summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCoprDistGit <infra@openeuler.org>2023-05-08 07:00:55 +0000
committerCoprDistGit <infra@openeuler.org>2023-05-08 07:00:55 +0000
commitab8f413fab82fac5f4db96341fd19e284d9db462 (patch)
tree45db807eec48a95d603d1ff4e323dd7db023a6ed
parent1e9e8f4ab8fcd994f555f76938a6a6d2811c31df (diff)
automatic import of dsoftbusopeneuler20.03
Diffstat
-rw-r--r--.gitignore8
-rw-r--r--build-0001-add-dsoftbus-build-support-for-embedded-env.patch390
-rw-r--r--build-0002-support-hichian-for-openeuler.patch37
-rw-r--r--build-0003-add-deviceauth-ipc-sdk-compile.patch82
-rw-r--r--build-0004-change-set-for-obs-build.patch73
-rw-r--r--commonlibrary-c-utils-0001-Adaptation-for-dsoftbus.patch99
-rw-r--r--depend-0001-add-productdefine-for-openeuler.patch49
-rw-r--r--depend-0002-add-depend-for-openeuler.patch389
-rw-r--r--dsoftbus-standard-0001-simplify-dependency-for-dsoftbus-standard.patch89
-rw-r--r--dsoftbus.spec235
-rw-r--r--libboundscheck-0001-Adaptation-for-dsoftbus.patch44
-rw-r--r--security-device-auth-0001-deviceauth-for-openeuler.patch103
-rw-r--r--security-device-auth-0002-deviceauth-ipc-service.patch276
-rw-r--r--security-device-auth-0003-simplify-dependency-on-third-party-packages.patch79
-rw-r--r--security-huks-0001-support-huks-for-openeuler.patch236
-rw-r--r--security-huks-0002-simplify-dependency-on-third-party-packages.patch114
-rw-r--r--security-huks-0003-fix-discarded-qualifiers-error.patch53
-rw-r--r--sources8
-rw-r--r--third-party-cjson-0001-adapter-cjson-in-openEuler-for-softbus.patch46
-rw-r--r--third-party-mbedtls-0001-Adaptation-for-dsoftbus.patch17
-rw-r--r--third-party-mbedtls-0002-fix-CVE-2021-43666.patch409
-rw-r--r--third-party-mbedtls-0002-fix-CVE-2021-45451.patch24
22 files changed, 2860 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index e69de29..4cec19a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,8 @@
+/build-OpenHarmony-v3.0.2-LTS.tar.gz
+/commonlibrary_c_utils-OpenHarmony-v3.1.2-Release.tar.gz
+/dsoftbus_standard-v3.1.2.2-release.tar.gz
+/embedded-ipc-v1.0.1-release.tar.gz
+/security_device_auth-OpenHarmony-v3.1.2-Release.tar.gz
+/security_huks-OpenHarmony-v3.1.2-Release.tar.gz
+/third_party_libcoap-OpenHarmony-v3.1.2-Release.tar.gz
+/third_party_mbedtls-OpenHarmony-v3.1.2-Release.tar.gz
diff --git a/build-0001-add-dsoftbus-build-support-for-embedded-env.patch b/build-0001-add-dsoftbus-build-support-for-embedded-env.patch
new file mode 100644
index 0000000..6eccb07
--- /dev/null
+++ b/build-0001-add-dsoftbus-build-support-for-embedded-env.patch
@@ -0,0 +1,390 @@
+From a7244bd742f999e7ec8462797c7e7a393a844a7b Mon Sep 17 00:00:00 2001
+From: hmilylmk <liumingkai@huawei.com>
+Date: Sat, 13 Aug 2022 08:21:36 +0800
+Subject: [PATCH] add dsoftbus build support for embedded env
+
+Signed-off-by: hmilylmk <liumingkai@huawei.com>
+---
+ build_scripts/build.sh | 9 ++++----
+ config/BUILDCONFIG.gn | 11 ++++-----
+ config/compiler/compiler.gni | 6 +----
+ config/ohos/BUILD.gn | 32 +-------------------------
+ config/ohos/abi.gni | 5 -----
+ config/ohos/config.gni | 4 ++--
+ config/ohos/musl.gni | 4 +++-
+ core/gn/BUILD.gn | 35 ++---------------------------
+ loader/preloader/platforms.template | 4 ++--
+ ohos.gni | 7 ------
+ subsystem_config.json | 6 +++++
+ toolchain/linux/BUILD.gn | 8 +++++--
+ 12 files changed, 31 insertions(+), 100 deletions(-)
+
+diff --git a/build_scripts/build.sh b/build_scripts/build.sh
+index 3514b36..e2404ca 100755
+--- a/build_scripts/build.sh
++++ b/build_scripts/build.sh
+@@ -70,22 +70,22 @@ do
+ shift
+ done
+
+-
+ if [[ "${source_root_dir}x" == "x" ]]; then
+ echo "Error: source_root_dir cannot be empty."
+ exit 1
+ fi
++
+ if [[ ! -d "${source_root_dir}" ]]; then
+ echo "Error: source_root_dir is incorrect."
+ exit 1
+ fi
++
+ if [[ "${product_name}x" == "x" ]]; then
+ echo -e "\033[31mError: the product name should be specified!\033[0m"
+ help
+ exit 1
+ fi
+
+-
+ case $(uname -s) in
+ Darwin)
+ HOST_DIR="darwin-x86"
+@@ -102,10 +102,9 @@ case $(uname -s) in
+ esac
+
+ # set python3
+-PYTHON3=${source_root_dir}/prebuilts/python/${HOST_DIR}/3.8.5/bin/python3
+-
++PYTHON3=`which python`
+ if [[ ! -f "${PYTHON3}" ]]; then
+- echo -e "\033[33m Please execute the build/prebuilts_download.sh \033[0m"
++ echo -e "\033[33m python3 not found, please check\033[0m"
+ exit 1
+ fi
+
+diff --git a/config/BUILDCONFIG.gn b/config/BUILDCONFIG.gn
+index 98bb98b..9e016df 100755
+--- a/config/BUILDCONFIG.gn
++++ b/config/BUILDCONFIG.gn
+@@ -130,10 +130,7 @@ declare_args() {
+ is_desktop_linux = current_os == "linux"
+
+ # Set to true when compiling with the Clang compiler.
+- is_clang = current_os != "linux" ||
+- (current_cpu != "s390x" && current_cpu != "s390" &&
+- current_cpu != "ppc64" && current_cpu != "ppc" &&
+- current_cpu != "mips" && current_cpu != "mips64")
++ is_clang = false
+
+ # Allows the path to a custom target toolchain to be injected as a single
+ # argument, and set as the default toolchain.
+@@ -154,7 +151,7 @@ declare_args() {
+ }
+
+ declare_args() {
+- use_musl = true
++ use_musl = false
+ }
+
+ asdk_libs_dir = "//prebuilts/asdk_libs"
+@@ -220,7 +217,7 @@ if (host_toolchain == "") {
+
+ if (host_os == "linux") {
+ if (target_os != "linux") {
+- host_toolchain = "//build/toolchain/linux:clang_$host_cpu"
++ host_toolchain = "//build/toolchain/linux:$host_cpu"
+ } else if (is_clang) {
+ host_toolchain = "//build/toolchain/linux:clang_$host_cpu"
+ } else {
+@@ -250,7 +247,7 @@ _default_toolchain = ""
+ if (target_os == "ohos") {
+ assert(host_os == "linux" || host_os == "mac",
+ "ohos builds are only supported on Linux and Mac hosts.")
+- _default_toolchain = "//build/toolchain/ohos:ohos_clang_$target_cpu"
++ _default_toolchain = "//build/toolchain/linux:$target_cpu"
+ } else if (target_os == "linux") {
+ if (is_clang) {
+ _default_toolchain = "//build/toolchain/linux:clang_$target_cpu"
+diff --git a/config/compiler/compiler.gni b/config/compiler/compiler.gni
+index b77100a..ae45cc8 100755
+--- a/config/compiler/compiler.gni
++++ b/config/compiler/compiler.gni
+@@ -152,11 +152,7 @@ declare_args() {
+
+ declare_args() {
+ # Whether to use the gold linker from binutils instead of lld or bfd.
+- use_gold = !use_lld &&
+- ((is_linux && (current_cpu == "x64" || current_cpu == "x86" ||
+- current_cpu == "arm")) ||
+- (is_ohos && (current_cpu == "x86" || current_cpu == "x64" ||
+- current_cpu == "arm" || current_cpu == "arm64")))
++ use_gold = false
+ }
+
+ # If it wasn't manually set, set to an appropriate default.
+diff --git a/config/ohos/BUILD.gn b/config/ohos/BUILD.gn
+index aa5ac7c..941cc2e 100755
+--- a/config/ohos/BUILD.gn
++++ b/config/ohos/BUILD.gn
+@@ -24,31 +24,17 @@ config("compiler") {
+ "HAVE_SYS_UIO_H",
+ ]
+
+- defines += [
+- "__MUSL__",
+- "_LIBCPP_HAS_MUSL_LIBC",
+- "__BUILD_LINUX_WITH_CLANG",
+- ]
+-
+ ldflags = [
+ "-Wl,--no-undefined",
+- "-Wl,--exclude-libs=libunwind_llvm.a",
+- "-Wl,--exclude-libs=libc++_static.a",
+
+ # Don't allow visible symbols from libraries that contain
+ # assembly code with symbols that aren't hidden properly.
+ # http://crbug.com/448386
+- "-Wl,--exclude-libs=libvpx_assembly_arm.a",
+ ]
+
+- cflags += [ "--target=$abi_target" ]
+ include_dirs = [
+- "${musl_sysroot}/usr/include/${abi_target}",
+- "${clang_base_path}/include/c++/v1",
+ ]
+
+- ldflags += [ "--target=$abi_target" ]
+-
+ # Assign any flags set for the C compiler to asmflags so that they are sent
+ # to the assembler.
+ asmflags = cflags
+@@ -66,13 +52,6 @@ config("runtime_library") {
+ "CHROMIUM_CXX_TWEAK_INLINES", # Saves binary size.
+ ]
+
+- defines += [
+- "__MUSL__",
+- "_LIBCPP_HAS_MUSL_LIBC",
+- "__BUILD_LINUX_WITH_CLANG",
+- ]
+- ldflags = [ "-nostdlib" ]
+-
+ libs = []
+
+ # arm builds of libc++ starting in NDK r12 depend on unwind.
