323 lines
11 KiB
Diff
323 lines
11 KiB
Diff
|
diff -up comm/third_party/moz.build.D161379.diff comm/third_party/moz.build
|
||
|
--- comm/third_party/moz.build.D161379.diff 2022-10-14 21:45:15.000000000 +0200
|
||
|
+++ comm/third_party/moz.build 2022-11-10 11:49:44.194016978 +0100
|
||
|
@@ -11,9 +11,11 @@ if CONFIG["TB_LIBOTR_PREBUILT"]:
|
||
|
|
||
|
if CONFIG["MZLA_LIBRNP"]:
|
||
|
DIRS += [
|
||
|
- "botan",
|
||
|
"bzip2",
|
||
|
"json-c",
|
||
|
"rnp",
|
||
|
"zlib",
|
||
|
]
|
||
|
+ if CONFIG["MZLA_LIBRNP_BACKEND"] == "botan":
|
||
|
+ DIRS += [ "botan" ]
|
||
|
+
|
||
|
diff -up comm/third_party/openpgp.configure.D161379.diff comm/third_party/openpgp.configure
|
||
|
--- comm/third_party/openpgp.configure.D161379.diff 2022-11-10 11:49:37.605024129 +0100
|
||
|
+++ comm/third_party/openpgp.configure 2022-11-10 11:49:44.194016978 +0100
|
||
|
@@ -199,16 +199,136 @@ with only_when(in_tree_librnp):
|
||
|
set_config("MZLA_BZIP2_CFLAGS", bzip2_flags.cflags)
|
||
|
set_config("MZLA_BZIP2_LIBS", bzip2_flags.ldflags)
|
||
|
|
||
|
- # BOTAN --with-system-botan
|
||
|
- system_lib_option(
|
||
|
- "--with-system-botan",
|
||
|
- help="Use system Botan for librnp (located with pkgconfig)",
|
||
|
- )
|
||
|
-
|
||
|
- botan_pkg = pkg_check_modules(
|
||
|
- "MZLA_BOTAN", "botan-2 >= 2.8.0", when="--with-system-botan"
|
||
|
- )
|
||
|
- set_config("MZLA_SYSTEM_BOTAN", depends_if(botan_pkg)(lambda _: True))
|
||
|
+ # librnp crypto backend selection
|
||
|
+ option("--with-librnp-backend",
|
||
|
+ help="Build librnp with the selected backend: {botan, openssl}",
|
||
|
+ default="botan")
|
||
|
+
|
||
|
+ @depends("--with-librnp-backend")
|
||
|
+ def librnp_backend(backend):
|
||
|
+ allowed = ("botan", "openssl")
|
||
|
+ if backend[0] in allowed:
|
||
|
+ return backend[0]
|
||
|
+ else:
|
||
|
+ die(f"Unsupported librnp backend {backend[0]}.")
