 #if defined(MBEDTLS_SHA512_C)
        MBEDTLS_MD_SHA512,
 #if !defined(MBEDTLS_SHA512_NO_SHA384)
@ -154,6 +156,8 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
    if( !strcasecmp( "SHA512", md_name ) )
        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
 #endif
+    if( !strcasecmp( "BLAKE2B256", md_name ) )
+        return mbedtls_md_info_from_type( MBEDTLS_MD_BLAKE2B256 );
    return( NULL );
 }

@ -200,6 +204,8 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
        case MBEDTLS_MD_SHA512:
            return( &mbedtls_sha512_info );
 #endif
+        case MBEDTLS_MD_BLAKE2B256:
+            return( &mbedtls_blake2b256_info );
        default:
            return( NULL );
    }
@ -237,6 +243,8 @@ static int16_t GetMdContextSize(mbedtls_md_type_t t)
        case MBEDTLS_MD_SHA512:
            return sizeof(mbedtls_sha512_context);
 #endif
+        case MBEDTLS_MD_BLAKE2B256:
+            return sizeof(struct Blake2b);
        default:
            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
    }
--- a/third_party/mbedtls/md.h
+++ b/third_party/mbedtls/md.h
@ -18,19 +18,19 @@ COSMOPOLITAN_C_START_
 * \warning   MD2, MD4, MD5 and SHA-1 are considered weak message digests and
 *            their use constitutes a security risk. We recommend considering
 *            stronger message digests instead.
- *
 */
 typedef enum {
-    MBEDTLS_MD_NONE=0,    /**< None. */
-    MBEDTLS_MD_SHA1,      /**< The SHA-1 message digest. */
-    MBEDTLS_MD_SHA224,    /**< The SHA-224 message digest. */
-    MBEDTLS_MD_SHA256,    /**< The SHA-256 message digest. */
-    MBEDTLS_MD_SHA384,    /**< The SHA-384 message digest. */
-    MBEDTLS_MD_SHA512,    /**< The SHA-512 message digest. */
-    MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
-    MBEDTLS_MD_MD2,       /**< The MD2 message digest. */
-    MBEDTLS_MD_MD4,       /**< The MD4 message digest. */
-    MBEDTLS_MD_MD5,       /**< The MD5 message digest. */
+    MBEDTLS_MD_NONE=0,     /**< None. */
+    MBEDTLS_MD_SHA1,       /**< The SHA-1 message digest. */
+    MBEDTLS_MD_SHA224,     /**< The SHA-224 message digest. */
+    MBEDTLS_MD_SHA256,     /**< The SHA-256 message digest. */
+    MBEDTLS_MD_SHA384,     /**< The SHA-384 message digest. */
+    MBEDTLS_MD_SHA512,     /**< The SHA-512 message digest. */
+    MBEDTLS_MD_BLAKE2B256, /**< The BLAKE2B256 message digest. */
+    MBEDTLS_MD_RIPEMD160,  /**< The RIPEMD-160 message digest. */
+    MBEDTLS_MD_MD2,        /**< The MD2 message digest. */
+    MBEDTLS_MD_MD4,        /**< The MD4 message digest. */
+    MBEDTLS_MD_MD5,        /**< The MD5 message digest. */
 } mbedtls_md_type_t;

 #if defined(MBEDTLS_SHA512_C)
@ -294,6 +294,7 @@ extern const mbedtls_md_info_t mbedtls_sha224_info;
 extern const mbedtls_md_info_t mbedtls_sha256_info;
 extern const mbedtls_md_info_t mbedtls_sha384_info;
 extern const mbedtls_md_info_t mbedtls_sha512_info;
+extern const mbedtls_md_info_t mbedtls_blake2b256_info;

 COSMOPOLITAN_C_END_
 #endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_MD_H_ */
--- a/third_party/mbedtls/pem.c
+++ b/third_party/mbedtls/pem.c
@ -125,7 +125,7 @@ static int pem_des_decrypt( unsigned char des_iv[8],
    if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 )
        goto exit;
    ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
-                     des_iv, buf, buf );
+                                 des_iv, buf, buf );
 exit:
    mbedtls_des_free( &des_ctx );
    mbedtls_platform_zeroize( des_key, 8 );