+@@ -80,20 +59,11 @@ config("runtime_library") {
+ libs += [ "unwind" ]
+ }
+
+- ldflags += [
+- "-L" +
+- rebase_path("${clang_base_path}/lib/${abi_target}/c++", root_build_dir),
+- "-L" + rebase_path("${musl_sysroot}/usr/lib/${abi_target}", root_build_dir),
+- "-L" + rebase_path("${clang_base_path}/lib/clang/10.0.1/lib/${abi_target}",
+- root_build_dir),
++ ldflags = [
+ ]
+- ldflags += [ "-Wl,--dynamic-linker,/system/bin/ld-musl-${musl_arch}.so.1" ]
+
+ libs += [
+- rebase_path(libclang_rt_file),
+ "c",
+- "c++",
+- "c++abi",
+ ]
+
+ if (current_cpu == "arm" && arm_version == 6) {
+diff --git a/config/ohos/abi.gni b/config/ohos/abi.gni
+index 57d1dca..600bc3e 100755
+--- a/config/ohos/abi.gni
++++ b/config/ohos/abi.gni
+@@ -61,8 +61,3 @@ if (target_cpu == "arm64") {
+ ohos_secondary_abi_cpu = "x86"
+ ohos_app_secondary_abi = "x86"
+ }
+-
+-if (defined(ohos_secondary_abi_cpu)) {
+- ohos_secondary_abi_toolchain =
+- "//build/toolchain/ohos:ohos_clang_${ohos_secondary_abi_cpu}"
+-}
+diff --git a/config/ohos/config.gni b/config/ohos/config.gni
+index 072bce1..00c7311 100644
+--- a/config/ohos/config.gni
++++ b/config/ohos/config.gni
+@@ -26,11 +26,11 @@ if (is_ohos) {
+ }
+
+ if (current_cpu == "arm") {
+- abi_target = "arm-linux-ohosmusl"
++ abi_target = ""
+ } else if (current_cpu == "x86") {
+ abi_target = ""
+ } else if (current_cpu == "arm64") {
+- abi_target = "aarch64-linux-ohosmusl"
++ abi_target = ""
+ } else if (current_cpu == "x86_64") {
+ abi_target = ""
+ } else {
+diff --git a/config/ohos/musl.gni b/config/ohos/musl.gni
+index 2468ca8..f9cead9 100644
+--- a/config/ohos/musl.gni
++++ b/config/ohos/musl.gni
+@@ -16,4 +16,6 @@ if (use_musl){
+ musl_target = "//third_party/musl:musl_libs"
+ musl_sysroot = get_label_info(musl_target, "target_out_dir")
+ import("//third_party/musl/musl_config.gni")
+-}
+\ No newline at end of file
++} else {
++ musl_sysroot = ""
++}
+diff --git a/core/gn/BUILD.gn b/core/gn/BUILD.gn
+index 38d3cc9..cde44b1 100755
+--- a/core/gn/BUILD.gn
++++ b/core/gn/BUILD.gn
+@@ -86,41 +86,10 @@ if (product_name == "ohos-sdk") {
+ deps = [ "//build/ohos/sdk:ohos_sdk" ]
+ }
+ } else {
+- group("make_all") {
+- deps = [
+- ":images",
+- ":make_inner_kits",
+- ":packages",
+- ]
+- }
+-
+ group("images") {
+- deps = [ "//build/ohos/images:make_images" ]
+- }
+-
+- group("packages") {
+- deps = [ "//build/ohos/packages:make_packages" ]
+- }
+-
+- group("make_inner_kits") {
+- deps = [ "$root_build_dir/build_configs:inner_kits" ]
+- }
+-
+- group("build_all_test_pkg") {
+- testonly = true
+ deps = [
+- "$root_build_dir/build_configs:parts_test",
+- "//test/developertest:make_temp_test",
++ "//foundation/communication/dsoftbus/core/frame:softbus_server_main",
++ "//foundation/communication/dsoftbus/sdk:softbus_client",
+ ]
+ }
+-
+- group("make_test") {
+- testonly = true
+- deps = [ ":build_all_test_pkg" ]
+- deps += [ "//build/ohos/packages:package_testcase_mlf" ]
+- deps += [ "//build/ohos/packages:package_testcase" ]
+- if (archive_component) {
+- deps += [ "//build/ohos/testfwk:archive_testcase" ]
+- }
+- }
+ }
+diff --git a/loader/preloader/platforms.template b/loader/preloader/platforms.template
+index 5cad64d..7577fd6 100644
+--- a/loader/preloader/platforms.template
++++ b/loader/preloader/platforms.template
+@@ -4,13 +4,13 @@
+ {
+ "target_os": "ohos",
+ "target_cpu": "arm64",
+- "toolchain": "//build/toolchain/ohos:ohos_clang_arm64",
++ "toolchain": "//build/toolchain/linux:arm64",
+ "parts_config": "./parts.json"
+ },
+ {
+ "target_os": "ohos",
+ "target_cpu": "arm",
+- "toolchain": "//build/toolchain/ohos:ohos_clang_arm",
++ "toolchain": "//build/toolchain/linux:arm",
+ "parts_config": "./parts.json"
+ }
+ ]
+diff --git a/ohos.gni b/ohos.gni
+index 77be836..a34baa3 100755
+--- a/ohos.gni
++++ b/ohos.gni
+@@ -11,19 +11,12 @@
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+
+-import("//build/config/sanitizers/sanitizers.gni")
+-import("//build/ohos/ndk/ndk.gni")
+-import("//build/ohos/notice/notice.gni")
+-import("//build/ohos/sa_profile/sa_profile.gni")
+ import("//build/ohos_var.gni")
+ import("//build/toolchain/toolchain.gni")
+
+ # import cxx base templates
+ import("//build/templates/cxx/cxx.gni")
+
+-import("//build/ohos/ace/ace.gni")
+-import("//build/ohos/app/app.gni")
+-
+ import("//build/templates/common/ohos_templates.gni")
+
+ # import prebuilt templates
+diff --git a/subsystem_config.json b/subsystem_config.json
+index f04f29e..ebc0869 100644
+--- a/subsystem_config.json
++++ b/subsystem_config.json
+@@ -178,5 +178,11 @@
+ "path": "kernel/linux/build",
+ "name": "kernel",
+ "dir": "kernel/linux"
++ },
++ "depend": {
++ "project":"openEuler/depend",
++ "path": "depend",
++ "name": "depend",
++ "dir": "depend"
+ }
+ }
+diff --git a/toolchain/linux/BUILD.gn b/toolchain/linux/BUILD.gn
+index 1a4c4e9..c811cf9 100755
+--- a/toolchain/linux/BUILD.gn
++++ b/toolchain/linux/BUILD.gn
+@@ -22,7 +22,8 @@ clang_toolchain("clang_arm64") {
+ }
+
+ gcc_toolchain("arm64") {
+- toolprefix = "aarch64-linux-gnu-"
++ tool_path = rebase_path("//toolchain/bin", root_build_dir)
++ toolprefix = "${tool_path}/aarch64-openeuler-linux-gnu-"
+
+ cc = "${toolprefix}gcc"
+ cxx = "${toolprefix}g++"
+@@ -31,6 +32,7 @@ gcc_toolchain("arm64") {
+ ld = cxx
+ readelf = "${toolprefix}readelf"
+ nm = "${toolprefix}nm"
++ strip = "${toolprefix}strip"
+
+ toolchain_args = {
+ current_cpu = "arm64"
+@@ -40,7 +42,8 @@ gcc_toolchain("arm64") {
+ }
+
+ gcc_toolchain("arm") {
+- toolprefix = "arm-linux-gnueabihf-"
++ tool_path = rebase_path("//toolchain/bin", root_build_dir)
++ toolprefix = "${tool_path}/arm-openeuler-linux-gnu-"
+
+ cc = "${toolprefix}gcc"
+ cxx = "${toolprefix}g++"
+@@ -49,6 +52,7 @@ gcc_toolchain("arm") {
+ ld = cxx
+ readelf = "${toolprefix}readelf"
+ nm = "${toolprefix}nm"
++ strip = "${toolprefix}strip"
+
+ toolchain_args = {
+ current_cpu = "arm"
+--
+2.34.1
+
diff --git a/build-0002-support-hichian-for-openeuler.patch b/build-0002-support-hichian-for-openeuler.patch
new file mode 100644
index 0000000..4c94697
--- /dev/null
+++ b/build-0002-support-hichian-for-openeuler.patch
@@ -0,0 +1,37 @@
+From 4a7242c3bb1360510094ee099780e5237f8f0d53 Mon Sep 17 00:00:00 2001
+From: "beiling.xie" <xiekunxun@huawei.com>
+Date: Fri, 2 Sep 2022 22:36:29 +0800
+Subject: [PATCH 2/2] support hichian for openeuler
+
+Signed-off-by: beiling.xie <xiekunxun@huawei.com>
+---
+ config/BUILDCONFIG.gn | 3 +++
+ core/gn/BUILD.gn | 1 +
+ 2 files changed, 4 insertions(+)
+
+diff --git a/config/BUILDCONFIG.gn b/config/BUILDCONFIG.gn
+index 9e016df..4cc5b41 100755
+--- a/config/BUILDCONFIG.gn
++++ b/config/BUILDCONFIG.gn
+@@ -517,3 +517,6 @@ foreach(_target_type, target_type_list) {
+ }
+ }
+ }
++
++support_jsapi = false
++os_level = "standard"
+diff --git a/core/gn/BUILD.gn b/core/gn/BUILD.gn
+index 9784cda..9c38fe4 100755
+--- a/core/gn/BUILD.gn
++++ b/core/gn/BUILD.gn
+@@ -90,6 +90,7 @@ if (product_name == "ohos-sdk") {
+ deps = [
+ "//foundation/communication/dsoftbus/core/frame:softbus_server_main",
+ "//foundation/communication/dsoftbus/sdk:softbus_client",
++ "//base/security/deviceauth/services:deviceauth_sdk",
+ ]
+ }
+ }
+--
+2.25.1
+
diff --git a/build-0003-add-deviceauth-ipc-sdk-compile.patch b/build-0003-add-deviceauth-ipc-sdk-compile.patch
new file mode 100644
index 0000000..79864b3
--- /dev/null
+++ b/build-0003-add-deviceauth-ipc-sdk-compile.patch
@@ -0,0 +1,82 @@
+From 1fb10c696cdde31c5fe30097cc38bbc0d054c812 Mon Sep 17 00:00:00 2001
+From: "beiling.xie" <xiekunxun@huawei.com>
+Date: Thu, 10 Nov 2022 10:50:33 +0800
+Subject: [PATCH] remove build_configs to simplify third-party tools
+
+Signed-off-by: beiling.xie <xiekunxun@huawei.com>
+---
+ config/ohos/musl.gni | 2 +-
+ core/build_scripts/make_main.sh | 2 +-
+ core/gn/BUILD.gn | 12 ------------
+ ohos/notice/notice.gni | 1 -
+ 4 files changed, 2 insertions(+), 15 deletions(-)
+
+diff --git a/config/ohos/musl.gni b/config/ohos/musl.gni
+index f9cead9..628e93c 100644
+--- a/config/ohos/musl.gni
++++ b/config/ohos/musl.gni
+@@ -17,5 +17,5 @@ if (use_musl){
+ musl_sysroot = get_label_info(musl_target, "target_out_dir")
+ import("//third_party/musl/musl_config.gni")
+ } else {
+- musl_sysroot = ""
++ musl_sysroot = getenv("STAGING_DIR_TARGET")
+ }
+diff --git a/core/build_scripts/make_main.sh b/core/build_scripts/make_main.sh
+index 770145c..e1168d8 100755
+--- a/core/build_scripts/make_main.sh
++++ b/core/build_scripts/make_main.sh
+@@ -78,7 +78,7 @@ do_make()
+ if [ "${TARGET_PLATFORM}" != "" ];then
+ ninja_build_args="$ninja_build_args --target-platform ${TARGET_PLATFORM}"
+ fi
+- real_build_target=$(python ${BASE_HOME}/build/scripts/build_target_handler.py $ninja_build_args)
++ real_build_target="images"
+ echo "build_target: "$real_build_target
+
+ if [ "${USE_NARUTO}"x = "truex" ];then
+diff --git a/core/gn/BUILD.gn b/core/gn/BUILD.gn
+index 9c38fe4..0dc0260 100755
+--- a/core/gn/BUILD.gn
++++ b/core/gn/BUILD.gn
+@@ -20,9 +20,6 @@ print("root_gen_dir=$root_gen_dir")
+ print("current_toolchain=$current_toolchain")
+ print("host_toolchain=$host_toolchain")
+
+-# load build configs and write load result to out_build_dir/build_configs
+-build_loader_script = rebase_path("//build/loader/load.py")
+-
+ _platforms_config_file = "//out/build_configs/standard_system/platforms.build"
+
+ build_platform = ""
+@@ -71,15 +68,6 @@ arguments += [
+ "subsystem_examples",
+ ]
+
+-load_result = exec_script(build_loader_script, arguments, "string")
+-
+-if (load_result != "") {
+- print()
+- print(load_result)
+-}
+-
+-print("build configs generation is complete.")
+-
+ # gn target defined
+ if (product_name == "ohos-sdk") {
+ group("build_ohos_sdk") {
+diff --git a/ohos/notice/notice.gni b/ohos/notice/notice.gni
+index db49684..566aeb4 100755
+--- a/ohos/notice/notice.gni
++++ b/ohos/notice/notice.gni
+@@ -14,7 +14,6 @@
+ import("//build/config/python.gni")
+ import("//build/ohos/build_var.gni")
+ import("//build/ohos_var.gni")
+-import("${build_configs_path}/platforms_list.gni")
+
+ declare_args() {
+ sdk_notice_dir = "$root_build_dir/NOTICE_FILES/sdk"
+--
+2.25.1
+
diff --git a/build-0004-change-set-for-obs-build.patch b/build-0004-change-set-for-obs-build.patch
new file mode 100644
index 0000000..7fa7a2f
--- /dev/null
+++ b/build-0004-change-set-for-obs-build.patch
@@ -0,0 +1,73 @@
+diff -Naur build-OpenHarmony-v3.0.2-LTS/config/sanitizers/BUILD.gn build-OpenHarmony-v3.0.2-LTS-path2/config/sanitizers/BUILD.gn
+--- build-OpenHarmony-v3.0.2-LTS/config/sanitizers/BUILD.gn 2022-02-26 17:17:05.000000000 +0800
++++ build-OpenHarmony-v3.0.2-LTS-path2/config/sanitizers/BUILD.gn 2022-07-14 11:50:09.927655500 +0800
+@@ -678,6 +678,8 @@
+ }
+ }
+
++ print(_clang_rt_libs_dir)
++
+ foreach(rt_lib, _dso_names) {
+ _clang_rt_dso_paths += [ "$_clang_rt_libs_dir/${rt_lib}" ]
+ }
+diff -Naur build-OpenHarmony-v3.0.2-LTS/loader/preloader/platforms.template build-OpenHarmony-v3.0.2-LTS-path2/loader/preloader/platforms.template
+--- build-OpenHarmony-v3.0.2-LTS/loader/preloader/platforms.template 2022-07-14 11:49:08.352875000 +0800
++++ build-OpenHarmony-v3.0.2-LTS-path2/loader/preloader/platforms.template 2022-07-14 11:06:07.951920300 +0800
+@@ -12,6 +12,12 @@
+ "target_cpu": "arm",
+ "toolchain": "//build/toolchain/linux:arm",
+ "parts_config": "./parts.json"
++ },
++ {
++ "target_os": "ohos",
++ "target_cpu": "x86_64",
++ "toolchain": "//build/toolchain/linux:x86_64",
++ "parts_config": "./parts.json"
+ }
+ ]
+ }
+diff -Naur build-OpenHarmony-v3.0.2-LTS/toolchain/linux/BUILD.gn build-OpenHarmony-v3.0.2-LTS-path2/toolchain/linux/BUILD.gn
+--- build-OpenHarmony-v3.0.2-LTS/toolchain/linux/BUILD.gn 2022-07-14 11:49:08.511178900 +0800
++++ build-OpenHarmony-v3.0.2-LTS-path2/toolchain/linux/BUILD.gn 2022-07-14 11:10:51.681272300 +0800
+@@ -25,6 +25,8 @@
+ tool_path = rebase_path("//toolchain/bin", root_build_dir)
+ toolprefix = "${tool_path}/aarch64-openeuler-linux-gnu-"
+
++ toolprefix = ""
++
+ cc = "${toolprefix}gcc"
+ cxx = "${toolprefix}g++"
+
+@@ -45,6 +47,8 @@
+ tool_path = rebase_path("//toolchain/bin", root_build_dir)
+ toolprefix = "${tool_path}/arm-openeuler-linux-gnu-"
+
++ toolprefix = ""
++
+ cc = "${toolprefix}gcc"
+ cxx = "${toolprefix}g++"
+
+@@ -120,4 +124,23 @@
+ current_os = "linux"
+ is_clang = false
+ }
++}
++
++gcc_toolchain("x86_64") {
++ cc = "gcc"
++ cxx = "g++"
++
++ readelf = "readelf"
++ nm = "nm"
++ ar = "ar"
++ ld = cxx
++
++ # Output linker map files for binary size analysis.
++ enable_linker_map = true
++
++ toolchain_args = {
++ current_cpu = "x86_64"
++ current_os = "linux"
++ is_clang = false
++ }
+ }
diff --git a/commonlibrary-c-utils-0001-Adaptation-for-dsoftbus.patch b/commonlibrary-c-utils-0001-Adaptation-for-dsoftbus.patch
new file mode 100644
index 0000000..22229bf
--- /dev/null
+++ b/commonlibrary-c-utils-0001-Adaptation-for-dsoftbus.patch
@@ -0,0 +1,99 @@
+From 1e7842b01138c2313b2d8d8e736f461a9690c027 Mon Sep 17 00:00:00 2001
+From: "beiling.xie" <xiekunxun@huawei.com>
+Date: Wed, 21 Sep 2022 11:57:27 +0800
+Subject: [PATCH] Adaptation for dsoftbus
+
+Signed-off-by: beiling.xie <xiekunxun@huawei.com>
+---
+ base/BUILD.gn | 37 ++++---------------------------------
+ base/src/parcel.cpp | 1 +
+ 2 files changed, 5 insertions(+), 33 deletions(-)
+
+diff --git a/base/BUILD.gn b/base/BUILD.gn
+index 883b1ec..723627b 100644
+--- a/base/BUILD.gn
++++ b/base/BUILD.gn
+@@ -38,24 +38,8 @@ config("static_utils_config") {
+ }
+
+ sources_utils = [
+- "src/string_ex.cpp",
+- "src/unicode_ex.cpp",
+- "src/directory_ex.cpp",
+- "src/datetime_ex.cpp",
+ "src/refbase.cpp",
+ "src/parcel.cpp",
+- "src/semaphore_ex.cpp",
+- "src/thread_pool.cpp",
+- "src/file_ex.cpp",
+- "src/observer.cpp",
+- "src/thread_ex.cpp",
+- "src/event_demultiplexer.cpp",
+- "src/event_handler.cpp",
+- "src/event_reactor.cpp",
+- "src/timer.cpp",
+- "src/timer_event_handler.cpp",
+- "src/ashmem.cpp",
+- "src/rwlock.cpp",
+ ]
+
+ securec_sources = [
+@@ -110,21 +94,18 @@ ohos_static_library("utilsbase") {
+ ]
+ public_configs = [ ":static_utils_config" ]
+ defines = [ "CONFIG_HILOG" ]
+- external_deps = [ "hilog_native:libhilog_base" ]
+ }
+
+ ohos_shared_library("utils") {
+ sources = sources_utils
+- sources += securec_sources
+ configs = [
+ ":utils_config",
+ ":private_securec_config",
+ ]
+ public_configs = [ ":static_utils_config" ]
+- subsystem_name = "utils"
+ defines = [ "CONFIG_HILOG" ]
+- external_deps = [ "hilog_native:libhilog_base" ]
+- part_name = "utils_base"
++ deps = [ "//third_party/bounds_checking_function:libsec_shared" ]
++ deps += [ "//depend:libhilog" ]
+ install_images = [
+ "system",
+ "updater",
+@@ -159,17 +140,7 @@ ohos_static_library("utilsecurec_ace_allplatforms") {
+ public_configs = [ ":static_utils_config" ]
+ }
+
+-ohos_shared_library("utilsecurec_shared") {
+- sources = securec_sources
+- configs = [
+- ":utils_config",
+- ":private_securec_config",
+- ]
+- public_configs = [ ":utils_config" ]
+- part_name = "utils_base"
+- install_images = [
+- "system",
+- "updater",
+- ]
++group("utilsecurec_shared") {
+ }
++
+ ###############################################################################
+diff --git a/base/src/parcel.cpp b/base/src/parcel.cpp
+index 855f7cf..1abaec5 100755
+--- a/base/src/parcel.cpp
++++ b/base/src/parcel.cpp
+@@ -13,6 +13,7 @@
+ * limitations under the License.
