From 81866db2fd38c1d4ea20c01778a9307a33ae5e9d Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 22 Sep 2020 11:46:33 -0700 Subject: [PATCH 01/11] mbedtls: update to 2.24.0. Also make perl and python based test suite optional. --- common/shlibs | 6 +- srcpkgs/mbedtls/patches/no-test-python.patch | 502 +++++++++++++++++++ srcpkgs/mbedtls/patches/python3.patch | 15 + srcpkgs/mbedtls/template | 37 +- 4 files changed, 550 insertions(+), 10 deletions(-) create mode 100644 srcpkgs/mbedtls/patches/no-test-python.patch create mode 100644 srcpkgs/mbedtls/patches/python3.patch diff --git a/common/shlibs b/common/shlibs index e2c43cb88af..fa9020d9d93 100644 --- a/common/shlibs +++ b/common/shlibs @@ -2164,9 +2164,9 @@ librrd_th.so.4 rrdtool-1.4.9_1 libmosquitto.so.1 libmosquitto-1.4_1 libmosquittopp.so.1 libmosquittopp-1.4_1 libmpv.so.1 mpv-0.8.0_2 -libmbedtls.so.12 mbedtls-2.13.1_1 -libmbedcrypto.so.3 mbedtls-2.9.0_1 -libmbedx509.so.0 mbedtls-2.9.0_1 +libmbedtls.so.13 mbedtls-2.24.0_1 +libmbedcrypto.so.5 mbedtls-2.24.0_1 +libmbedx509.so.1 mbedtls-2.24.0_1 libdmtx.so.0 libdmtx-0.7.4_1 libdbus-c++-1.so.0 libdbus-c++-0.9.0_1 libdbus-c++-glib-1.so.0 libdbus-c++-0.9.0_1 diff --git a/srcpkgs/mbedtls/patches/no-test-python.patch b/srcpkgs/mbedtls/patches/no-test-python.patch new file mode 100644 index 00000000000..4b6db4b2c6d --- /dev/null +++ b/srcpkgs/mbedtls/patches/no-test-python.patch @@ -0,0 +1,502 @@ +https://github.com/ARMmbed/mbedtls/pull/3709 + +commit 9aace222c9d8f024dc1802339b01b1a64bc4b2da +Author: Cameron Nemo +Date: Tue Sep 22 10:37:26 2020 -0700 + + fix(programs/psa): commit python3 generated file + + Python should not be required for the build when the no_test target is + used. This commit adds the generated file to the source tree and the + check-generated-files script, and removes the generation from (c)make. + + Fixes #3524 + +diff --git programs/.gitignore programs/.gitignore +index 53c1ed722..88fb9d52b 100644 +--- programs/.gitignore ++++ programs/.gitignore +@@ -32,7 +32,6 @@ pkey/rsa_verify_pss + psa/crypto_examples + psa/key_ladder_demo + psa/psa_constant_names +-psa/psa_constant_names_generated.c + random/gen_entropy + random/gen_random_ctr_drbg + random/gen_random_havege +diff --git programs/Makefile programs/Makefile +index f9c260867..aa3d311bc 100644 +--- programs/Makefile ++++ programs/Makefile +@@ -118,8 +118,6 @@ ifdef TEST_CPP + APPS += test/cpp_dummy_build$(EXEXT) + endif + +-EXTRA_GENERATED = +- + .SILENT: + + .PHONY: all clean list fuzz +@@ -141,16 +139,6 @@ $(MBEDLIBS): + ${MBEDTLS_TEST_OBJS}: + $(MAKE) -C ../tests mbedtls_test + +-ifdef WINDOWS +-EXTRA_GENERATED += psa\psa_constant_names_generated.c +-else +-EXTRA_GENERATED += psa/psa_constant_names_generated.c +-endif +- +-psa/psa_constant_names$(EXEXT): psa/psa_constant_names_generated.c +-psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py ../include/psa/crypto_values.h ../include/psa/crypto_extra.h +- ../scripts/generate_psa_constants.py +- + aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP) + echo " CC aes/aescrypt2.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +@@ -371,12 +359,11 @@ clean: + ifndef WINDOWS + rm -f $(APPS) + -rm -f ssl/ssl_pthread_server$(EXEXT) +- rm -f $(EXTRA_GENERATED) + -rm -f test/cpp_dummy_build$(EXEXT) + else + if exist *.o del /Q /F *.o + if exist *.exe del /Q /F *.exe +- del /S /Q /F $(EXTRA_GENERATED) ++ del /S /Q /F + endif + $(MAKE) -C fuzz clean + +diff --git programs/psa/CMakeLists.txt programs/psa/CMakeLists.txt +index e519696b1..5cbcf7191 100644 +--- programs/psa/CMakeLists.txt ++++ programs/psa/CMakeLists.txt +@@ -12,13 +12,6 @@ endforeach() + + target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) + +-add_custom_target( +- psa_constant_names_generated +- COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} scripts/generate_psa_constants.py ${CMAKE_CURRENT_BINARY_DIR} +- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../ +-) +-add_dependencies(psa_constant_names psa_constant_names_generated) +- + install(TARGETS ${executables} + DESTINATION "bin" + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) +diff --git programs/psa/psa_constant_names_generated.c