|
||
|
+
|
||
|
+ set_config("MZLA_LIBRNP_BACKEND", librnp_backend)
|
||
|
+
|
||
|
+ @depends(librnp_backend)
|
||
|
+ def rnp_botan(backend):
|
||
|
+ return backend == "botan"
|
||
|
+
|
||
|
+ @depends(librnp_backend)
|
||
|
+ def rnp_openssl(backend):
|
||
|
+ return backend == "openssl"
|
||
|
+
|
||
|
+ # Botan backend (--with-system-botan)
|
||
|
+ with only_when(rnp_botan):
|
||
|
+ system_lib_option(
|
||
|
+ "--with-system-botan",
|
||
|
+ help="Use system Botan for librnp (located with pkgconfig)",
|
||
|
+ )
|
||
|
+
|
||
|
+ botan_pkg = pkg_check_modules(
|
||
|
+ "MZLA_BOTAN", "botan-2 >= 2.8.0", when="--with-system-botan"
|
||
|
+ )
|
||
|
+ set_config("MZLA_SYSTEM_BOTAN", depends_if(botan_pkg)(lambda _: True))
|
||
|
+
|
||
|
+
|
||
|
+ # OpenSSL backend
|
||
|
+ with only_when(rnp_openssl):
|
||
|
+ option(
|
||
|
+ "--with-openssl",
|
||
|
+ nargs=1,
|
||
|
+ help="OpenSSL library prefix (when not found by pkgconfig)"
|
||
|
+ )
|
||
|
+ openssl_pkg = pkg_check_modules(
|
||
|
+ "MZLA_LIBRNP_OPENSSL",
|
||
|
+ "openssl > 1.1.1",
|
||
|
+ allow_missing=True,
|
||
|
+ config=False
|
||
|
+ )
|
||
|
+ @depends_if("--with-openssl", openssl_pkg)
|
||
|
+ @imports(_from="os.path", _import="isdir")
|
||
|
+ @imports(_from="os.path", _import="join")
|
||
|
+ def openssl_flags(openssl_prefix, openssl_pkg):
|
||
|
+ if openssl_prefix:
|
||
|
+ openssl_prefix = openssl_prefix[0]
|
||
|
+ include = join(openssl_prefix, "include")
|
||
|
+ lib = join(openssl_prefix, "lib")
|
||
|
+ if not isdir(lib):
|
||
|
+ lib = join(openssl_prefix, "lib64")
|
||
|
+ if isdir(include) and isdir(lib):
|
||
|
+ log.info(f"Using OpenSSL at {openssl_prefix}.")
|
||
|
+ return namespace(
|
||
|
+ cflags=(f"-I{include}",),
|
||
|
+ ldflags=(f"-L{lib}", "-lssl", "-lcrypto"),
|
||
|
+ )
|
||
|
+ if openssl_pkg:
|
||
|
+ return namespace(
|
||
|
+ cflags=openssl_pkg.cflags,
|
||
|
+ ldflags=openssl_pkg.libs,
|
||
|
+ )
|
||
|
+ set_config("MZLA_LIBRNP_OPENSSL_CFLAGS", openssl_flags.cflags)
|
||
|
+ set_config("MZLA_LIBRNP_OPENSSL_LIBS", openssl_flags.ldflags)
|
||
|
+
|
||
|
+
|
||
|
+ @depends(c_compiler, openssl_flags)
|
||
|
+ @imports(_from="textwrap", _import="dedent")
|
||
|
+ def openssl_version(compiler, openssl_flags):
|
||
|
+ log.info("Checking for OpenSSL >= 1.1.1")
|
||
|
+ if openssl_flags is None:
|
||
|
+ die("OpenSSL not found. Must be locatable with pkg-config or use --with-openssl.")
|
||
|
+
|
||
|
+ def ossl_hexver(hex_str):
|
||
|
+ # See opensshlv.h for description of OPENSSL_VERSION_NUMBER
|
||
|
+ MIN_OSSL_VER = 0x1010100f # Version 1.1.1
|
||
|
+ ver_as_int = int(hex_str[:-1], 16)
|
||
|
+ ossl_major = (ver_as_int & 0xf0000000) >> 28
|
||
|
+ ossl_minor = (ver_as_int & 0x0ff00000) >> 20
|
||
|
+ ossl_fix = (ver_as_int & 0x000ff000) >> 12
|
||
|
+ ossl_patch = chr(96 + (ver_as_int & 0x00000ff0) >> 4) # as a letter a-z
|
||
|
+ ver_as_str = f"{ossl_major}.{ossl_minor}.{ossl_fix}{ossl_patch}"
|
||
|
+ if ver_as_int < MIN_OSSL_VER:
|
||
|
+ die(f"OpenSSL version {ver_as_str} is too old.")