+ */
+
++#include <climits>
+ #include "parcel.h"
+ #include "securec.h"
+ #include "utils_log.h"
+--
+2.25.1
+
diff --git a/depend-0001-add-productdefine-for-openeuler.patch b/depend-0001-add-productdefine-for-openeuler.patch
new file mode 100644
index 0000000..3567e5b
--- /dev/null
+++ b/depend-0001-add-productdefine-for-openeuler.patch
@@ -0,0 +1,49 @@
+From: "liheavy" <lihaiwei8@huawei.com>
+Date: Fir, 26 Nov 2022 09:45:38 +0800
+Subject: [PATCH] Adaptation for productdefine of dsoftbus
+
+---
+diff -Nur a/common/base/standard_system.json b/common/base/standard_system.json
+--- a/common/base/standard_system.json 1970-01-01 08:00:00.000000000 +0800
++++ b/common/base/standard_system.json 2022-09-28 10:28:40.000000000 +0800
+@@ -0,0 +1 @@
++{}
+diff -Nur a/common/device/openEuler.json b/common/device/openEuler.json
+--- a/common/device/openEuler.json 1970-01-01 08:00:00.000000000 +0800
++++ b/common/device/openEuler.json 2022-09-28 10:28:40.000000000 +0800
+@@ -0,0 +1,8 @@
++{
++ "device_name": "openEuler",
++ "device_company": "hisilicon",
++ "target_os": "ohos",
++ "target_cpu": "arm64",
++ "kernel_version": "",
++ "device_build_path": "device/hisilicon/build"
++}
+diff -Nur a/common/products/openEuler.json b/common/products/openEuler.json
+--- a/common/products/openEuler.json 1970-01-01 08:00:00.000000000 +0800
++++ b/common/products/openEuler.json 2022-09-28 10:28:40.000000000 +0800
+@@ -0,0 +1,23 @@
++{
++ "product_name": "openEuler",
++ "product_company": "hisilicon",
++ "product_device": "openEuler",
++ "version": "2.0",
++ "type": "standard",
++ "product_build_path": "device/hisilicon/build",
++ "parts": {
++ "communication:dsoftbus_standard": {},
++ "security:huks_standard": {},
++ "security:deviceauth_standard": {},
++ "depend:hiviewdfx_hilog_native": {},
++ "depend:ipc": {},
++ "depend:ces_standard": {},
++ "depend:aafwk_standard": {},
++ "depend:appexecfwk_standard": {},
++ "depend:permission_standard": {},
++ "depend:safwk": {},
++ "depend:samgr_L2": {},
++ "depend:samgr_standard": {},
++ "depend:access_token": {}
++ }
++}
diff --git a/depend-0002-add-depend-for-openeuler.patch b/depend-0002-add-depend-for-openeuler.patch
new file mode 100644
index 0000000..baf0915
--- /dev/null
+++ b/depend-0002-add-depend-for-openeuler.patch
@@ -0,0 +1,389 @@
+From: "liheavy" <lihaiwei8@huawei.com>
+Date: Fir, 26 Nov 2022 09:45:38 +0800
+Subject: [PATCH] Adaptation for depend of dsoftbus
+
+---
+diff -Nur a/BUILD.gn b/BUILD.gn
+--- a/BUILD.gn 1970-01-01 08:00:00.000000000 +0800
++++ b/BUILD.gn 2022-09-28 10:28:40.000000000 +0800
+@@ -0,0 +1,59 @@
++import("//build/ohos.gni")
++
++config("hilog_config") {
++ include_dirs = [
++ "hilog/include",
++ "//third_party/bounds_checking_function/include",
++ ]
++}
++
++ohos_shared_library("libhilog") {
++ public_configs = [ ":hilog_config" ]
++ sources = [
++ "hilog/hilog.c",
++ ]
++ deps = [
++ "//third_party/bounds_checking_function:libsec_shared",
++ ]
++}
++
++group("system_ability_fwk") {
++}
++
++group("samgr_proxy") {
++}
++
++group("libpermissionsdk_standard") {
++}
++
++group("cesfwk_innerkits") {
++}
++
++group("want") {
++}
++
++group("appexecfwk_core") {
++}
++
++group("libaccesstoken_sdk") {
++}
++
++config("syspara_config") {
++ include_dirs = [
++ "syspara/include",
++ ]
++}
++
++ohos_shared_library("syspara") {
++ include_dirs = [
++ "syspara/include",
++ ]
++ sources = [
++ "syspara/syspara.c",
++ ]
++ public_configs = [ ":syspara_config" ]
++ deps = [
++ "//third_party/bounds_checking_function:libsec_shared",
++ "//third_party/mbedtls:mbedtls_shared",
++ ]
++}
+diff -Nur a/hilog/hilog.c b/hilog/hilog.c
+--- a/hilog/hilog.c 1970-01-01 08:00:00.000000000 +0800
++++ b/hilog/hilog.c 2022-09-28 10:28:40.000000000 +0800
+@@ -0,0 +1,39 @@
++#include <stdio.h>
++#include <string.h>
++#include <stdlib.h>
++#include <stdarg.h>
++#include "securec.h"
++#include "hilog_base/log_base.h"
++
++#ifndef LOG_PRINT_MAX_LEN
++#define LOG_PRINT_MAX_LEN 256
++#endif
++
++char *adapterStrForPrintfFormat(const char *fmt) {
++ char *left, *right;
++ char *buffer = (char *)malloc(LOG_PRINT_MAX_LEN * sizeof(char));
++ (void)memset_s(buffer, LOG_PRINT_MAX_LEN * sizeof(char), 0, LOG_PRINT_MAX_LEN * sizeof(char));
++ strcpy_s(buffer, LOG_PRINT_MAX_LEN * sizeof(char), fmt);
++ while (strstr(buffer, "{")) {
++ left = strstr(buffer, "{");
++ right = strstr(buffer, "}");
++ right++;
++ while (*right != '\0') {
++ *left = *right;
++ left++;
++ right++;
++ }
++ *left = '\0';
++ }
++ return buffer;
++}
++
++void printfAdapter(const char *fmt, ...) {
++ char *buffer;
++ buffer = adapterStrForPrintfFormat(fmt);
++ va_list ap;
++ va_start(ap, fmt);
++ vprintf(buffer, ap);
++ va_end(ap);
++ free(buffer);
++}
+diff -Nur a/hilog/include/hilog/log.h b/hilog/include/hilog/log.h
+--- a/hilog/include/hilog/log.h 1970-01-01 08:00:00.000000000 +0800
++++ b/hilog/include/hilog/log.h 2022-09-28 10:28:40.000000000 +0800
+@@ -0,0 +1,37 @@
++#ifndef _HILOG_H
++#define _HILOG_H
++
++#ifdef __cplusplus
++#if __cplusplus
++extern "C" {
++#endif
++#endif
++
++// Log type
++typedef enum {
++ LOG_TYPE_MIN = 0,
++ LOG_APP = 0,
++ // Log to kmsg, only used by init phase.
++ LOG_INIT = 1,
++ // Used by core service, framework.
++ LOG_CORE = 3,
++ LOG_TYPE_MAX
++} LogType;
++
++char *adapterStrForPrintfFormat(const char *fmt);
++void printfAdapter(const char *fmt, ...);
++
++#define HILOG_DEBUG(type, fmt, ...) printfAdapter(fmt"\n", ##__VA_ARGS__)
++#define HILOG_INFO(type, fmt, ...) printfAdapter(fmt"\n", ##__VA_ARGS__)
++#define HILOG_WARN(type, fmt, ...) printfAdapter(fmt"\n", ##__VA_ARGS__)
++#define HILOG_ERROR(type, fmt, ...) printfAdapter(fmt"\n", ##__VA_ARGS__)
++#define HiLogPrint(type, level, domain, tag, fmt, ...) printf(fmt"\n", ##__VA_ARGS__)
++#define HiLogBasePrint(type, level, domain, tag, fmt, ...) printfAdapter(fmt"\n", ##__VA_ARGS__)
++
++#ifdef __cplusplus
++#if __cplusplus
++}
++#endif
++#endif
++
++#endif
+diff -Nur a/hilog/include/hilog_base/log_base.h b/hilog/include/hilog_base/log_base.h
+--- a/hilog/include/hilog_base/log_base.h 1970-01-01 08:00:00.000000000 +0800
++++ b/hilog/include/hilog_base/log_base.h 2022-09-28 10:28:40.000000000 +0800
+@@ -0,0 +1 @@
++#include <hilog/log.h>
+diff -Nur a/ohos.build b/ohos.build
+--- a/ohos.build 1970-01-01 08:00:00.000000000 +0800
++++ b/ohos.build 2022-09-28 10:28:40.000000000 +0800
+@@ -0,0 +1,114 @@
++{
++ "subsystem": "depend",
++ "parts": {
++ "hiviewdfx_hilog_native": {
++ "module_list": [ ],
++ "inner_kits": [
++ {
++ "name": "//depend:libhilog",
++ "header": {
++ "header_files": [ ],
++ "header_base": "//depend"
++ }
++ }
++ ]
++ },
++ "ces_standard": {
++ "module_list": [ ],
++ "inner_kits": [
++ {
++ "name": "//depend:cesfwk_innerkits",
++ "header": {
++ "header_files": [ ],
++ "header_base": "//depend"
++ }
++ }
++ ]
++ },
++ "aafwk_standard": {
++ "module_list": [ ],
++ "inner_kits": [
++ {
++ "name": "//depend:want",
++ "header": {
++ "header_files": [ ],
++ "header_base": "//depend"
++ }
++ }
++ ]
++ },
++ "appexecfwk_standard": {
++ "module_list": [ ],
++ "inner_kits": [
++ {
++ "name": "//depend:appexecfwk_core",
++ "header": {
++ "header_files": [ ],
++ "header_base": "//depend"
++ }
++ }
++ ]
++ },
++ "permission_standard": {
++ "module_list": [ ],
++ "inner_kits": [
++ {
++ "name": "//depend:libpermissionsdk_standard",
++ "header": {
++ "header_files": [ ],
++ "header_base":"//depend"
++ }
++ }
++ ]
++ },
++ "safwk": {
++ "module_list": [ ],
++ "inner_kits": [
++ {
++ "name": "//depend:system_ability_fwk",
++ "header": {
++ "header_files": [ ],
++ "header_base": "//depend"
++ }
++ }
++ ]
++ },
++ "samgr_L2": {
++ "module_list": [ ],
++ "inner_kits": [
++ {
++ "name": "//depend:samgr_proxy",
++ "header": {
++ "header_files": [ ],
++ "header_base": "//depend"
++ }
++ }
++ ]
++ },
++ "samgr_standard": {
++ "module_list": [ ],
++ "inner_kits": [
++ {
++ "name": "//depend:samgr_proxy",
++ "header": {
++ "header_files": [ ],
++ "header_base": "//depend"
++ }
++ }
++ ]
++ },
++ "access_token": {
++ "module_list": [ ],
++ "inner_kits": [
++ {
++ "name": "//depend:libaccesstoken_sdk",
++ "header": {
++ "header_files": [ ],
++ "header_base": "//depend"
++ }
++ }
++ ]
++ }
++ }
++}
++
+diff -Nur a/syspara/include/parameter.h b/syspara/include/parameter.h
+--- a/syspara/include/parameter.h 1970-01-01 08:00:00.000000000 +0800
++++ b/syspara/include/parameter.h 2022-09-28 10:28:40.000000000 +0800
+@@ -0,0 +1,20 @@
++#ifndef SYSPARA_PARAMETER_H
++#define SYSPARA_PARAMETER_H
++
++#ifdef __cplusplus
++#if __cplusplus
++extern "C" {
++#endif
++#endif /* __cplusplus */
++
++int GetDevUdid(char *udid, int size);
++
++char * GetDeviceType(void);
++
++#ifdef __cplusplus
++#if __cplusplus
++}
++#endif
++#endif /* __cplusplus */
++
++#endif /* SYSPARA_PARAMETER_H */
+diff -Nur a/syspara/syspara.c b/syspara/syspara.c
+--- a/syspara/syspara.c 1970-01-01 08:00:00.000000000 +0800
++++ b/syspara/syspara.c 2022-09-28 10:28:40.000000000 +0800
+@@ -0,0 +1,86 @@
++#include <string.h>
++#include "securec.h"
++#include "parameter.h"
++#include "sha256.h"
++
++#define SN_FILE "/etc/SN"
++#define SN_LEN 65
++#define UDID_LEN 65
++#define DEV_BUF_LENGTH 3
++#define HASH_LENGTH 32
++static char *deviceType = "UNKNOWN";
++
++static int GetHash(const char *input, char *output, int size)
++{
++ char buf[DEV_BUF_LENGTH] = { 0 };
++ unsigned char hash[HASH_LENGTH] = { 0 };
++ mbedtls_sha256_context context;
++
++ mbedtls_sha256_init(&context);
++ mbedtls_sha256_starts_ret(&context, 0);
++ mbedtls_sha256_update_ret(&context, (const unsigned char*)input, strlen(input));
++ mbedtls_sha256_finish_ret(&context, hash);
++
++ for (size_t i = 0; i < HASH_LENGTH; i++) {
++ unsigned char value = hash[i];
++ memset_s(buf, DEV_BUF_LENGTH, 0, DEV_BUF_LENGTH);
++ sprintf_s(buf, sizeof(buf), "%02X", value);
++ if (strcat_s(output, size, buf) != 0) {
++ return -1;
++ }
++ }
++ return 0;
++}
++
++int GetDevUdid(char *udid, int size)
++{
++ FILE *fp;
++ char *realPath = NULL;
++ char sn[SN_LEN] = {0};
++ char out[UDID_LEN] = {0};
++ int ret;
++
++ realPath = realpath(SN_FILE, NULL);
++ if (realPath == NULL) {
++ printf("realpath fail.\n");
++ goto err_realpath;
++ }
++
++ fp = fopen(realPath, "r");
++ if (fp == NULL) {
++ printf("open SN fail.\n");
++ goto err_fopen;
++ }
++
++ ret = fscanf_s(fp, "%s", sn, SN_LEN);
++ if (ret < 1) {
++ printf("get sn fail.\n");
++ goto err_out;
++ }
++
++ ret = GetHash(sn, out, UDID_LEN);
++ if (ret < 0) {
++ printf("get hash fail.\n");
++ goto err_out;
++ }
++
++ ret = sprintf_s(udid, size, "%s", out);
++ if (ret <= 0) {
++ printf("sprintf_s error.\n");
++ goto err_out;
++ }
++
++ fclose(fp);
++ return 0;
++err_out:
++ fclose(fp);
++err_fopen:
++ free(realPath);
++err_realpath:
++ return -1;
++}
++
++char * GetDeviceType(void)
++{
++ return deviceType;