programs/psa/psa_constant_names_generated.c +new file mode 100644 +index 000000000..419a825c6 +--- /dev/null ++++ programs/psa/psa_constant_names_generated.c +@@ -0,0 +1,399 @@ ++/* Automatically generated by generate_psa_constant.py. DO NOT EDIT. */ ++ ++static const char *psa_strerror(psa_status_t status) ++{ ++ switch (status) { ++ case PSA_ERROR_ALREADY_EXISTS: return "PSA_ERROR_ALREADY_EXISTS"; ++ case PSA_ERROR_BAD_STATE: return "PSA_ERROR_BAD_STATE"; ++ case PSA_ERROR_BUFFER_TOO_SMALL: return "PSA_ERROR_BUFFER_TOO_SMALL"; ++ case PSA_ERROR_COMMUNICATION_FAILURE: return "PSA_ERROR_COMMUNICATION_FAILURE"; ++ case PSA_ERROR_CORRUPTION_DETECTED: return "PSA_ERROR_CORRUPTION_DETECTED"; ++ case PSA_ERROR_DOES_NOT_EXIST: return "PSA_ERROR_DOES_NOT_EXIST"; ++ case PSA_ERROR_GENERIC_ERROR: return "PSA_ERROR_GENERIC_ERROR"; ++ case PSA_ERROR_HARDWARE_FAILURE: return "PSA_ERROR_HARDWARE_FAILURE"; ++ case PSA_ERROR_INSUFFICIENT_DATA: return "PSA_ERROR_INSUFFICIENT_DATA"; ++ case PSA_ERROR_INSUFFICIENT_ENTROPY: return "PSA_ERROR_INSUFFICIENT_ENTROPY"; ++ case PSA_ERROR_INSUFFICIENT_MEMORY: return "PSA_ERROR_INSUFFICIENT_MEMORY"; ++ case PSA_ERROR_INSUFFICIENT_STORAGE: return "PSA_ERROR_INSUFFICIENT_STORAGE"; ++ case PSA_ERROR_INVALID_ARGUMENT: return "PSA_ERROR_INVALID_ARGUMENT"; ++ case PSA_ERROR_INVALID_HANDLE: return "PSA_ERROR_INVALID_HANDLE"; ++ case PSA_ERROR_INVALID_PADDING: return "PSA_ERROR_INVALID_PADDING"; ++ case PSA_ERROR_INVALID_SIGNATURE: return "PSA_ERROR_INVALID_SIGNATURE"; ++ case PSA_ERROR_NOT_PERMITTED: return "PSA_ERROR_NOT_PERMITTED"; ++ case PSA_ERROR_NOT_SUPPORTED: return "PSA_ERROR_NOT_SUPPORTED"; ++ case PSA_ERROR_STORAGE_FAILURE: return "PSA_ERROR_STORAGE_FAILURE"; ++ case PSA_SUCCESS: return "PSA_SUCCESS"; ++ default: return NULL; ++ } ++} ++ ++static const char *psa_ecc_family_name(psa_ecc_family_t curve) ++{ ++ switch (curve) { ++ case PSA_ECC_FAMILY_BRAINPOOL_P_R1: return "PSA_ECC_FAMILY_BRAINPOOL_P_R1"; ++ case PSA_ECC_FAMILY_MONTGOMERY: return "PSA_ECC_FAMILY_MONTGOMERY"; ++ case PSA_ECC_FAMILY_SECP_K1: return "PSA_ECC_FAMILY_SECP_K1"; ++ case PSA_ECC_FAMILY_SECP_R1: return "PSA_ECC_FAMILY_SECP_R1"; ++ case PSA_ECC_FAMILY_SECP_R2: return "PSA_ECC_FAMILY_SECP_R2"; ++ case PSA_ECC_FAMILY_SECT_K1: return "PSA_ECC_FAMILY_SECT_K1"; ++ case PSA_ECC_FAMILY_SECT_R1: return "PSA_ECC_FAMILY_SECT_R1"; ++ case PSA_ECC_FAMILY_SECT_R2: return "PSA_ECC_FAMILY_SECT_R2"; ++ default: return NULL; ++ } ++} ++ ++static const char *psa_dh_family_name(psa_dh_family_t group) ++{ ++ switch (group) { ++ case PSA_DH_FAMILY_CUSTOM: return "PSA_DH_FAMILY_CUSTOM"; ++ case PSA_DH_FAMILY_RFC7919: return "PSA_DH_FAMILY_RFC7919"; ++ default: return NULL; ++ } ++} ++ ++static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg) ++{ ++ switch (hash_alg) { ++ case PSA_ALG_ANY_HASH: return "PSA_ALG_ANY_HASH"; ++ case PSA_ALG_CATEGORY_HASH: return "PSA_ALG_CATEGORY_HASH"; ++ case PSA_ALG_MD2: return "PSA_ALG_MD2"; ++ case PSA_ALG_MD4: return "PSA_ALG_MD4"; ++ case PSA_ALG_MD5: return "PSA_ALG_MD5"; ++ case PSA_ALG_RIPEMD160: return "PSA_ALG_RIPEMD160"; ++ case PSA_ALG_SHA3_224: return "PSA_ALG_SHA3_224"; ++ case PSA_ALG_SHA3_256: return "PSA_ALG_SHA3_256"; ++ case PSA_ALG_SHA3_384: return "PSA_ALG_SHA3_384"; ++ case PSA_ALG_SHA3_512: return "PSA_ALG_SHA3_512"; ++ case PSA_ALG_SHA_1: return "PSA_ALG_SHA_1"; ++ case PSA_ALG_SHA_224: return "PSA_ALG_SHA_224"; ++ case PSA_ALG_SHA_256: return "PSA_ALG_SHA_256"; ++ case PSA_ALG_SHA_384: return "PSA_ALG_SHA_384"; ++ case PSA_ALG_SHA_512: return "PSA_ALG_SHA_512"; ++ case PSA_ALG_SHA_512_224: return "PSA_ALG_SHA_512_224"; ++ case PSA_ALG_SHA_512_256: return "PSA_ALG_SHA_512_256"; ++ default: return NULL; ++ } ++} ++ ++static const char *psa_ka_algorithm_name(psa_algorithm_t ka_alg) ++{ ++ switch (ka_alg) { ++ case PSA_ALG_CATEGORY_KEY_AGREEMENT: return "PSA_ALG_CATEGORY_KEY_AGREEMENT"; ++ case PSA_ALG_ECDH: return "PSA_ALG_ECDH"; ++ case PSA_ALG_FFDH: return "PSA_ALG_FFDH"; ++ default: return NULL; ++ } ++} ++ ++static int psa_snprint_key_type(char *buffer, size_t buffer_size, ++ psa_key_type_t type) ++{ ++ size_t required_size = 