|
||
|
+ return ver_as_str
|
||
|
+
|
||
|
+ check = dedent(
|
||
|
+ """\
|
||
|
+ #include <openssl/opensslv.h>
|
||
|
+ #ifdef OPENSSL_VERSION_STR
|
||
|
+ OPENSSL_VERSION_STR
|
||
|
+ #elif defined(OPENSSL_VERSION_NUMBER)
|
||
|
+ OPENSSL_VERSION_NUMBER
|
||
|
+ #else
|
||
|
+ #error Unable to determine OpenSSL version.
|
||
|
+ #endif
|
||
|
+ """
|
||
|
+ )
|
||
|
+ result = try_preprocess(
|
||
|
+ compiler.wrapper
|
||
|
+ + [compiler.compiler]
|
||
|
+ + compiler.flags
|
||
|
+ + list(openssl_flags.cflags),
|
||
|
+ "C",
|
||
|
+ check
|
||
|
+ )
|
||
|
+ if result:
|
||
|
+ openssl_ver = result.splitlines()[-1]
|
||
|
+ if openssl_ver.startswith("0x"):
|
||
|
+ # OpenSSL 1.x.x - like 0x1010107fL
|
||
|
+ openssl_ver = ossl_hexver(openssl_ver)
|
||
|
+ else:
|
||
|
+ # OpenSSL 3.x.x - quoted version like "3.0.7"
|
||
|
+ openssl_ver = openssl_ver.replace('"', "")
|
||
|
+ major_version = openssl_ver.split(".")[0]
|
||
|
+ if major_version != "3":
|
||
|
+ die("Unrecognized OpenSSL version {openssl_version} found. Require >= 1.1.1 or 3.x.x")
|
||
|
+
|
||
|
+ log.info(f"Found OpenSSL {openssl_ver}.")
|
||
|
+ return openssl_ver
|
||
|
+
|
||
|
+ set_config("MZLA_LIBRNP_OPENSSL_VERSION", openssl_version)
|
||
|
|
||
|
# Checks for building librnp itself
|
||
|
# =================================
|
||
|
diff -up comm/third_party/rnp/moz.build.D161379.diff comm/third_party/rnp/moz.build
|
||
|
--- comm/third_party/rnp/moz.build.D161379.diff 2022-11-10 11:49:43.682017534 +0100
|
||
|
+++ comm/third_party/rnp/moz.build 2022-11-10 11:51:22.878909880 +0100
|
||
|
@@ -36,17 +36,53 @@ if CONFIG["CC_TYPE"] == "clang-cl":
|
||
|
"/EHs",
|
||
|
]
|
||
|
|
||
|
+LOCAL_INCLUDES = [
|
||
|
+ "include",
|
||
|
+ "src",
|
||
|
+ "src/common",
|
||
|
+ "src/lib",
|
||
|
+]
|
||
|
+
|
||
|
+IQuote(
|
||
|
+ "{}/src/lib".format(OBJDIR),
|
||
|
+ "{}/src/lib".format(SRCDIR),
|
||
|
+)
|
||
|
+
|
||
|
+# Set up defines for src/lib/config.h
|
||
|
rnp_defines = {
|
||
|
"HAVE_BZLIB_H": True,
|
||
|
"HAVE_ZLIB_H": True,
|
||
|
- "CRYPTO_BACKEND_OPENSSL": True,
|
||
|
- "ENABLE_AEAD": True,
|
||
|
- "ENABLE_TWOFISH": True,
|
||
|
- "ENABLE_BRAINPOOL": True,
|
||
|
"ENABLE_IDEA": True,
|
||
|