++}
diff --git a/dsoftbus-standard-0001-simplify-dependency-for-dsoftbus-standard.patch b/dsoftbus-standard-0001-simplify-dependency-for-dsoftbus-standard.patch
new file mode 100644
index 0000000..1099f1d
--- /dev/null
+++ b/dsoftbus-standard-0001-simplify-dependency-for-dsoftbus-standard.patch
@@ -0,0 +1,89 @@
+From 26d71c4574464eb92b506ba7be48a2980500bee7 Mon Sep 17 00:00:00 2001
+From: "beiling.xie" <xiekunxun@huawei.com>
+Date: Thu, 10 Nov 2022 10:26:14 +0800
+Subject: [PATCH] simplify dependency on third-party packages
+
+Signed-off-by: beiling.xie <xiekunxun@huawei.com>
+---
+ adapter/BUILD.gn | 2 +-
+ core/common/BUILD.gn | 2 +-
+ core/frame/BUILD.gn | 13 ++++++-------
+ sdk/BUILD.gn | 6 +++---
+ 4 files changed, 11 insertions(+), 12 deletions(-)
+
+diff --git a/adapter/BUILD.gn b/adapter/BUILD.gn
+index fe6cb79b..e59c2965 100644
+--- a/adapter/BUILD.gn
++++ b/adapter/BUILD.gn
+@@ -137,7 +137,7 @@ if (defined(ohos_lite)) {
+ ]
+ public_configs = [ ":config_adapter_common" ]
+ if (is_standard_system) {
+- external_deps = [ "hiviewdfx_hilog_native:libhilog" ]
++ deps += [ "//depend:libhilog" ]
+ }
+ part_name = "dsoftbus_standard"
+ subsystem_name = "communication"
+diff --git a/core/common/BUILD.gn b/core/common/BUILD.gn
+index fdb4134d..4c305d7f 100644
+--- a/core/common/BUILD.gn
++++ b/core/common/BUILD.gn
+@@ -114,7 +114,7 @@ if (defined(ohos_lite)) {
+ "//utils/native/base:utilsecurec_shared",
+ ]
+ if (is_standard_system) {
+- external_deps = [ "hiviewdfx_hilog_native:libhilog" ]
++ deps = [ "//depend:libhilog" ]
+ }
+ part_name = "dsoftbus_standard"
+ subsystem_name = "communication"
+diff --git a/core/frame/BUILD.gn b/core/frame/BUILD.gn
+index 5109f201..3948ef68 100644
+--- a/core/frame/BUILD.gn
++++ b/core/frame/BUILD.gn
+@@ -163,10 +163,9 @@ if (defined(ohos_lite)) {
+ "//base/security/deviceauth/services:deviceauth",
+ ]
+ if (is_standard_system) {
+- external_deps = bus_center_server_external_deps
+- external_deps += [
+- "hiviewdfx_hilog_native:libhilog",
+- "ipc:ipc_core",
++ deps += [
++ "//depend:libhilog",
++ "//depend/ipc:ipc_core",
+ ]
+ }
+
+@@ -192,9 +191,9 @@ if (defined(ohos_lite)) {
+ "//base/security/huks/services/huks_standard/huks_engine/main/core:huks_engine_core_standard",
+ "//depend:syspara",
+ ]
+- external_deps = [
+- "hiviewdfx_hilog_native:libhilog",
+- "ipc:ipc_core",
++ deps += [
++ "//depend:libhilog",
++ "//depend/ipc:ipc_core",
+ ]
+ part_name = "dsoftbus_standard"
+ subsystem_name = "communication"
+diff --git a/sdk/BUILD.gn b/sdk/BUILD.gn
+index f322ce5c..73771588 100644
+--- a/sdk/BUILD.gn
++++ b/sdk/BUILD.gn
+@@ -85,9 +85,9 @@ target(build_type, "softbus_client") {
+ cflags = [ "-fPIC" ]
+ cflags_cc = [ "-std=c++14" ]
+ if (is_standard_system) {
+- external_deps = [
+- "hiviewdfx_hilog_native:libhilog",
+- "ipc:ipc_single",
++ deps += [
++ "//depend:libhilog",
++ "//depend/ipc:ipc_single",
+ ]
+ }
+ part_name = "dsoftbus_standard"
+--
+Gitee
diff --git a/dsoftbus.spec b/dsoftbus.spec
new file mode 100644
index 0000000..0a97a51
--- /dev/null
+++ b/dsoftbus.spec
@@ -0,0 +1,235 @@
+%define debug_package %{nil}
+%global source_dsoftbus_standard dsoftbus_standard
+%global release_dsoftbus_standard v3.1.2.2-release
+%global source_embedded_ipc embedded-ipc
+%global release_embedded_ipc v1.0.1-release
+%global source_commonlibrary_c_utils commonlibrary_c_utils
+%global source_security_device_auth security_device_auth
+%global source_security_huks security_huks
+%global source_third_party_libcoap third_party_libcoap
+%global source_third_party_mbedtls third_party_mbedtls
+%global source_build build
+%global release_build OpenHarmony-v3.0.2-LTS
+%global openHarmony_source_release OpenHarmony-v3.1.2-Release
+
+Name: dsoftbus
+Version: 1.0.0
+Release: 9
+Summary: openEuler embedded softbus capability support
+License: Apache License 2.0
+Url: https://openeuler.gitee.io/yocto-meta-openeuler/features/distributed_softbus.html
+Source0: https://gitee.com/openeuler/%{source_dsoftbus_standard}/repository/archive/%{release_dsoftbus_standard}.tar.gz #/%{source_dsoftbus_standard}-%{release_dsoftbus_standard}.tar.gz
+Source1: https://gitee.com/openeuler/%{source_embedded_ipc}/repository/archive/%{release_embedded_ipc}.tar.gz #/%{source_embedded_ipc}-%{release_embedded_ipc}.tar.gz
+Source2: https://gitee.com/openharmony/%{source_commonlibrary_c_utils}/repository/archive/%{openHarmony_source_release}.tar.gz #/%{source_commonlibrary_c_utils}-%{openHarmony_source_release}.tar.gz
+Source3: https://gitee.com/openharmony/%{source_security_device_auth}/repository/archive/%{openHarmony_source_release}.tar.gz #/%{source_security_device_auth}-%{openHarmony_source_release}.tar.gz
+Source4: https://gitee.com/openharmony/%{source_security_huks}/repository/archive/%{openHarmony_source_release}.tar.gz #/%{source_security_huks}-%{openHarmony_source_release}.tar.gz
+Source5: https://gitee.com/openharmony/%{source_third_party_libcoap}/repository/archive/%{openHarmony_source_release}.tar.gz #/%{source_third_party_libcoap}-%{openHarmony_source_release}.tar.gz
+Source6: https://gitee.com/openharmony/%{source_third_party_mbedtls}/repository/archive/%{openHarmony_source_release}.tar.gz #/%{source_third_party_mbedtls}-%{openHarmony_source_release}.tar.gz
+Source7: https://gitee.com/openharmony/%{source_build}/repository/archive/%{release_build}.tar.gz #/%{source_build}-%{release_build}.tar.gz
+
+Patch0000: build-0001-add-dsoftbus-build-support-for-embedded-env.patch
+Patch0001: build-0002-support-hichian-for-openeuler.patch
+Patch0002: build-0003-add-deviceauth-ipc-sdk-compile.patch
+Patch0003: build-0004-change-set-for-obs-build.patch
+Patch0100: dsoftbus-standard-0001-simplify-dependency-for-dsoftbus-standard.patch
+Patch0200: security-device-auth-0001-deviceauth-for-openeuler.patch
+Patch0201: security-device-auth-0002-deviceauth-ipc-service.patch
+Patch0202: security-device-auth-0003-simplify-dependency-on-third-party-packages.patch
+Patch0300: security-huks-0001-support-huks-for-openeuler.patch
+Patch0301: security-huks-0002-simplify-dependency-on-third-party-packages.patch
+Patch0302: security-huks-0003-fix-discarded-qualifiers-error.patch
+Patch0400: commonlibrary-c-utils-0001-Adaptation-for-dsoftbus.patch
+Patch0401: libboundscheck-0001-Adaptation-for-dsoftbus.patch
+Patch0402: third-party-cjson-0001-adapter-cjson-in-openEuler-for-softbus.patch
+Patch0403: third-party-mbedtls-0001-Adaptation-for-dsoftbus.patch
+Patch0404: third-party-mbedtls-0002-fix-CVE-2021-43666.patch
+Patch0405: third-party-mbedtls-0002-fix-CVE-2021-45451.patch
+Patch0500: depend-0001-add-productdefine-for-openeuler.patch
+Patch0501: depend-0002-add-depend-for-openeuler.patch
+
+BuildRequires: gcc, g++, cmake, python, zip, unzip, ninja-build, git, libboundscheck, cjson-devel, openssl-devel, gn
+
+%description
+OpenEuler supports distributed softbus capability, which is part of openEuler's embedded capability
+
+%prep
+# Create the directories needed for the build
+dsoftbus_build_dir="%{_builddir}/dsoftbus_build"
+dsoftbus_prebuilts_build_tools="${dsoftbus_build_dir}/prebuilts/build-tools/linux-x86/bin"
+dsoftbus_thirdparty="${dsoftbus_build_dir}/third_party"
+dsoftbus_utils="${dsoftbus_build_dir}/utils"
+dsoftbus_src="${dsoftbus_build_dir}/foundation/communication"
+dsoftbus_hichain="${dsoftbus_build_dir}/base/security"
+dsoftbus_bounds_checking="${dsoftbus_thirdparty}/bounds_checking_function"
+dsoftbus_productdefine="${dsoftbus_build_dir}/productdefine"
+dsoftbus_depend="${dsoftbus_build_dir}/depend"
+
+mkdir -p ${dsoftbus_prebuilts_build_tools}
+mkdir -p ${dsoftbus_thirdparty}
+mkdir -p ${dsoftbus_utils}
+mkdir -p ${dsoftbus_src}
+mkdir -p ${dsoftbus_hichain}
+mkdir -p ${dsoftbus_bounds_checking}
+mkdir -p ${dsoftbus_productdefine}
+mkdir -p ${dsoftbus_depend}
+
+# Decompressing the compressed package
+%setup -q -T -D -b 0 -n %{source_dsoftbus_standard}-%{release_dsoftbus_standard}
+%setup -q -T -D -b 1 -n %{source_embedded_ipc}-%{release_embedded_ipc}
+%setup -q -T -D -b 2 -n %{source_commonlibrary_c_utils}-%{openHarmony_source_release}
+%setup -q -T -D -b 3 -n %{source_security_device_auth}-%{openHarmony_source_release}
+%setup -q -T -D -b 4 -n %{source_security_huks}-%{openHarmony_source_release}
+%setup -q -T -D -b 5 -n %{source_third_party_libcoap}-%{openHarmony_source_release}
+%setup -q -T -D -b 6 -n %{source_third_party_mbedtls}-%{openHarmony_source_release}
+%setup -q -T -D -b 7 -n %{source_build}-%{release_build}
+
+cd %{_builddir}
+mv %{source_dsoftbus_standard}-%{release_dsoftbus_standard} %{source_dsoftbus_standard}
+mv %{source_embedded_ipc}-%{release_embedded_ipc} %{source_embedded_ipc}
+
+#copy gn
+gn_dir=$(which gn)
+cp ${gn_dir[0]} ${dsoftbus_prebuilts_build_tools}
+
+# copy ninja
+ninja_dir=$(which ninja)
+cp ${ninja_dir[0]} ${dsoftbus_prebuilts_build_tools}
+
+# unpack third_party
+mv %{_builddir}/%{source_build}-%{release_build} ${dsoftbus_build_dir}/build
+mkdir %{_builddir}/%{source_build}-%{release_build}
+mv %{_builddir}/%{source_third_party_libcoap}-%{openHarmony_source_release} ${dsoftbus_thirdparty}/libcoap
+mv %{_builddir}/%{source_third_party_mbedtls}-%{openHarmony_source_release} ${dsoftbus_thirdparty}/mbedtls
+mkdir -p ${dsoftbus_thirdparty}/cJSON
+
+# unpack hichain
+mv %{_builddir}/%{source_security_huks}-%{openHarmony_source_release} ${dsoftbus_hichain}/huks
+mv %{_builddir}/%{source_security_device_auth}-%{openHarmony_source_release} ${dsoftbus_hichain}/deviceauth
+
+# unpack utils
+mv %{_builddir}/%{source_commonlibrary_c_utils}-%{openHarmony_source_release} ${dsoftbus_utils}/native
+
+# do patch
+%patch0 -p1 -d ${dsoftbus_build_dir}/build
+%patch1 -p1 -d ${dsoftbus_build_dir}/build
+%patch2 -p1 -d ${dsoftbus_build_dir}/build
+%patch3 -p1 -d ${dsoftbus_build_dir}/build
+%patch100 -p1 -d %{_builddir}/%{source_dsoftbus_standard}
+%patch200 -p1 -d ${dsoftbus_hichain}/deviceauth
+%patch201 -p1 -d ${dsoftbus_hichain}/deviceauth
+%patch202 -p1 -d ${dsoftbus_hichain}/deviceauth
+%patch300 -p1 -d ${dsoftbus_hichain}/huks
+%patch301 -p1 -d ${dsoftbus_hichain}/huks
+%patch302 -p1 -d ${dsoftbus_hichain}/huks
+%patch400 -p1 -d ${dsoftbus_utils}/native
+%patch401 -p1 -d ${dsoftbus_thirdparty}/bounds_checking_function
+%patch402 -p1 -d ${dsoftbus_thirdparty}/cJSON
+%patch403 -p1 -d ${dsoftbus_thirdparty}/mbedtls
+%patch404 -p1 -d ${dsoftbus_thirdparty}/mbedtls
+%patch405 -p1 -d ${dsoftbus_thirdparty}/mbedtls
+%patch500 -p1 -d ${dsoftbus_productdefine}
+%patch501 -p1 -d ${dsoftbus_depend}
+
+# init gn root
+ln -s ${dsoftbus_build_dir}/build/build_scripts/build.sh ${dsoftbus_build_dir}/build.sh
+ln -s ${dsoftbus_build_dir}/build/core/gn/dotfile.gn ${dsoftbus_build_dir}/.gn
+
+# link selfcode
+ln -s %{_builddir}/embedded-ipc ${dsoftbus_build_dir}/depend/ipc
+ln -s %{_builddir}/dsoftbus_standard ${dsoftbus_src}/dsoftbus