0; ++ switch (type) { ++ case PSA_KEY_TYPE_AES: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_AES", 16); break; ++ case PSA_KEY_TYPE_ARC4: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ARC4", 17); break; ++ case PSA_KEY_TYPE_CAMELLIA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CAMELLIA", 21); break; ++ case PSA_KEY_TYPE_CATEGORY_FLAG_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_FLAG_PAIR", 31); break; ++ case PSA_KEY_TYPE_CATEGORY_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_KEY_PAIR", 30); break; ++ case PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY", 32); break; ++ case PSA_KEY_TYPE_CATEGORY_RAW: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_RAW", 25); break; ++ case PSA_KEY_TYPE_CATEGORY_SYMMETRIC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_SYMMETRIC", 31); break; ++ case PSA_KEY_TYPE_CHACHA20: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CHACHA20", 21); break; ++ case PSA_KEY_TYPE_DERIVE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DERIVE", 19); break; ++ case PSA_KEY_TYPE_DES: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DES", 16); break; ++ case PSA_KEY_TYPE_DH_KEY_PAIR_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DH_KEY_PAIR_BASE", 29); break; ++ case PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE", 31); break; ++ case PSA_KEY_TYPE_DSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DSA_KEY_PAIR", 25); break; ++ case PSA_KEY_TYPE_DSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DSA_PUBLIC_KEY", 27); break; ++ case PSA_KEY_TYPE_ECC_KEY_PAIR_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_KEY_PAIR_BASE", 30); break; ++ case PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE", 32); break; ++ case PSA_KEY_TYPE_HMAC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_HMAC", 17); break; ++ case PSA_KEY_TYPE_NONE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_NONE", 17); break; ++ case PSA_KEY_TYPE_RAW_DATA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RAW_DATA", 21); break; ++ case PSA_KEY_TYPE_RSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_KEY_PAIR", 25); break; ++ case PSA_KEY_TYPE_RSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_PUBLIC_KEY", 27); break; ++ default: ++ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { ++ append_with_curve(&buffer, buffer_size, &required_size, ++ "PSA_KEY_TYPE_ECC_KEY_PAIR", 25, ++ PSA_KEY_TYPE_ECC_GET_FAMILY(type)); ++ } else if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) { ++ append_with_curve(&buffer, buffer_size, &required_size, ++ "PSA_KEY_TYPE_ECC_PUBLIC_KEY", 27, ++ PSA_KEY_TYPE_ECC_GET_FAMILY(type)); ++ } else if (PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { ++ append_with_group(&buffer, buffer_size, &required_size, ++ "PSA_KEY_TYPE_DH_KEY_PAIR", 24, ++ PSA_KEY_TYPE_DH_GET_FAMILY(type)); ++ } else if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type)) { ++ append_with_group(&buffer, buffer_size, &required_size, ++ "PSA_KEY_TYPE_DH_PUBLIC_KEY", 26, ++ PSA_KEY_TYPE_DH_GET_FAMILY(type)); ++ } else { ++ return snprintf(buffer, buffer_size, ++ "0x%04x", (unsigned) type); ++ } ++ break; ++ } ++ buffer[0] = 0; ++ return (int) required_size; ++} ++ ++#define NO_LENGTH_MODIFIER 0xfffffffflu ++static int psa_snprint_algorithm(char *buffer, size_t buffer_size, ++ psa_algorithm_t alg) ++{ ++ size_t required_size = 0; ++ psa_algorithm_t core_alg = alg; ++ unsigned long length_modifier = NO_LENGTH_MODIFIER; ++ if (PSA_ALG_IS_MAC(alg)) { ++ core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0); ++ if (core_alg != alg) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_TRUNCATED_MAC(", 22); ++ length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg); ++ } ++ } else if (PSA_ALG_IS_AEAD(alg)) { ++ core_alg = PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg); ++ if (core_alg == 0) { ++ /* For unknown AEAD algorithms, there is no "default tag length". */ ++ core_alg = alg; ++ } else if (core_alg != alg) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_AEAD_WITH_TAG_LENGTH(", 29); ++ length_modifier = PSA_AEAD_TAG_LENGTH(alg); ++ } ++ } else if (PSA_ALG_IS_KEY_AGREEMENT(alg) && ++ !PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) { ++ core_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg); ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_KEY_AGREEMENT(", 22); ++ append_with_alg(&buffer, buffer_size, &required_size, ++ psa_ka_algorithm_name, ++ PSA_ALG_KEY_AGREEMENT_GET_BASE(alg)); ++ append(&buffer, buffer_size, &required_size, ", ", 2); ++ } ++ switch (core_alg) { ++ case PSA_ALG_ANY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ANY_HASH", 16); break; ++ case PSA_ALG_ARC4: append(&buffer, buffer_size, &required_size, "PSA_ALG_ARC4", 12); break; ++ case PSA_ALG_CATEGORY_AEAD: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_AEAD", 21); break; ++ case PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION", 38); break; ++ case PSA_ALG_CATEGORY_CIPHER: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_CIPHER", 23); break; ++ case PSA_ALG_CATEGORY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_HASH", 21); break; ++ case PSA_ALG_CATEGORY_KEY_AGREEMENT: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_KEY_AGREEMENT", 30); break; ++ case PSA_ALG_CATEGORY_KEY_DERIVATION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_KEY_DERIVATION", 31); break; ++ case PSA_ALG_CATEGORY_MAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_MAC", 20); break; ++ case PSA_ALG_CATEGORY_SIGN: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_SIGN", 21); break; ++ case PSA_ALG_CBC_MAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_MAC", 15); break; ++ case PSA_ALG_CBC_NO_PADDING: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_NO_PADDING", 22); break; ++ case PSA_ALG_CBC_PKCS7: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_PKCS7", 17); break; ++ case PSA_ALG_CCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_CCM", 11); break; ++ case PSA_ALG_CFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_CFB", 11); break; ++ case PSA_ALG_CHACHA20: append(&buffer, buffer_size, &required_size, "PSA_ALG_CHACHA20", 16); break; ++ case PSA_ALG_CHACHA20_POLY1305: append(&buffer, buffer_size, &required_size, "PSA_ALG_CHACHA20_POLY1305", 25); break; ++ case PSA_ALG_CIPHER_MAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_CIPHER_MAC_BASE", 23); break; ++ case PSA_ALG_CMAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CMAC", 12); break; ++ case PSA_ALG_CTR: append(&buffer, buffer_size, &required_size, "PSA_ALG_CTR", 11); break; ++ case PSA_ALG_DETERMINISTIC_DSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DETERMINISTIC_DSA_BASE", 30); break; ++ case PSA_ALG_DETERMINISTIC_ECDSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DETERMINISTIC_ECDSA_BASE", 32); break; ++ case PSA_ALG_DSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DSA_BASE", 16); break; ++ case PSA_ALG_ECDH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECDH", 12); break; ++ case PSA_ALG_ECDSA_ANY: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECDSA_ANY", 17); break; ++ case PSA_ALG_FFDH: append(&buffer, buffer_size, &required_size, "PSA_ALG_FFDH", 12); break; ++ case PSA_ALG_GCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_GCM", 11); break; ++ case PSA_ALG_HKDF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HKDF_BASE", 17); break; ++ case PSA_ALG_HMAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HMAC_BASE", 17); break; ++ case PSA_ALG_MD2: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD2", 11); break; ++ case PSA_ALG_MD4: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD4", 11); break; ++ case PSA_ALG_MD5: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD5", 11); break; ++ case PSA_ALG_OFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_OFB", 11); break; ++ case PSA_ALG_RIPEMD160: append(&buffer, buffer_size, &required_size, "PSA_ALG_RIPEMD160", 17); break; ++ case PSA_ALG_RSA_OAEP_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_OAEP_BASE", 21); break; ++ case PSA_ALG_RSA_PKCS1V15_CRYPT: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PKCS1V15_CRYPT", 26); break; ++ case PSA_ALG_RSA_PKCS1V15_SIGN_RAW: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PKCS1V15_SIGN_RAW", 