"PACKAGE_BUGREPORT": '"https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"',
|
||
|
"PACKAGE_STRING": '"rnp {}"'.format(CONFIG["MZLA_LIBRNP_FULL_VERSION"])
|
||
|
}
|
||
|
+if CONFIG["MZLA_LIBRNP_BACKEND"] == "botan":
|
||
|
+ LOCAL_INCLUDES += ["!../botan/build/include"]
|
||
|
+ if CONFIG["MZLA_SYSTEM_BOTAN"]:
|
||
|
+ CXXFLAGS += CONFIG["MZLA_BOTAN_CFLAGS"]
|
||
|
+
|
||
|
+ rnp_defines.update({
|
||
|
+ "CRYPTO_BACKEND_BOTAN": True,
|
||
|
+ "ENABLE_AEAD": True,
|
||
|
+ "ENABLE_TWOFISH": True,
|
||
|
+ "ENABLE_BRAINPOOL": True,
|
||
|
+ })
|
||
|
+elif CONFIG["MZLA_LIBRNP_BACKEND"] == "openssl":
|
||
|
+ CXXFLAGS += CONFIG["MZLA_LIBRNP_OPENSSL_CFLAGS"]
|
||
|
+ OS_LIBS += CONFIG["MZLA_LIBRNP_OPENSSL_LIBS"]
|
||
|
+
|
||
|
+ rnp_defines.update({
|
||
|
+ "CRYPTO_BACKEND_OPENSSL": True,
|
||
|
+ # Not supported with RNP+OpenSSL https://github.com/rnpgp/rnp/issues/1642
|
||
|
+ "ENABLE_AEAD": False,
|
||
|
+ # Not supported by OpenSSL https://github.com/openssl/openssl/issues/2046
|
||
|
+ "ENABLE_TWOFISH": False,
|
||
|
+ # Supported, but not with RHEL's OpenSSL, disabled for now;
|
||
|
+ "ENABLE_BRAINPOOL": False,
|
||
|
+ })
|
||
|
+ if CONFIG["MZLA_LIBRNP_OPENSSL_VERSION"][0] == "3":
|
||
|
+ rnp_defines["CRYPTO_BACKEND_OPENSSL3"] = True
|
||
|
+
|
||
|
GeneratedFile(
|
||
|
"src/lib/config.h",
|
||
|
script="/comm/python/rocbuild/process_cmake_define_files.py",
|
||
|
@@ -57,23 +93,6 @@ GeneratedFile(
|
||
|
],
|
||
|
)
|
||
|
|
||
|
-LOCAL_INCLUDES = [
|
||
|
- "include",
|
||
|
- "src",
|
||
|
- "src/common",
|
||
|
- "src/lib",
|
||
|
-]
|
||
|
-
|
||
|
-IQuote(
|
||
|
- "{}/src/lib".format(OBJDIR),
|
||
|
- "{}/src/lib".format(SRCDIR),
|
||
|
-)
|
||
|
-
|
||
|
-if CONFIG["MZLA_SYSTEM_BOTAN"]:
|
||
|
- CXXFLAGS += CONFIG["MZLA_BOTAN_CFLAGS"]
|
||
|
-else:
|
||
|
- LOCAL_INCLUDES += ["!../botan/build/include"]
|
||
|
-
|
||
|
if CONFIG["MOZ_SYSTEM_ZLIB"]:
|
||
|
CXXFLAGS += CONFIG["MOZ_ZLIB_CFLAGS"]
|
||
|
else:
|
||
|
@@ -109,29 +128,16 @@ SOURCES += [
|
||
|
"src/common/time-utils.cpp",
|
||
|
"src/lib/crypto.cpp",
|
||
|
"src/lib/crypto/backend_version.cpp",
|
||
|
- "src/lib/crypto/bn.cpp",
|
||
|
"src/lib/crypto/cipher.cpp",
|
||
|
- "src/lib/crypto/cipher_botan.cpp",
|
||
|
- "src/lib/crypto/dsa.cpp",
|
||
|
- "src/lib/crypto/ec.cpp",