+
+# link toolchain
+toolchain_path="/usr1/openeuler/gcc/openeuler_gcc_arm64le"
+ln -s ${toolchain_path} ${dsoftbus_build_dir}/toolchain
+
+# copy libboundscheck file
+mkdir ${dsoftbus_thirdparty}/bounds_checking_function/include
+cp /usr/include/securec*.h ${dsoftbus_thirdparty}/bounds_checking_function/include/
+
+# link cjson
+cjson_devel_include="/usr/include/cjson/cJSON.h"
+ln -s ${cjson_devel_include} ${dsoftbus_thirdparty}/cJSON/cJSON.h
+
+%ifarch x86_64
+ sed -i 's/"target_cpu": "arm64"/"target_cpu": "x86_64"/' ${dsoftbus_productdefine}/common/device/openEuler.json
+%endif
+
+%build
+rm -rf %{_builddir}/dsoftbus_build/out
+cd %{_builddir}/dsoftbus_build
+./build.sh --product-name openEuler
+
+%install
+dsoftbus_build_dir="%{_builddir}/dsoftbus_build"
+%ifarch x86_64
+ dsoftbus_release_dir_name="ohos-x86_64-release"
+%endif
+%ifarch aarch64
+ dsoftbus_release_dir_name="ohos-arm64-release"
+%endif
+
+install -d %{buildroot}/%{_includedir}/dsoftbus
+install -d %{buildroot}/%{_libdir}
+install -d %{buildroot}/%{_bindir}
+install -d %{buildroot}/data/data/deviceauth/
+
+# prepare so
+install -m 0755 ${dsoftbus_build_dir}/out/${dsoftbus_release_dir_name}/common/common/*.so %{buildroot}/%{_libdir}
+install -m 0755 ${dsoftbus_build_dir}/out/${dsoftbus_release_dir_name}/communication/dsoftbus_standard/*.so %{buildroot}/%{_libdir}
+install -m 0755 ${dsoftbus_build_dir}/out/${dsoftbus_release_dir_name}/security/huks/*.so %{buildroot}/%{_libdir}
+install -m 0755 ${dsoftbus_build_dir}/out/${dsoftbus_release_dir_name}/security/deviceauth_standard/*.so %{buildroot}/%{_libdir}
+
+# prepare bin
+install -m 0755 ${dsoftbus_build_dir}/out/${dsoftbus_release_dir_name}/communication/dsoftbus_standard/softbus_server_main %{buildroot}/%{_bindir}
+
+# prepare head files
+install -m 554 \
+${dsoftbus_build_dir}/foundation/communication/dsoftbus/interfaces/kits/discovery/*.h \
+${dsoftbus_build_dir}/foundation/communication/dsoftbus/interfaces/kits/common/*.h \
+${dsoftbus_build_dir}/foundation/communication/dsoftbus/interfaces/kits/bus_center/*.h \
+${dsoftbus_build_dir}/foundation/communication/dsoftbus/interfaces/kits/transport/*.h \
+${dsoftbus_build_dir}/foundation/communication/dsoftbus/core/common/include/softbus_errcode.h \
+${dsoftbus_build_dir}/base/security/deviceauth/interfaces/innerkits/*.h \
+${dsoftbus_build_dir}/third_party/cJSON/*.h \
+${dsoftbus_build_dir}/third_party/bounds_checking_function/include/*.h \
+${dsoftbus_build_dir}/depend/syspara/include/*.h \
+ %{buildroot}/%{_includedir}/dsoftbus
+
+# strip symbol table
+find %{buildroot} -type f -name "*.so" -exec strip '{}' ';'
+find %{buildroot} -type f -name "softbus_server_main" -exec strip '{}' ';'
+
+%files
+%{_includedir}/dsoftbus/*
+%{_bindir}/softbus_server_main
+%{_libdir}/*.so
+/data/data
+
+%changelog
+* Fri Mar 3 2023 liheavy <lihaiwei8@huawei.com> - 1.0.0-9
+- Old rpm package missing file parameter.h, add it to the rpm package
+
+* Wed Mar 1 2023 liheavy <lihaiwei8@huawei.com> - 1.0.0-8
+- Add strip
+
+* Wed Feb 8 2023 liheavy <lihaiwei8@huawei.com> - 1.0.0-7
+- fix security huks discarded qualifiers error
+
+* Fri Dec 30 2022 liheavy <lihaiwei8@huawei.com> - 1.0.0-6
+- update version of dsoftbus_standard and embedded-ipc
+
+* Mon Dec 19 2022 beiling.xie <xiekunxun@huawei.com> - 1.0.0-5
+- The dependency path of the third-party is optimized
+
+* Mon Dec 19 2022 beiling.xie <xiekunxun@huawei.com> - 1.0.0-4
+- rename patch for each modules
+
+* Wed Nov 30 2022 liheavy <lihaiwei8@huawei.com> - 1.0.0-3
+- Disassemble yocto-embedded-tools and replace cjson, ninja, gn, openssl, libboundscheck
+- with openEuler software package
+
+* Wed Nov 23 2022 xuchongyu <xuchongyu@huawei.com> - 1.0.0-2
+- add URL,change branch of libboundscheck to 22.03-LTS-SP1
+
+* Tue Nov 22 2022 xuchongyu <xuchongyu@huawei.com> - 1.0.0-1
+- init dsoftbus
diff --git a/libboundscheck-0001-Adaptation-for-dsoftbus.patch b/libboundscheck-0001-Adaptation-for-dsoftbus.patch
new file mode 100644
index 0000000..054c707
--- /dev/null
+++ b/libboundscheck-0001-Adaptation-for-dsoftbus.patch
@@ -0,0 +1,44 @@
+From f3054acbbb67d6e4889f3a7c2641dc1d74ee1984 Mon Sep 17 00:00:00 2001
+From: "beiling.xie" <xiekunxun@huawei.com>
+Date: Tue, 20 Sep 2022 09:45:38 +0800
+Subject: [PATCH] Adaptation for dsoftbus
+
+Signed-off-by: beiling.xie <xiekunxun@huawei.com>
+---
+ BUILD.gn | 24 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+ create mode 100644 BUILD.gn
+
+diff --git a/BUILD.gn b/BUILD.gn
+new file mode 100644
+index 0000000..9bec199
+--- /dev/null
++++ b/BUILD.gn
+@@ -0,0 +1,24 @@
++# Copyright (c) 2021 Huawei Device Co., Ltd.
++# Licensed under the Apache License, Version 2.0 (the "License");
++# you may not use this file except in compliance with the License.
++# You may obtain a copy of the License at
++#
++# http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS,
++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++# See the License for the specific language governing permissions and
++# limitations under the License.
++
++config("libsec_public_config") {
++ libs = [ "boundscheck" ]
++}
++
++group("libsec_static") {
++ public_configs = [ ":libsec_public_config" ]
++}
++
++group("libsec_shared") {
++ public_configs = [ ":libsec_public_config" ]
++}
+--
+2.25.1
+
diff --git a/security-device-auth-0001-deviceauth-for-openeuler.patch b/security-device-auth-0001-deviceauth-for-openeuler.patch
new file mode 100644
index 0000000..8bfb0ef
--- /dev/null
+++ b/security-device-auth-0001-deviceauth-for-openeuler.patch
@@ -0,0 +1,103 @@
+From 6a4234339518e8be293aacee4aeef6aaa38d7e69 Mon Sep 17 00:00:00 2001
+From: "beiling.xie" <xiekunxun@huawei.com>
+Date: Wed, 14 Sep 2022 00:12:20 +0800
+Subject: [PATCH] support deviceauth for openeuler
+
+Signed-off-by: beiling.xie <xiekunxun@huawei.com>
+---
+ deps_adapter/BUILD.gn | 3 ++-
+ deps_adapter/os_adapter/interfaces/linux/hc_log.h | 8 ++++----
+ services/BUILD.gn | 2 +-
+ .../src/permission_adapter/permission_adapter.cpp | 11 +++++++----
+ 4 files changed, 14 insertions(+), 10 deletions(-)
+
+diff --git a/deps_adapter/BUILD.gn b/deps_adapter/BUILD.gn
+index 28df2d9..906b8ca 100644
+--- a/deps_adapter/BUILD.gn
++++ b/deps_adapter/BUILD.gn
+@@ -118,10 +118,11 @@ if (defined(ohos_lite)) {
+ cflags = [ "-DHILOG_ENABLE" ]
+ deps = [
+ "//base/security/huks/interfaces/innerkits/huks_standard/main:libhukssdk",
+- "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
++ "//depend:syspara",
+ "//third_party/cJSON:cjson_static",
+ "//third_party/openssl:libcrypto_static",
+ "//utils/native/base:utils",
++ "//third_party/bounds_checking_function:libsec_shared",
+ ]
+ external_deps = [ "hiviewdfx_hilog_native:libhilog" ]
+ }
+diff --git a/deps_adapter/os_adapter/interfaces/linux/hc_log.h b/deps_adapter/os_adapter/interfaces/linux/hc_log.h
+index 7cfd649..f881d1e 100644
+--- a/deps_adapter/os_adapter/interfaces/linux/hc_log.h
++++ b/deps_adapter/os_adapter/interfaces/linux/hc_log.h
+@@ -44,10 +44,10 @@ void DevAuthLogPrint(DevAuthLogLevel level, const char *funName, const char *fmt
+ #define LOGW(fmt, ...) (DevAuthLogPrint(DEV_AUTH_LOG_LEVEL_WARN, __FUNCTION__, fmt, ##__VA_ARGS__))
+ #define LOGE(fmt, ...) (DevAuthLogPrint(DEV_AUTH_LOG_LEVEL_ERROR, __FUNCTION__, fmt, ##__VA_ARGS__))
+
+-#define DEV_AUTH_LOG_DEBUG(buf) HiLogPrint(LOG_CORE, LOG_DEBUG, LOG_DOMAIN, "[DEVAUTH]", "%{public}s", buf)
+-#define DEV_AUTH_LOG_INFO(buf) HiLogPrint(LOG_CORE, LOG_INFO, LOG_DOMAIN, "[DEVAUTH]", "%{public}s", buf)
+-#define DEV_AUTH_LOG_WARN(buf) HiLogPrint(LOG_CORE, LOG_WARN, LOG_DOMAIN, "[DEVAUTH]", "%{public}s", buf)
+-#define DEV_AUTH_LOG_ERROR(buf) HiLogPrint(LOG_CORE, LOG_ERROR, LOG_DOMAIN, "[DEVAUTH]", "%{public}s", buf)
++#define DEV_AUTH_LOG_DEBUG(buf) HiLogPrint(LOG_CORE, LOG_DEBUG, LOG_DOMAIN, "[DEVAUTH]", "%s", buf)
++#define DEV_AUTH_LOG_INFO(buf) HiLogPrint(LOG_CORE, LOG_INFO, LOG_DOMAIN, "[DEVAUTH]", "%s", buf)
++#define DEV_AUTH_LOG_WARN(buf) HiLogPrint(LOG_CORE, LOG_WARN, LOG_DOMAIN, "[DEVAUTH]", "%s", buf)
++#define DEV_AUTH_LOG_ERROR(buf) HiLogPrint(LOG_CORE, LOG_ERROR, LOG_DOMAIN, "[DEVAUTH]", "%s", buf)
+
+ #else
+
+diff --git a/services/BUILD.gn b/services/BUILD.gn
+index bb15b89..b2cdb17 100644
+--- a/services/BUILD.gn
++++ b/services/BUILD.gn
+@@ -159,10 +159,10 @@ if (defined(ohos_lite)) {
+ "${deps_adapter_path}:${hal_module_name}",
+ "//third_party/cJSON:cjson_static",
+ "//utils/native/base:utils",
++ "//foundation/communication/dsoftbus/sdk:softbus_client"
+ ]
+
+ external_deps = [
+- "dsoftbus_standard:softbus_client",
+ "hiviewdfx_hilog_native:libhilog",
+ ]
+ if (support_jsapi) {
+diff --git a/services/frameworks/src/permission_adapter/permission_adapter.cpp b/services/frameworks/src/permission_adapter/permission_adapter.cpp
+index dcdb912..6f4f8a3 100644
+--- a/services/frameworks/src/permission_adapter/permission_adapter.cpp
++++ b/services/frameworks/src/permission_adapter/permission_adapter.cpp
+@@ -15,17 +15,18 @@
+
+ #include "permission_adapter.h"
+
+-#include "accesstoken_kit.h"
++//#include "accesstoken_kit.h"
+ #include "ipc_skeleton.h"
+
+ #include "device_auth_defines.h"
+ #include "hc_log.h"
+
+-using namespace OHOS;
+-using namespace OHOS::Security::AccessToken;
++//using namespace OHOS;
++//using namespace OHOS::Security::AccessToken;
+
+ int32_t CheckPermission(void)
+ {
++#if 0
+ AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
+ ATokenTypeEnum tokenType = AccessTokenKit::GetTokenType(tokenId);
+ if (tokenType == TOKEN_NATIVE) {
+@@ -45,4 +46,6 @@ int32_t CheckPermission(void)
+ LOGE("Invalid token type: %d", tokenType);
+ return HC_ERROR;
+ }
+-}
+\ No newline at end of file
++#endif
++ return HC_SUCCESS;
++}
+--
+2.25.1
+
diff --git a/security-device-auth-0002-deviceauth-ipc-service.patch b/security-device-auth-0002-deviceauth-ipc-service.patch
new file mode 100644
index 0000000..e94772a
--- /dev/null
+++ b/security-device-auth-0002-deviceauth-ipc-service.patch
@@ -0,0 +1,276 @@
+From 31f1a71fee10a1248de00ea1f36eeaf80e683673 Mon Sep 17 00:00:00 2001
+From: "beiling.xie" <xiekunxun@huawei.com>
+Date: Fri, 16 Sep 2022 01:11:40 +0800
+Subject: [PATCH] adapter deviceauth ipc service
+
+Signed-off-by: beiling.xie <xiekunxun@huawei.com>
+---
+ frameworks/inc/ipc_service.h | 2 ++
+ frameworks/src/ipc_service.c | 16 +-----------
+ frameworks/src/standard/ipc_adapt.cpp | 18 +++++++------
+ .../src/standard/ipc_dev_auth_proxy.cpp | 25 ++++---------------
+ frameworks/src/standard/ipc_dev_auth_stub.cpp | 7 +-----
+ services/BUILD.gn | 15 ++++++++++-
+ services/device_auth.c | 6 +++++
+ 7 files changed, 39 insertions(+), 50 deletions(-)
+
+diff --git a/frameworks/inc/ipc_service.h b/frameworks/inc/ipc_service.h
+index e3eb11b..ed73555 100755
+--- a/frameworks/inc/ipc_service.h