29); break; ++ case PSA_ALG_RSA_PSS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PSS_BASE", 20); break; ++ case PSA_ALG_SHA3_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_224", 16); break; ++ case PSA_ALG_SHA3_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_256", 16); break; ++ case PSA_ALG_SHA3_384: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_384", 16); break; ++ case PSA_ALG_SHA3_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_512", 16); break; ++ case PSA_ALG_SHA_1: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_1", 13); break; ++ case PSA_ALG_SHA_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_224", 15); break; ++ case PSA_ALG_SHA_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_256", 15); break; ++ case PSA_ALG_SHA_384: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_384", 15); break; ++ case PSA_ALG_SHA_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512", 15); break; ++ case PSA_ALG_SHA_512_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_224", 19); break; ++ case PSA_ALG_SHA_512_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_256", 19); break; ++ case PSA_ALG_TLS12_PRF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PRF_BASE", 22); break; ++ case PSA_ALG_TLS12_PSK_TO_MS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PSK_TO_MS_BASE", 28); break; ++ case PSA_ALG_XTS: append(&buffer, buffer_size, &required_size, "PSA_ALG_XTS", 11); break; ++ default: ++ if (PSA_ALG_IS_DETERMINISTIC_DSA(core_alg)) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_DETERMINISTIC_DSA(", 25 + 1); ++ append_with_alg(&buffer, buffer_size, &required_size, ++ psa_hash_algorithm_name, ++ PSA_ALG_GET_HASH(core_alg)); ++ append(&buffer, buffer_size, &required_size, ")", 1); ++ } else if (PSA_ALG_IS_DETERMINISTIC_ECDSA(core_alg)) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_DETERMINISTIC_ECDSA(", 27 + 1); ++ append_with_alg(&buffer, buffer_size, &required_size, ++ psa_hash_algorithm_name, ++ PSA_ALG_GET_HASH(core_alg)); ++ append(&buffer, buffer_size, &required_size, ")", 1); ++ } else if (PSA_ALG_IS_RANDOMIZED_DSA(core_alg)) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_DSA(", 11 + 1); ++ append_with_alg(&buffer, buffer_size, &required_size, ++ psa_hash_algorithm_name, ++ PSA_ALG_GET_HASH(core_alg)); ++ append(&buffer, buffer_size, &required_size, ")", 1); ++ } else if (PSA_ALG_IS_RANDOMIZED_ECDSA(core_alg)) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_ECDSA(", 13 + 1); ++ append_with_alg(&buffer, buffer_size, &required_size, ++ psa_hash_algorithm_name, ++ PSA_ALG_GET_HASH(core_alg)); ++ append(&buffer, buffer_size, &required_size, ")", 1); ++ } else if (PSA_ALG_IS_HKDF(core_alg)) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_HKDF(", 12 + 1); ++ append_with_alg(&buffer, buffer_size, &required_size, ++ psa_hash_algorithm_name, ++ PSA_ALG_GET_HASH(core_alg)); ++ append(&buffer, buffer_size, &required_size, ")", 1); ++ } else if (PSA_ALG_IS_HMAC(core_alg)) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_HMAC(", 12 + 1); ++ append_with_alg(&buffer, buffer_size, &required_size, ++ psa_hash_algorithm_name, ++ PSA_ALG_GET_HASH(core_alg)); ++ append(&buffer, buffer_size, &required_size, ")", 1); ++ } else if (PSA_ALG_IS_RSA_OAEP(core_alg)) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_RSA_OAEP(", 16 + 1); ++ append_with_alg(&buffer, buffer_size, &required_size, ++ psa_hash_algorithm_name, ++ PSA_ALG_GET_HASH(core_alg)); ++ append(&buffer, buffer_size, &required_size, ")", 1); ++ } else if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(core_alg)) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_RSA_PKCS1V15_SIGN(", 25 + 1); ++ append_with_alg(&buffer, buffer_size, &required_size, ++ psa_hash_algorithm_name, ++ PSA_ALG_GET_HASH(core_alg)); ++ append(&buffer, buffer_size, &required_size, ")", 1); ++ } else if (PSA_ALG_IS_RSA_PSS(core_alg)) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_RSA_PSS(", 15 + 1); ++ append_with_alg(&buffer, buffer_size, &required_size, ++ psa_hash_algorithm_name, ++ PSA_ALG_GET_HASH(core_alg)); ++ append(&buffer, buffer_size, &required_size, ")", 