|
||
|
"src/lib/crypto/ec_curves.cpp",
|
||
|
- "src/lib/crypto/ecdh.cpp",
|
||
|
"src/lib/crypto/ecdh_utils.cpp",
|
||
|
- "src/lib/crypto/ecdsa.cpp",
|
||
|
- "src/lib/crypto/eddsa.cpp",
|
||
|
- "src/lib/crypto/elgamal.cpp",
|
||
|
- "src/lib/crypto/hash.cpp",
|
||
|
"src/lib/crypto/hash_common.cpp",
|
||
|
"src/lib/crypto/hash_sha1cd.cpp",
|
||
|
- "src/lib/crypto/mem.cpp",
|
||
|
"src/lib/crypto/mpi.cpp",
|
||
|
- "src/lib/crypto/rng.cpp",
|
||
|
- "src/lib/crypto/rsa.cpp",
|
||
|
"src/lib/crypto/s2k.cpp",
|
||
|
"src/lib/crypto/sha1cd/sha1.c",
|
||
|
"src/lib/crypto/sha1cd/ubc_check.c",
|
||
|
"src/lib/crypto/signatures.cpp",
|
||
|
- "src/lib/crypto/symmetric.cpp",
|
||
|
"src/lib/fingerprint.cpp",
|
||
|
"src/lib/generate-key.cpp",
|
||
|
"src/lib/json-utils.cpp",
|
||
|
@@ -159,4 +165,40 @@ SOURCES += [
|
||
|
"src/librepgp/stream-write.cpp",
|
||
|
]
|
||
|
|
||
|
+if CONFIG["MZLA_LIBRNP_BACKEND"] == "botan":
|
||
|
+ SOURCES += [
|
||
|
+ "src/lib/crypto/bn.cpp",
|
||
|
+ "src/lib/crypto/cipher_botan.cpp",
|
||
|
+ "src/lib/crypto/dsa.cpp",
|
||
|
+ "src/lib/crypto/ec.cpp",
|
||
|
+ "src/lib/crypto/ecdh.cpp",
|
||
|
+ "src/lib/crypto/ecdsa.cpp",
|
||
|
+ "src/lib/crypto/eddsa.cpp",
|
||
|
+ "src/lib/crypto/elgamal.cpp",
|
||
|
+ "src/lib/crypto/hash.cpp",
|
||
|
+ "src/lib/crypto/mem.cpp",
|
||
|
+ "src/lib/crypto/rng.cpp",
|
||
|
+ "src/lib/crypto/rsa.cpp",
|
||
|
+ "src/lib/crypto/symmetric.cpp",
|
||
|
+ ]
|
||
|
+if CONFIG["MZLA_LIBRNP_BACKEND"] == "openssl":
|
||
|
+ SOURCES += [
|
||
|
+ "src/lib/crypto/bn_ossl.cpp",
|
||
|
+ "src/lib/crypto/cipher_ossl.cpp",
|
||
|
+ "src/lib/crypto/dl_ossl.cpp",
|
||
|
+ "src/lib/crypto/dsa_ossl.cpp",
|
||
|
+ "src/lib/crypto/ec_ossl.cpp",
|
||
|
+ "src/lib/crypto/ecdh_ossl.cpp",
|
||
|
+ "src/lib/crypto/ecdsa_ossl.cpp",
|
||
|
+ "src/lib/crypto/eddsa_ossl.cpp",
|
||
|
+ "src/lib/crypto/elgamal_ossl.cpp",
|
||
|
+ "src/lib/crypto/hash_crc24.cpp",
|
||
|
+ "src/lib/crypto/hash_ossl.cpp",
|
||
|
+ "src/lib/crypto/mem_ossl.cpp",
|
||
|
+ "src/lib/crypto/rng_ossl.cpp",
|
||
|
+ "src/lib/crypto/rsa_ossl.cpp",
|
||
|
+ "src/lib/crypto/s2k_ossl.cpp",
|
||
|
+ "src/lib/crypto/symmetric_ossl.cpp",
|
||
|
+ ]
|
||
|
+
|
||
|
DIRS += ["src/rnp", "src/rnpkeys"]
|