++++ b/frameworks/inc/ipc_service.h
+@@ -20,6 +20,8 @@
+ extern "C" {
+ #endif
+
++int DeviceAuthIpcInit();
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/frameworks/src/ipc_service.c b/frameworks/src/ipc_service.c
+index afc21fc..3db6bb5 100644
+--- a/frameworks/src/ipc_service.c
++++ b/frameworks/src/ipc_service.c
+@@ -1038,20 +1038,10 @@ int32_t MainRescInit(void)
+ return HC_SUCCESS;
+ }
+
+-int32_t main(int32_t argc, char const *argv[])
++int DeviceAuthIpcInit()
+ {
+ uintptr_t serviceCtx = 0x0;
+ int32_t ret;
+- HcCondition cond;
+-
+- (void)argc;
+- (void)argv;
+- LOGI("device authentication service starting ...");
+- ret = InitDeviceAuthService();
+- if (ret != HC_SUCCESS) {
+- LOGE("device auth service main, InitDeviceAuthService failed, ret %d", ret);
+- return 1;
+- }
+
+ ret = MainRescInit();
+ if (ret != HC_SUCCESS) {
+@@ -1070,10 +1060,6 @@ int32_t main(int32_t argc, char const *argv[])
+ }
+ (void)AddMethodMap(serviceCtx);
+ LOGI("device authentication service register to IPC manager done, service running...");
+- (void)memset_s(&cond, sizeof(cond), 0, sizeof(cond));
+- InitHcCond(&cond, NULL);
+- cond.wait(&cond);
+- DestroyHcCond(&cond);
+ return 0;
+ }
+
+diff --git a/frameworks/src/standard/ipc_adapt.cpp b/frameworks/src/standard/ipc_adapt.cpp
+index 3dd4ec8..3910726 100644
+--- a/frameworks/src/standard/ipc_adapt.cpp
++++ b/frameworks/src/standard/ipc_adapt.cpp
+@@ -23,12 +23,14 @@
+ #include "ipc_dev_auth_stub.h"
+ #include "ipc_sdk.h"
+ #include "ipc_service.h"
+-#include "iservice_registry.h"
+ #include "securec.h"
+ #include "system_ability_definition.h"
++#include "ipc_center.h"
++
+
+ using namespace std;
+ using namespace OHOS;
++static IpcCenter *g_deviceIpc = nullptr;
+ namespace {
+ static const int32_t BUFF_MAX_SZ = 128;
+ static const int32_t IPC_CALL_BACK_MAX_NODES = 64;
+@@ -1335,19 +1337,19 @@ void DestroyServiceInstance(uintptr_t *ipcInstance)
+
+ int32_t AddDevAuthServiceToManager(uintptr_t *serviceCtx)
+ {
+- int32_t ret = ERR_OK;
++ int32_t ret = HC_SUCCESS;
+ ServiceDevAuth *sPtr = nullptr;
+
+- sptr<ISystemAbilityManager> sysMgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
+- if (sysMgr == nullptr) {
+- return HC_ERR_IPC_GET_SERVICE;
+- }
+ sPtr = new(std::nothrow) ServiceDevAuth();
+ if (sPtr == nullptr) {
+ return HC_ERR_ALLOC_MEMORY;
+ }
+- ret = sysMgr->AddSystemAbility(DEVICE_AUTH_SERVICE_ID, sPtr);
+- if (ret != ERR_OK) {
++ sPtr->isDSoftBusObj = false;
++ if (!g_deviceIpc->Init(true, static_cast<IPCObjectStub*>(sPtr))) {
++ LOGE("deviceIpc init failed");
++ }
++ ret = IPCSkeleton::SetDeviceAuthObj(sPtr);
++ if (ret != true) {
+ LOGE("add service failed");
+ delete sPtr;
+ return HC_ERROR;
+diff --git a/frameworks/src/standard/ipc_dev_auth_proxy.cpp b/frameworks/src/standard/ipc_dev_auth_proxy.cpp
+index bc3abeb..c493f7a 100644
+--- a/frameworks/src/standard/ipc_dev_auth_proxy.cpp
++++ b/frameworks/src/standard/ipc_dev_auth_proxy.cpp
+@@ -19,9 +19,9 @@
+ #include "hc_log.h"
+ #include "ipc_adapt.h"
+ #include "ipc_sdk.h"
+-#include "iservice_registry.h"
+ #include "system_ability_definition.h"
+
++
+ namespace OHOS {
+ ProxyDevAuth::ProxyDevAuth(const sptr<IRemoteObject> &impl) : IRemoteProxy<IMethodsIpcCall>(impl)
+ {}
+@@ -33,7 +33,7 @@ int32_t ProxyDevAuth::DoCallRequest(MessageParcel &dataParcel, MessageParcel &re
+ {
+ int32_t ret;
+ sptr<IRemoteObject> remote = nullptr;
+- MessageOption option = { MessageOption::TF_SYNC };
++ MessageOption option;
+
+ LOGI("ProxyDevAuth, SendRequest...");
+ remote = Remote();
+@@ -42,9 +42,6 @@ int32_t ProxyDevAuth::DoCallRequest(MessageParcel &dataParcel, MessageParcel &re
+ return HC_ERR_IPC_INTERNAL_FAILED;
+ }
+
+- if (withSync == false) {
+- option = { MessageOption::TF_ASYNC };
+- }
+ ret = remote->SendRequest(DEV_AUTH_CALL_REQUEST, dataParcel, replyParcel, option);
+ LOGI("SendRequest done, ret %d", ret);
+ (ret == ERR_NONE) ? replyParcel.ReadInt32(ret) : (ret = HC_ERR_IPC_INTERNAL_FAILED);
+@@ -53,15 +50,8 @@ int32_t ProxyDevAuth::DoCallRequest(MessageParcel &dataParcel, MessageParcel &re
+
+ bool ProxyDevAuth::ServiceRunning(void)
+ {
+- auto saMgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
+- if (saMgr == nullptr) {
+- return false;
+- }
+- auto daSa = saMgr->GetSystemAbility(DEVICE_AUTH_SERVICE_ID);
+- if (daSa == nullptr) {
+- return false;
+- }
+- return true;
++ auto daSa = IPCSkeleton::GetDeviceAuthObj();
++ return daSa != nullptr;
+ }
+
+ int32_t ProxyDevAuthData::EncodeCallRequest(int32_t type, const uint8_t *param, int32_t paramSz)
+@@ -117,12 +107,7 @@ int32_t ProxyDevAuthData::FinalCallRequest(int32_t methodId)
+
+ sptr<ProxyDevAuth> ProxyDevAuthData::GetProxy() const
+ {
+- auto saMgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
+- if (saMgr == nullptr) {
+- LOGE("GetSystemAbilityManager failed");
+- return nullptr;
+- }
+- auto daSa = saMgr->GetSystemAbility(DEVICE_AUTH_SERVICE_ID);
++ auto daSa = IPCSkeleton::GetDeviceAuthObj();
+ if (daSa == nullptr) {
+ LOGE("GetSystemAbility failed");
+ return nullptr;
+diff --git a/frameworks/src/standard/ipc_dev_auth_stub.cpp b/frameworks/src/standard/ipc_dev_auth_stub.cpp
+index e33b770..648bc3b 100644
+--- a/frameworks/src/standard/ipc_dev_auth_stub.cpp
++++ b/frameworks/src/standard/ipc_dev_auth_stub.cpp
+@@ -286,12 +286,7 @@ void ServiceDevAuth::ActCallback(int32_t objIdx, int32_t callbackId, bool sync,
+ LOGW("nothing to do, callback id %d, remote object id %d", callbackId, objIdx);
+ return;
+ }
+- MessageOption option(MessageOption::TF_SYNC);
+- option.SetWaitTime(DEV_AUTH_CALL_WAIT_TIME);
+- if (!sync) {
+- option.SetFlags(MessageOption::TF_ASYNC);
+- option.SetWaitTime(0);
+- }
++ MessageOption option;
+ std::lock_guard<std::mutex> autoLock(g_cBMutex);
+ sptr<ICommIpcCallback> proxy = iface_cast<ICommIpcCallback>(g_cbStub[objIdx].cbStub);
+ proxy->DoCallBack(callbackId, cbHook, dataParcel, reply, option);
+diff --git a/services/BUILD.gn b/services/BUILD.gn
+index b2cdb17..ce6e24b 100644
+--- a/services/BUILD.gn
++++ b/services/BUILD.gn
+@@ -142,9 +142,14 @@ if (defined(ohos_lite)) {
+ "//foundation/communication/dsoftbus/interfaces/kits/transport",
+ "//foundation/communication/dsoftbus/interfaces/inner_kits/transport",
+ "//third_party/json/include",
++ "${frameworks_path}/inc",
++ "${dev_frameworks_path}/inc/permission_adapter",
+ ]
+
+ sources = deviceauth_files
++ sources += deviceauth_ipc_files
++ sources += permission_adapter_files
++ sources += [ "${frameworks_path}/src/ipc_service.c" ]
+ cflags = [ "-DHILOG_ENABLE" ]
+ defines = deviceauth_defines
+ cflags += build_flags
+@@ -164,6 +169,7 @@ if (defined(ohos_lite)) {
+
+ external_deps = [
+ "hiviewdfx_hilog_native:libhilog",
++ "ipc:ipc_core",
+ ]
+ if (support_jsapi) {
+ external_deps += [ "os_account_standard:os_account_innerkits" ]
+@@ -238,6 +244,12 @@ if (defined(ohos_lite)) {
+ sources = deviceauth_ipc_files
+ sources += permission_adapter_files
+ sources += [ "${frameworks_path}/src/ipc_sdk.c" ]
++ sources += [ "${os_adapter_path}/impl/src/hc_log.c" ]
++ sources += [ "${os_adapter_path}/impl/src/linux/hc_types.c" ]
++ sources += [ "${os_adapter_path}/impl/src/hc_mutex.c" ]
++ sources += [ "${common_lib_path}/impl/src/json_utils.c" ]
++ sources += [ "${common_lib_path}/impl/src/string_util.c" ]
++ sources += [ "${common_lib_path}/impl/src/clib_types.c" ]
+
+ defines = [
+ "__LINUX__",
+@@ -250,9 +262,10 @@ if (defined(ohos_lite)) {
+ }
+
+ deps = [
+- "${deps_adapter_path}:${hal_module_name}",
+ "//third_party/cJSON:cjson_static",
+ "//utils/native/base:utils",
++ "//third_party/bounds_checking_function:libsec_shared",
++ "//third_party/cJSON:cjson_static",
+ ]
+
+ external_deps = [
+diff --git a/services/device_auth.c b/services/device_auth.c
+index e09dce4..16f6200 100644
+--- a/services/device_auth.c
++++ b/services/device_auth.c
+@@ -14,6 +14,7 @@
+ */
+
+ #include "device_auth.h"
++#include "ipc_service.h"
+
+ #include "alg_loader.h"
+ #include "callback_manager.h"
+@@ -241,6 +242,11 @@ DEVICE_AUTH_API_PUBLIC int InitDeviceAuthService(void)
+ DestroyGmAndGa();
+ return res;
+ }
++ res = DeviceAuthIpcInit();
++ if (res != HC_SUCCESS) {
++ DestroyGmAndGa();
++ return res;
++ }
+ SetInitStatus();
+ LOGI("[End]: [Service]: Init device auth service successfully!");
+ return HC_SUCCESS;
+--
+2.25.1
+
diff --git a/security-device-auth-0003-simplify-dependency-on-third-party-packages.patch b/security-device-auth-0003-simplify-dependency-on-third-party-packages.patch
new file mode 100644
index 0000000..38e943e
--- /dev/null
+++ b/security-device-auth-0003-simplify-dependency-on-third-party-packages.patch
@@ -0,0 +1,79 @@
+From 382ff16702df5f06b96a76abd2b542ab00650487 Mon Sep 17 00:00:00 2001
+From: "beiling.xie" <xiekunxun@huawei.com>
+Date: Thu, 10 Nov 2022 14:34:05 +0800
+Subject: [PATCH] simplify dependency on third-party packages
+
+Signed-off-by: beiling.xie <xiekunxun@huawei.com>
+---
+ deps_adapter/BUILD.gn | 4 ++--
+ services/BUILD.gn | 23 +++++++++--------------
+ 2 files changed, 11 insertions(+), 16 deletions(-)
+
+diff --git a/deps_adapter/BUILD.gn b/deps_adapter/BUILD.gn
+index 906b8ca..722d974 100644
+--- a/deps_adapter/BUILD.gn
++++ b/deps_adapter/BUILD.gn
+@@ -120,10 +120,10 @@ if (defined(ohos_lite)) {
+ "//base/security/huks/interfaces/innerkits/huks_standard/main:libhukssdk",
+ "//depend:syspara",
+ "//third_party/cJSON:cjson_static",
+- "//third_party/openssl:libcrypto_static",
+ "//utils/native/base:utils",
+ "//third_party/bounds_checking_function:libsec_shared",
+ ]
+- external_deps = [ "hiviewdfx_hilog_native:libhilog" ]
++ deps += [ "//depend:libhilog" ]
++ libs = [ "crypto" ]
+ }
+ }
+diff --git a/services/BUILD.gn b/services/BUILD.gn
+index ce6e24b..0c37820 100644
+--- a/services/BUILD.gn
++++ b/services/BUILD.gn
+@@ -167,9 +167,9 @@ if (defined(ohos_lite)) {
+ "//foundation/communication/dsoftbus/sdk:softbus_client"
+ ]
+
+- external_deps = [
+- "hiviewdfx_hilog_native:libhilog",
+- "ipc:ipc_core",
++ deps += [
++ "//depend:libhilog",
++ "//depend/ipc:ipc_core",
+ ]
+ if (support_jsapi) {
+ external_deps += [ "os_account_standard:os_account_innerkits" ]
+@@ -217,12 +217,9 @@ if (defined(ohos_lite)) {
+ "//utils/native/base:utils",
+ ]
+
+- external_deps = [
+- "access_token:libaccesstoken_sdk",
+- "hiviewdfx_hilog_native:libhilog",
+- "ipc:ipc_core",
+- "safwk:system_ability_fwk",
+- "samgr_standard:samgr_proxy",
++ deps += [
++ "//depend:libhilog",
++ "//depend/ipc:ipc_core",
+ ]
+ }
+
+@@ -268,11 +265,9 @@ if (defined(ohos_lite)) {
+ "//third_party/cJSON:cjson_static",
+ ]
+
+- external_deps = [
+- "access_token:libaccesstoken_sdk",
+- "hiviewdfx_hilog_native:libhilog",
+- "ipc:ipc_core",
+- "samgr_standard:samgr_proxy",
++ deps += [
++ "//depend:libhilog",
++ "//depend/ipc:ipc_core",
+ ]
+ }
+ }
+--
+2.25.1
+