1); ++ } else if (PSA_ALG_IS_TLS12_PRF(core_alg)) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_TLS12_PRF(", 17 + 1); ++ append_with_alg(&buffer, buffer_size, &required_size, ++ psa_hash_algorithm_name, ++ PSA_ALG_GET_HASH(core_alg)); ++ append(&buffer, buffer_size, &required_size, ")", 1); ++ } else if (PSA_ALG_IS_TLS12_PSK_TO_MS(core_alg)) { ++ append(&buffer, buffer_size, &required_size, ++ "PSA_ALG_TLS12_PSK_TO_MS(", 23 + 1); ++ append_with_alg(&buffer, buffer_size, &required_size, ++ psa_hash_algorithm_name, ++ PSA_ALG_GET_HASH(core_alg)); ++ append(&buffer, buffer_size, &required_size, ")", 1); ++ } else { ++ append_integer(&buffer, buffer_size, &required_size, ++ "0x%08lx", (unsigned long) core_alg); ++ } ++ break; ++ } ++ if (core_alg != alg) { ++ if (length_modifier != NO_LENGTH_MODIFIER) { ++ append(&buffer, buffer_size, &required_size, ", ", 2); ++ append_integer(&buffer, buffer_size, &required_size, ++ "%lu", length_modifier); ++ } ++ append(&buffer, buffer_size, &required_size, ")", 1); ++ } ++ buffer[0] = 0; ++ return (int) required_size; ++} ++ ++static int psa_snprint_key_usage(char *buffer, size_t buffer_size, ++ psa_key_usage_t usage) ++{ ++ size_t required_size = 0; ++ if (usage == 0) { ++ if (buffer_size > 1) { ++ buffer[0] = '0'; ++ buffer[1] = 0; ++ } else if (buffer_size == 1) { ++ buffer[0] = 0; ++ } ++ return 1; ++ } ++ if (usage & PSA_KEY_USAGE_COPY) { ++ if (required_size != 0) { ++ append(&buffer, buffer_size, &required_size, " | ", 3); ++ } ++ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_COPY", 18); ++ usage ^= PSA_KEY_USAGE_COPY; ++ } ++ if (usage & PSA_KEY_USAGE_DECRYPT) { ++ if (required_size != 0) { ++ append(&buffer, buffer_size, &required_size, " | ", 3); ++ } ++ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_DECRYPT", 21); ++ usage ^= PSA_KEY_USAGE_DECRYPT; ++ } ++ if (usage & PSA_KEY_USAGE_DERIVE) { ++ if (required_size != 0) { ++ append(&buffer, buffer_size, &required_size, " | ", 3); ++ } ++ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_DERIVE", 20); ++ usage ^= PSA_KEY_USAGE_DERIVE; ++ } ++ if (usage & PSA_KEY_USAGE_ENCRYPT) { ++ if (required_size != 0) { ++ append(&buffer, buffer_size, &required_size, " | ", 3); ++ } ++ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_ENCRYPT", 21); ++ usage ^= PSA_KEY_USAGE_ENCRYPT; ++ } ++ if (usage & PSA_KEY_USAGE_EXPORT) { ++ if (required_size != 0) { ++ append(&buffer, buffer_size, &required_size, " | ", 3); ++ } ++ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_EXPORT", 20); ++ usage ^= PSA_KEY_USAGE_EXPORT; ++ } ++ if (usage & PSA_KEY_USAGE_SIGN_HASH) { ++ if (required_size != 0) { ++ append(&buffer, buffer_size, &required_size, " | ", 3); ++ } ++ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_HASH", 23); ++ usage ^= PSA_KEY_USAGE_SIGN_HASH; ++ } ++ if (usage & PSA_KEY_USAGE_VERIFY_HASH) { ++ if (required_size != 0) { ++ append(&buffer, buffer_size, &required_size, " | ", 3); ++ } ++ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_HASH", 25); ++ usage ^= PSA_KEY_USAGE_VERIFY_HASH; ++ } ++ if (usage != 0) { ++ if (required_size != 0) { ++ append(&buffer, buffer_size, &required_size, " | ", 3); ++ } ++ append_integer(&buffer, buffer_size, &required_size, ++ "0x%08lx", (unsigned long) usage); ++ } else { ++ buffer[0] = 0; ++ } ++ return (int) required_size; ++} ++ ++/* End of automatically generated file. */ +diff --git tests/scripts/check-generated-files.sh tests/scripts/check-generated-files.sh +index 3ab62f8b1..845d1c60c 100755 +--- tests/scripts/check-generated-files.sh ++++ tests/scripts/check-generated-files.sh +@@ -105,3 +105,4 @@ check scripts/generate_errors.pl library/error.c + check scripts/generate_query_config.pl programs/test/query_config.c + check scripts/generate_features.pl library/version_features.c + check scripts/generate_visualc_files.pl visualc/VS2010 ++check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c diff --git a/srcpkgs/mbedtls/patches/python3.patch b/srcpkgs/mbedtls/patches/python3.patch new file mode 100644 index 00000000000..1d61aa8e4da --- /dev/null +++ b/srcpkgs/mbedtls/patches/python3.patch @@ -0,0 +1,15 @@ +diff --git tests/Makefile tests/Makefile +index 511db9db5..c9da775a9 100644 +--- tests/Makefile ++++ tests/Makefile +@@ -54,8 +54,8 @@ else + DLEXT ?