diff --git a/security-huks-0001-support-huks-for-openeuler.patch b/security-huks-0001-support-huks-for-openeuler.patch
new file mode 100644
index 0000000..ebeb757
--- /dev/null
+++ b/security-huks-0001-support-huks-for-openeuler.patch
@@ -0,0 +1,236 @@
+From c7fe7e1422af2a0b4fdbd7e514f8b8c6054170e8 Mon Sep 17 00:00:00 2001
+From: "beiling.xie" <xiekunxunn@huawei.com>
+Date: Tue, 19 Jul 2022 21:01:41 +0800
+Subject: [PATCH] support huks for openeuler
+
+Signed-off-by: beiling.xie <xiekunxun@huawei.com>
+---
+ frameworks/huks_standard/main/BUILD.gn | 1 +
+ .../huks_standard/main/core/src/hks_verifier.c | 10 ++++++----
+ .../crypto_engine/openssl/src/hks_openssl_kdf.c | 4 +++-
+ .../huks_standard/main/os_dependency/BUILD.gn | 15 ++++++++++-----
+ .../main/os_dependency/log/hks_log.c | 14 +++++++-------
+ interfaces/innerkits/huks_standard/main/BUILD.gn | 1 +
+ .../huks_service/main/os_dependency/BUILD.gn | 2 +-
+ .../huks_service/main/os_dependency/idl/BUILD.gn | 6 +++---
+ utils/file_operator/hks_file_operator.c | 6 +++---
+ 9 files changed, 35 insertions(+), 24 deletions(-)
+
+diff --git a/frameworks/huks_standard/main/BUILD.gn b/frameworks/huks_standard/main/BUILD.gn
+index 83d7750..cd899cd 100755
+--- a/frameworks/huks_standard/main/BUILD.gn
++++ b/frameworks/huks_standard/main/BUILD.gn
+@@ -20,6 +20,7 @@ group("huks_standard_frameworks") {
+ "//base/security/huks/frameworks/huks_standard/main/core:libhuks_core_standard_static",
+ "//base/security/huks/frameworks/huks_standard/main/crypto_engine:libhuks_crypto_engine_standard_static",
+ "//base/security/huks/frameworks/huks_standard/main/os_dependency:libhuks_os_dependency_standard_static",
++ "//base/security/huks/services/huks_standard/huks_service/main/os_dependency:libhuks_service_os_dependency_standard_static",
+ ]
+ }
+ }
+diff --git a/frameworks/huks_standard/main/core/src/hks_verifier.c b/frameworks/huks_standard/main/core/src/hks_verifier.c
+index 149137d..a65f27e 100755
+--- a/frameworks/huks_standard/main/core/src/hks_verifier.c
++++ b/frameworks/huks_standard/main/core/src/hks_verifier.c
+@@ -250,8 +250,9 @@ static int32_t ExtractTlvLength(const uint8_t *in, uint32_t inLen, uint32_t *hea
+ uint8_t *buf = (uint8_t *)in;
+ uint32_t length = 0; /* length of the payload */
+
+- uint32_t tmp;
+- HKS_ASN1_DECODE_BYTE(buf, tmp); /* get type */
++// uint32_t tmp;
++// HKS_ASN1_DECODE_BYTE(buf, tmp); /* get type */
++ buf++;
+ if (buf[0] < ASN_1_MIN_VAL_1_EXTRA_LEN_BYTE) {
+ /* Current byte tells the length */
+ HKS_ASN1_DECODE_BYTE(buf, length);
+@@ -301,8 +302,9 @@ static int32_t ExtractTlvData(const uint8_t *in, uint32_t inLen, uint8_t *out, u
+ uint8_t *buf = (uint8_t *)in;
+ uint32_t length = 0; /* length of the payload */
+
+- uint32_t tmp;
+- HKS_ASN1_DECODE_BYTE(buf, tmp); /* get type */
++// uint32_t tmp;
++// HKS_ASN1_DECODE_BYTE(buf, tmp); /* get type */
++ buf++;
+ if (buf[0] < ASN_1_MIN_VAL_1_EXTRA_LEN_BYTE) {
+ /* Current byte tells the length */
+ HKS_ASN1_DECODE_BYTE(buf, length);
+diff --git a/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_kdf.c b/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_kdf.c
+index 258b206..5db3e4d 100755
+--- a/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_kdf.c
++++ b/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_kdf.c
+@@ -57,6 +57,7 @@ int32_t HksOpensslHkdf(const struct HksBlob *mainKey, const struct HksKeySpec *d
+ EVP_PKEY_CTX *pctx;
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+ int32_t ret = HKS_FAILURE;
++
+ do {
+ if (EVP_PKEY_derive_init(pctx) <= 0) {
+ HksLogOpensslError();
+@@ -78,7 +79,8 @@ int32_t HksOpensslHkdf(const struct HksBlob *mainKey, const struct HksKeySpec *d
+ HksLogOpensslError();
+ break;
+ }
+- if (EVP_PKEY_derive(pctx, derivedKey->data, (size_t *)&derivedKey->size) <= 0) {
++ size_t new = derivedKey->size;
++ if (EVP_PKEY_derive(pctx, derivedKey->data, &new) <= 0) {
+ HksLogOpensslError();
+ break;
+ }
+diff --git a/frameworks/huks_standard/main/os_dependency/BUILD.gn b/frameworks/huks_standard/main/os_dependency/BUILD.gn
+index 7d03e55..6da94a5 100755
+--- a/frameworks/huks_standard/main/os_dependency/BUILD.gn
++++ b/frameworks/huks_standard/main/os_dependency/BUILD.gn
+@@ -26,6 +26,8 @@ ohos_static_library("libhuks_os_dependency_standard_static") {
+ public_configs = [ ":huks_config" ]
+ include_dirs = [
+ "log",
++ "sysinfo/include",
++ "../../../../services/huks_standard/huks_service/main/core/include/",
+ "//utils/native/base/include",
+ "//utils/system/safwk/native/include",
+ ]
+@@ -35,17 +37,20 @@ ohos_static_library("libhuks_os_dependency_standard_static") {
+ "_HUKS_LOG_ENABLE_",
+ ]
+ sources = [
+- "./ipc/src/hks_client_service_ipc.c",
+- "./ipc/src/hks_ipc_check.c",
+- "./ipc/src/hks_ipc_serialization.c",
+- "./ipc/src/hks_ipc_slice.c",
+- "./ipc/src/hks_request.cpp",
++# "./ipc/src/hks_client_service_ipc.c",
++# "./ipc/src/hks_ipc_check.c",
++# "./ipc/src/hks_ipc_serialization.c",
++# "./ipc/src/hks_ipc_slice.c",
++# "./ipc/src/hks_request.cpp",
++ "./ipc/src/hks_client_service_passthrough.c",
++ "./sysinfo/src/hks_get_process_info_passthrough.c",
+ "./log/hks_log.c",
+ "./posix/hks_mem.c",
+ ]
+ deps = [
+ "//base/security/huks/frameworks/huks_standard/main/common:libhuks_common_standard_static",
+ "//utils/native/base:utils",
++ "//third_party/bounds_checking_function:libsec_shared",
+ ]
+ external_deps = [
+ "hiviewdfx_hilog_native:libhilog",
+diff --git a/frameworks/huks_standard/main/os_dependency/log/hks_log.c b/frameworks/huks_standard/main/os_dependency/log/hks_log.c
+index ef7d264..5beadab 100755
+--- a/frameworks/huks_standard/main/os_dependency/log/hks_log.c
++++ b/frameworks/huks_standard/main/os_dependency/log/hks_log.c
+@@ -22,8 +22,8 @@
+
+ #undef LOG_DOMAIN
+ #undef LOG_TAG
+-static const unsigned int LOG_DOMAIN = 0xD002F01;
+-static const char* LOG_TAG = "HUKS";
++//static const unsigned int LOG_DOMAIN = 0xD002F01;
++//static const char* LOG_TAG = "HUKS";
+
+ #define MAX_LOG_BUFF_LEN 512
+
+@@ -48,16 +48,16 @@ void HksLog(uint32_t logLevel, const char *funcName, uint32_t lineNo, const char
+
+ switch (logLevel) {
+ case HKS_LOG_LEVEL_I:
+- HILOG_INFO(LOG_CORE, "%{public}s[%{public}u]: %{public}s\n", funcName, lineNo, buf);
++ HILOG_INFO(LOG_CORE, "%s[%u]: %s\n", funcName, lineNo, buf);
+ break;
+ case HKS_LOG_LEVEL_E:
+- HILOG_ERROR(LOG_CORE, "%{public}s[%{public}u]: %{public}s\n", funcName, lineNo, buf);
++ HILOG_ERROR(LOG_CORE, "%s[%u]: %s\n", funcName, lineNo, buf);
+ break;
+ case HKS_LOG_LEVEL_W:
+- HILOG_WARN(LOG_CORE, "%{public}s[%{public}u]: %{public}s\n", funcName, lineNo, buf);
++ HILOG_WARN(LOG_CORE, "%s[%u]: %s\n", funcName, lineNo, buf);
+ break;
+ case HKS_LOG_LEVEL_D:
+- HILOG_DEBUG(LOG_CORE, "%{public}s[%{public}u]: %{private}s\n", funcName, lineNo, buf);
++ HILOG_DEBUG(LOG_CORE, "%s[%u]: %s\n", funcName, lineNo, buf);
+ break;
+ default:
+ HKS_FREE_PTR(buf);
+@@ -65,4 +65,4 @@ void HksLog(uint32_t logLevel, const char *funcName, uint32_t lineNo, const char
+ }
+
+ HKS_FREE_PTR(buf);
+-}
+\ No newline at end of file
++}
+diff --git a/interfaces/innerkits/huks_standard/main/BUILD.gn b/interfaces/innerkits/huks_standard/main/BUILD.gn
+index 1ca1e02..88e620d 100755
+--- a/interfaces/innerkits/huks_standard/main/BUILD.gn
++++ b/interfaces/innerkits/huks_standard/main/BUILD.gn
+@@ -41,6 +41,7 @@ if (os_level == "standard") {
+ deps = [
+ "//base/security/huks/frameworks/huks_standard/main:huks_standard_frameworks",
+ "//base/security/huks/utils/crypto_adapter:libhuks_utils_client_service_adapter_static",
++ "//base/security/huks/services/huks_standard/huks_engine/main/core:huks_engine_core_standard",
+ ]
+ }
+ }
+diff --git a/services/huks_standard/huks_service/main/os_dependency/BUILD.gn b/services/huks_standard/huks_service/main/os_dependency/BUILD.gn
+index 931d20c..01078b7 100755
+--- a/services/huks_standard/huks_service/main/os_dependency/BUILD.gn
++++ b/services/huks_standard/huks_service/main/os_dependency/BUILD.gn
+@@ -34,7 +34,7 @@ ohos_static_library("libhuks_service_os_dependency_standard_static") {
+ ]
+ sources = [
+ "posix/hks_rwlock.c",
+- "sa/hks_sa.cpp",
++# "sa/hks_sa.cpp",
+ ]
+ deps = [
+ "//base/security/huks/frameworks/huks_standard/main/common:libhuks_common_standard_static",
+diff --git a/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn b/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn
+index e86a491..3ffcfa1 100755
+--- a/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn
++++ b/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn
+@@ -32,9 +32,9 @@ ohos_static_library("libhuks_service_idl_standard_static") {
+ "_HUKS_LOG_ENABLE_",
+ ]
+ sources = [
+- "ipc/hks_ipc_serialization.c",
+- "ipc/hks_ipc_service.c",
+- "ipc/hks_response.cpp",
++# "ipc/hks_ipc_serialization.c",
++# "ipc/hks_ipc_service.c",
++# "ipc/hks_response.cpp",
+ "passthrough/huks_access.c",
+ "passthrough/huks_core_dynamic_hal.c",
+ ]
+diff --git a/utils/file_operator/hks_file_operator.c b/utils/file_operator/hks_file_operator.c
+index 5543c38..5c2e704 100755
+--- a/utils/file_operator/hks_file_operator.c
++++ b/utils/file_operator/hks_file_operator.c
+@@ -93,7 +93,7 @@ static uint32_t FileRead(const char *fileName, uint32_t offset, uint8_t *buf, ui
+ }
+
+ char filePath[PATH_MAX + 1] = {0};
+- (void)realpath(fileName, filePath);
++ char *path __attribute__((unused)) = realpath(fileName, filePath);
+ if (strstr(filePath, "../") != NULL) {
+ HKS_LOG_E("invalid filePath, path %s", filePath);
+ return 0;
+@@ -137,7 +137,7 @@ static int32_t FileWrite(const char *fileName, uint32_t offset, const uint8_t *b
+ if (memcpy_s(filePath, sizeof(filePath) - 1, fileName, strlen(fileName)) != EOK) {
+ return HKS_ERROR_BAD_STATE;
+ }
+- (void)realpath(fileName, filePath);
++ char *path __attribute__((unused)) = realpath(fileName, filePath);
+ if (strstr(filePath, "../") != NULL) {
+ HKS_LOG_E("invalid filePath, path %s", filePath);
+ return HKS_ERROR_INVALID_KEY_FILE;
+@@ -519,4 +519,4 @@ uint32_t HksFileSize(const char *path, const char *fileName)
+ int32_t HksGetFileName(const char *path, const char *fileName, char *fullFileName, uint32_t fullFileNameLen)
+ {
+ return GetFileName(path, fileName, fullFileName, fullFileNameLen);
+-}
+\ No newline at end of file
++}
+--
+2.25.1
+
diff --git a/security-huks-0002-simplify-dependency-on-third-party-packages.patch b/security-huks-0002-simplify-dependency-on-third-party-packages.patch
new file mode 100644
index 0000000..38753e1
--- /dev/null
+++ b/security-huks-0002-simplify-dependency-on-third-party-packages.patch
@@ -0,0 +1,114 @@
+From bda2efdae0c4df2c2d64796dd3469bc53f53604f Mon Sep 17 00:00:00 2001
+From: "beiling.xie" <xiekunxun@huawei.com>
+Date: Thu, 10 Nov 2022 14:37:25 +0800
+Subject: [PATCH] simplify dependency on third-party packages
+
+Signed-off-by: beiling.xie <xiekunxun@huawei.com>