= so + EXEXT= + SHARED_SUFFIX= +-# python2 for POSIX since FreeBSD has only python2 as default. +-PYTHON ?= python2 ++# python3 since who uses python2? ++PYTHON ?= python3 + endif + + # Zlib shared library extensions: diff --git a/srcpkgs/mbedtls/template b/srcpkgs/mbedtls/template index 01a31009943..846c7a96cba 100644 --- a/srcpkgs/mbedtls/template +++ b/srcpkgs/mbedtls/template @@ -1,27 +1,50 @@ # Template file for 'mbedtls' pkgname=mbedtls -reverts="2.17.0_1" -version=2.16.8 +version=2.24.0 revision=1 wrksrc="mbedtls-mbedtls-${version}" -build_style=cmake -configure_args="-DENABLE_TESTING=1 -DUSE_SHARED_MBEDTLS_LIBRARY=1" -hostmakedepends="python3 perl" +build_style=gnu-makefile +make_build_args="SHARED=1" +make_install_args="PREFIX=" short_desc="Portable cryptographic TLS library" maintainer="Orphaned " license="Apache-2.0" homepage="https://tls.mbed.org/" changelog="https://raw.githubusercontent.com/ARMmbed/mbedtls/development/ChangeLog" distfiles="https://github.com/ARMmbed/mbedtls/archive/mbedtls-${version}.tar.gz" -checksum=047b4067f21a72947dd1dffd7c3f106ad8e52d85877b77df558296458f6030a3 +checksum=b5a779b5f36d5fc4cba55faa410685f89128702423ad07b36c5665441a06a5f3 +build_options="tests" +desc_option_tests="Build and run full test suite" + +if [ "$build_option_tests" ]; then + hostmakedepends="python3 perl" +else + make_build_target=no_test +fi pre_configure() { - sed -i include/mbedtls/config.h \ + vsed -i include/mbedtls/config.h \ -e 's/.*\(#define MBEDTLS_THREADING_C\)/\1/' \ -e 's/.*\(#define MBEDTLS_THREADING_PTHREAD\)/\1/' } +post_install() { + mkdir "${DESTDIR}/usr" + for dir in bin lib include; do + mv "${DESTDIR}/${dir}" "${DESTDIR}/usr" + done +} + +do_check() { + if [ "$build_option_tests" ]; then + make check + else + # compiled without full test suite to avoid python3, perl deps + : + fi +} + mbedtls-utils_package() { short_desc+=" - additional utilities" depends="${sourcepkg}-${version}_${revision}" From 823c8b7b3436bb81a2b5e0141cc881754a011bb5 Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 22 Sep 2020 11:49:13 -0700 Subject: [PATCH 02/11] bctoolbox: rebuild against mbedtls-2.24.0 --- srcpkgs/bctoolbox/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/bctoolbox/template b/srcpkgs/bctoolbox/template index 20f9966ff8d..299c6e5ee5d 100644 --- a/srcpkgs/bctoolbox/template +++ b/srcpkgs/bctoolbox/template @@ -1,7 +1,7 @@ # Template file for 'bctoolbox' pkgname=bctoolbox version=4.4.0 -revision=1 +revision=2 build_style=cmake configure_args="-DENABLE_TESTS=ON -DENABLE_TESTS_COMPONENT=OFF -DCMAKE_MODULE_PATH=/usr/lib/cmake" From 9b22807b596f28a5d3754bd76fa7a130b45a4b9f Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 22 Sep 2020 11:49:13 -0700 Subject: [PATCH 03/11] dislocker: rebuild against mbedtls-2.24.0 --- srcpkgs/dislocker/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/dislocker/template b/srcpkgs/dislocker/template index b000cc7ab9c..0acd26da13a 100644 --- a/srcpkgs/dislocker/template +++ b/srcpkgs/dislocker/template @@ -1,7 +1,7 @@ # Template file for 'dislocker' pkgname=dislocker version=0.7.1 -revision=4 +revision=5 build_style=cmake configure_args="-DLIB_INSTALL_DIR=lib" makedepends="mbedtls-devel fuse-devel" From 75df7121759679d7d5ccd5fed77731b4031b81aa Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 22 Sep 2020 11:49:13 -0700 Subject: [PATCH 04/11] dolphin-emu: rebuild against mbedtls-2.24.0 --- srcpkgs/dolphin-emu/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/dolphin-emu/template b/srcpkgs/dolphin-emu/template index 0e38d8d25be..a9e6860cd16 100644 --- a/srcpkgs/dolphin-emu/template +++ b/srcpkgs/dolphin-emu/template @@ -1,7 +1,7 @@ # Template file for 'dolphin-emu' pkgname=dolphin-emu version=5.0 -revision=18 +revision=19 archs="x86_64* ppc64le*" wrksrc="dolphin-${version}" build_style=cmake From 3b8a9d2f7087e8e5c170ebc1aeb0aa231d024fbd Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 22 Sep 2020 11:49:13 -0700 Subject: [PATCH 05/11] godot: rebuild against mbedtls-2.24.0 --- srcpkgs/godot/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/godot/template b/srcpkgs/godot/template index dc0c3a90e36..33f4a008926 100644 --- a/srcpkgs/godot/template +++ b/srcpkgs/godot/template @@ -1,7 +1,7 @@ # Template file for 'godot' pkgname=godot version=3.2.2 -revision=1 +revision=2 archs="x86_64* i686* aarch64* armv7* ppc64*" wrksrc="${pkgname}-${version}-stable" build_style=scons From f00ca36b6f2f4affba30a9ee3de98d59560d8bf8 Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 22 Sep 2020 11:49:14 -0700 Subject: [PATCH 06/11] hiawatha: rebuild against mbedtls-2.24.0 --- srcpkgs/hiawatha/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/hiawatha/template b/srcpkgs/hiawatha/template index 7e50522c999..59f0e47adec 100644 --- a/srcpkgs/hiawatha/template +++ b/srcpkgs/hiawatha/template @@ -1,7 +1,7 @@ # Template file for 'hiawatha' pkgname=hiawatha version=10.11 -revision=1 +revision=2 build_style=cmake configure_args="-DLOG_DIR=/var/log/hiawatha -DPID_DIR=/run -DWEBROOT_DIR=/srv/www/$pkgname -DWORK_DIR=/var/lib/hiawatha From acaf5ca32b7dd0ba978ab4593aca28582bc358f6 Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 22 Sep 2020 11:49:14 -0700 Subject: [PATCH 07/11] julia: rebuild against mbedtls-2.24.0 --- srcpkgs/julia/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/julia/template b/srcpkgs/julia/template index 137ed59325b..c66f935a703 100644 --- a/srcpkgs/julia/template +++ b/srcpkgs/julia/template @@ -1,7 +1,7 @@ # Template file for 'julia' pkgname=julia version=1.5.1 -revision=1 +revision=2 archs="i686* x86_64* armv7l* aarch64*" build_style=gnu-makefile make_build_args="prefix=/usr sysconfdir=/etc datarootdir=/usr/share From 47b28f02288daea0f5f9d123b19bf19f3bc00798 Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 22 Sep 2020 11:49:14 -0700 Subject: [PATCH 08/11] obs: rebuild against mbedtls-2.24.0 --- srcpkgs/obs/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/obs/template b/srcpkgs/obs/template index 279238fc816..c43e6bb76f9 100644 --- a/srcpkgs/obs/template +++ b/srcpkgs/obs/template @@ -1,7 +1,7 @@ # Template file for 'obs' pkgname=obs version=25.0.8 -revision=1 +revision=2 archs="i686* x86_64* ppc64le*" wrksrc="obs-studio-${version}" build_style=cmake From 61abb67762b2692ba58f93c7c2ccac21cd063991 Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 22 Sep 2020 11:49:14 -0700 Subject: [PATCH 09/11] openvpn: rebuild against mbedtls-2.24.0 --- srcpkgs/openvpn/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/openvpn/template b/srcpkgs/openvpn/template index 63a8ce1b77e..6e9be06b56c 100644 --- a/srcpkgs/openvpn/template +++ b/srcpkgs/openvpn/template @@ -1,7 +1,7 @@ # Template file for 'openvpn' pkgname=openvpn version=2.4.9 -revision=3 +revision=4 build_style=gnu-configure configure_args="$(vopt_enable pkcs11) --enable-iproute2 --disable-systemd $(vopt_if mbedtls --with-crypto-library=mbedtls)" From f4674df2545676c5616cd441ab0023c125eff640 Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 22 Sep 2020 11:49:14 -0700 Subject: [PATCH 10/11] rvault: rebuild against mbedtls-2.24.0 --- srcpkgs/rvault/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/rvault/template b/srcpkgs/rvault/template index 8198657c82c..ab5dad855c3 100644 --- a/srcpkgs/rvault/template +++ b/srcpkgs/rvault/template @@ -1,7 +1,7 @@ # Template file for 'rvault' pkgname=rvault version=0.2 -revision=2 +revision=3 build_style=gnu-makefile build_wrksrc=src make_use_env=yes From 8c19cb7825eeb37471354b39eb79e72dd0237a53 Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 22 Sep 2020 11:49:14 -0700 Subject: [PATCH 11/11] shadowsocks-libev: rebuild against mbedtls-2.24.0 [ci skip] --- srcpkgs/shadowsocks-libev/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/shadowsocks-libev/template b/srcpkgs/shadowsocks-libev/template index 910dbd2a505..b639391e3a1 100644 --- a/srcpkgs/shadowsocks-libev/template +++ b/srcpkgs/shadowsocks-libev/template @@ -1,7 +1,7 @@ # Template file for 'shadowsocks-libev' pkgname=shadowsocks-libev version=3.3.4 -revision=1 +revision=2 build_style=gnu-configure configure_args="--with-pcre=${XBPS_CROSS_BASE}/usr" hostmakedepends="pkg-config asciidoc xmlto"