+---
+ frameworks/huks_standard/main/core/BUILD.gn | 3 ++-
+ .../huks_standard/main/crypto_engine/openssl/BUILD.gn | 4 +++-
+ frameworks/huks_standard/main/os_dependency/BUILD.gn | 7 +++----
+ .../huks_service/main/os_dependency/BUILD.gn | 8 +++-----
+ .../huks_service/main/os_dependency/idl/BUILD.gn | 2 +-
+ utils/crypto_adapter/BUILD.gn | 3 ++-
+ 6 files changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/frameworks/huks_standard/main/core/BUILD.gn b/frameworks/huks_standard/main/core/BUILD.gn
+index b601eda..6ac01d4 100755
+--- a/frameworks/huks_standard/main/core/BUILD.gn
++++ b/frameworks/huks_standard/main/core/BUILD.gn
+@@ -40,7 +40,8 @@ ohos_static_library("libhuks_core_standard_static") {
+ ]
+ deps = [
+ "//base/security/huks/frameworks/huks_standard/main/common:libhuks_common_standard_static",
+- "//third_party/openssl:libcrypto_static",
+ ]
++
++ libs = [ "crypto" ]
+ complete_static_lib = true
+ }
+diff --git a/frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn b/frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn
+index ab4d1a2..f02b701 100755
+--- a/frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn
++++ b/frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn
+@@ -51,8 +51,10 @@ ohos_static_library("libhuks_openssl_standard_static") {
+
+ deps = [
+ "//base/security/huks/frameworks/huks_standard/main/common:libhuks_common_standard_static",
+- "//third_party/openssl:libcrypto_static",
+ ]
++
++ libs = [ "crypto" ]
++
+ cflags = [
+ "-DHILOG_ENABLE",
+ "-Wall",
+diff --git a/frameworks/huks_standard/main/os_dependency/BUILD.gn b/frameworks/huks_standard/main/os_dependency/BUILD.gn
+index 6da94a5..bfe2941 100755
+--- a/frameworks/huks_standard/main/os_dependency/BUILD.gn
++++ b/frameworks/huks_standard/main/os_dependency/BUILD.gn
+@@ -52,10 +52,9 @@ ohos_static_library("libhuks_os_dependency_standard_static") {
+ "//utils/native/base:utils",
+ "//third_party/bounds_checking_function:libsec_shared",
+ ]
+- external_deps = [
+- "hiviewdfx_hilog_native:libhilog",
+- "ipc:ipc_core",
+- "samgr_standard:samgr_proxy",
++ deps += [
++ "//depend:libhilog",
++ "//depend/ipc:ipc_core",
+ ]
+ cflags_cc = [
+ "-DHILOG_ENABLE",
+diff --git a/services/huks_standard/huks_service/main/os_dependency/BUILD.gn b/services/huks_standard/huks_service/main/os_dependency/BUILD.gn
+index 01078b7..dfa2c4f 100755
+--- a/services/huks_standard/huks_service/main/os_dependency/BUILD.gn
++++ b/services/huks_standard/huks_service/main/os_dependency/BUILD.gn
+@@ -43,11 +43,9 @@ ohos_static_library("libhuks_service_os_dependency_standard_static") {
+ ]
+ public_deps = [ "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/idl:libhuks_service_idl_standard_static" ]
+
+- external_deps = [
+- "hiviewdfx_hilog_native:libhilog",
+- "ipc:ipc_core",
+- "safwk:system_ability_fwk",
+- "samgr_standard:samgr_proxy",
++ deps += [
++ "//depend:libhilog",
++ "//depend/ipc:ipc_core",
+ ]
+ if (support_jsapi) {
+ sources += [ "sa/hks_event_observer.cpp" ]
+diff --git a/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn b/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn
+index 3ffcfa1..0650b2c 100755
+--- a/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn
++++ b/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn
+@@ -43,7 +43,7 @@ ohos_static_library("libhuks_service_idl_standard_static") {
+ "//base/security/huks/services/huks_standard/huks_service/main/core:libhuks_service_core_standard_static",
+ "//utils/native/base:utils",
+ ]
+- external_deps = [ "ipc:ipc_core" ]
++ deps += [ "//depend/ipc:ipc_core" ]
+ if (support_jsapi) {
+ external_deps += [
+ "access_token:libaccesstoken_sdk",
+diff --git a/utils/crypto_adapter/BUILD.gn b/utils/crypto_adapter/BUILD.gn
+index 0ca8f61..7d28eea 100755
+--- a/utils/crypto_adapter/BUILD.gn
++++ b/utils/crypto_adapter/BUILD.gn
+@@ -39,9 +39,10 @@ ohos_static_library("libhuks_utils_client_service_adapter_static") {
+ deps = [
+ "//base/security/huks/frameworks/huks_standard/main/common:libhuks_common_standard_static",
+ "//base/security/huks/frameworks/huks_standard/main/os_dependency:libhuks_os_dependency_standard_static",
+- "//third_party/openssl:libcrypto_static",
+ "//utils/native/base:utils",
+ ]
+
++ libs = [ "crypto" ]
++
+ complete_static_lib = true
+ }
+--
+2.25.1
+
diff --git a/security-huks-0003-fix-discarded-qualifiers-error.patch b/security-huks-0003-fix-discarded-qualifiers-error.patch
new file mode 100644
index 0000000..6d20679
--- /dev/null
+++ b/security-huks-0003-fix-discarded-qualifiers-error.patch
@@ -0,0 +1,53 @@
+From 05495d8cad3752f5bf357dfd878a1090fd2b191b Mon Sep 17 00:00:00 2001
+From: liheavy <lihaiwei8@huawei.com>
+Date: Wed, 8 Feb 2023 17:42:40 +0800
+Subject: [PATCH] fix discarded-qualifiers-error
+
+diff -Nur a/utils/crypto_adapter/hks_client_service_adapter.c b/utils/crypto_adapter/hks_client_service_adapter.c
+--- a/utils/crypto_adapter/hks_client_service_adapter.c 2022-07-28 15:16:34.000000000 +0800
++++ b/utils/crypto_adapter/hks_client_service_adapter.c 2023-02-09 10:28:07.858448659 +0800
+@@ -447,7 +447,7 @@
+ #ifdef HKS_SUPPORT_RSA_C
+ static int32_t X509PublicKeyToRsa(EVP_PKEY *pkey, struct HksBlob *rsaPublicKey)
+ {
+- RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ const RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ if (rsa == NULL) {
+ HKS_LOG_E("EVP_PKEY_get1_RSA error %s", ERR_reason_error_string(ERR_get_error()));
+ return HKS_ERROR_NULL_POINTER;
+@@ -488,7 +488,7 @@
+ #endif
+
+ #ifdef HKS_SUPPORT_ECC_C
+-static int32_t EcKeyToPublicKey(EC_KEY *ecKey, struct HksBlob *eccPublicKey)
++static int32_t EcKeyToPublicKey(const EC_KEY *ecKey, struct HksBlob *eccPublicKey)
+ {
+ BIGNUM *x = BN_new();
+ BIGNUM *y = BN_new();
+@@ -546,7 +546,7 @@
+
+ static int32_t X509PublicKeyToEcc(EVP_PKEY *pkey, struct HksBlob *eccPublicKey)
+ {
+- EC_KEY *ecKey = EVP_PKEY_get0_EC_KEY(pkey);
++ const EC_KEY *ecKey = EVP_PKEY_get0_EC_KEY(pkey);
+ if (ecKey == NULL) {
+ HKS_LOG_E("EVP_PKEY_get1_EC_KEY error %s", ERR_reason_error_string(ERR_get_error()));
+ return HKS_ERROR_NULL_POINTER;
+@@ -559,7 +559,7 @@
+ #ifdef HKS_SUPPORT_DSA_C
+ static int32_t X509PublicKeyToDsa(EVP_PKEY *pkey, struct HksBlob *dsaPublicKey)
+ {
+- DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ const DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ if (dsa == NULL) {
+ HKS_LOG_E("EVP_PKEY_get1_DSA error %s", ERR_reason_error_string(ERR_get_error()));
+ return HKS_ERROR_NULL_POINTER;
+@@ -615,7 +615,7 @@
+ #ifdef HKS_SUPPORT_DH_C
+ static int32_t X509PublicKeyToDh(EVP_PKEY *pkey, struct HksBlob *dhPublicKey)
+ {
+- DH *dh = EVP_PKEY_get0_DH(pkey);
++ const DH *dh = EVP_PKEY_get0_DH(pkey);
+ if (dh == NULL) {
+ HKS_LOG_E("EVP_PKEY_get0_DH error %s", ERR_reason_error_string(ERR_get_error()));
+ return HKS_ERROR_NULL_POINTER;
diff --git a/sources b/sources
new file mode 100644
index 0000000..a408e15
--- /dev/null
+++ b/sources
@@ -0,0 +1,8 @@
+29376a26959497d4524ac05369e055de build-OpenHarmony-v3.0.2-LTS.tar.gz
+83c0d7402084001c405aea05948d8416 commonlibrary_c_utils-OpenHarmony-v3.1.2-Release.tar.gz
+1c66700897a0aef789f4d3cf0247b0ff dsoftbus_standard-v3.1.2.2-release.tar.gz
+e9b6fe59eef786bd3e9c27966a84a1c8 embedded-ipc-v1.0.1-release.tar.gz
+da1bae36c7c9e03bc279a1d2127fa828 security_device_auth-OpenHarmony-v3.1.2-Release.tar.gz
+35e2e21a4ed1908fb182269dac10ac68 security_huks-OpenHarmony-v3.1.2-Release.tar.gz
+31fc45233bbbd3b920519fe6a0b3c478 third_party_libcoap-OpenHarmony-v3.1.2-Release.tar.gz
+781377321e35f8b4c5c22fd19172bbe6 third_party_mbedtls-OpenHarmony-v3.1.2-Release.tar.gz
diff --git a/third-party-cjson-0001-adapter-cjson-in-openEuler-for-softbus.patch b/third-party-cjson-0001-adapter-cjson-in-openEuler-for-softbus.patch
new file mode 100644
index 0000000..5e5e975
--- /dev/null
+++ b/third-party-cjson-0001-adapter-cjson-in-openEuler-for-softbus.patch
@@ -0,0 +1,46 @@
+From 6c9dc0807972a3183d9348b654e46bc0126c27e6 Mon Sep 17 00:00:00 2001
+From: "beiling.xie" <xiekunxun@huawei.com>
+Date: Thu, 10 Nov 2022 11:04:23 +0800
+Subject: [PATCH] adapter cjson in openEuler for softbus
+
+Signed-off-by: beiling.xie <xiekunxun@huawei.com>
+---
+ BUILD.gn | 26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+ create mode 100755 BUILD.gn
+
+diff --git a/BUILD.gn b/BUILD.gn
+new file mode 100755
+index 0000000..e704680
+--- /dev/null
++++ b/BUILD.gn
+@@ -0,0 +1,26 @@
++#Copyright (c) 2019-2021 Huawei Device Co., Ltd.
++#Licensed under the Apache License, Version 2.0 (the "License");
++#you may not use this file except in compliance with the License.
++#You may obtain a copy of the License at
++#
++# http://www.apache.org/licenses/LICENSE-2.0
++#
++#Unless required by applicable law or agreed to in writing, software
++#distributed under the License is distributed on an "AS IS" BASIS,
++#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++#See the License for the specific language governing permissions and
++#limitations under the License.
++
++import("//build/ohos.gni")
++import("//build/config/sysroot.gni")
++config("cJSON_config") {
++ include_dirs = [ "${sysroot}/usr/include/cjson" ]
++ libs = [ "cjson" ]
++}
++ohos_static_library("cjson_static") {
++ public_configs = [ ":cJSON_config" ]
++}
++ohos_shared_library("cjson") {
++ public_configs = [ ":cJSON_config" ]
++ subsystem_name = "hiviewdfx"
++}
+--
+2.25.1
+
diff --git a/third-party-mbedtls-0001-Adaptation-for-dsoftbus.patch b/third-party-mbedtls-0001-Adaptation-for-dsoftbus.patch
new file mode 100644
index 0000000..afe75d4
--- /dev/null
+++ b/third-party-mbedtls-0001-Adaptation-for-dsoftbus.patch
@@ -0,0 +1,17 @@
+--- a/BUILD.gn
++++ b/BUILD.gn
+@@ -117,12 +117,13 @@ if (defined(ohos_lite)) {
+ ohos_shared_library("mbedtls_shared") {
+ public_configs = [ ":mbedtls_config" ]
+ output_name = "mbedtls"
+- subsystem_name = "common"
++ subsystem_name = "communication"
+ part_name = "dsoftbus_standard"
+ sources = MBEDTLS_SOURCES
+ }
+
+ group("mbedtls") {
++ public_configs = [ ":mbedtls_config" ]
+ public_deps = [ ":mbedtls_shared" ]
+ }
+ }
diff --git a/third-party-mbedtls-0002-fix-CVE-2021-43666.patch b/third-party-mbedtls-0002-fix-CVE-2021-43666.patch
new file mode 100644
index 0000000..4a2cb68
--- /dev/null
+++ b/third-party-mbedtls-0002-fix-CVE-2021-43666.patch
@@ -0,0 +1,409 @@
+From: maoyufeng <maoyufeng3@huawei.com>
+Date: Mon, 23 May 2022 14:57:48 +0800
+Subject: [PATCH] Fix issue CVE-2021-43666
+
+Signed-off-by: maoyufeng <maoyufeng3@huawei.com>
+---
+ ChangeLog.d/fix-pkcs12-null-password.txt | 5 ++
+ include/mbedtls/pkcs12.h | 34 ++++++----
+ library/pkcs12.c | 82 ++++++++++++++++++------
+ tests/CMakeLists.txt | 1 +
+ tests/scripts/all.sh | 30 +++++++++
+ tests/suites/test_suite_pkcs12.data | 35 ++++++++++
+ tests/suites/test_suite_pkcs12.function | 68 ++++++++++++++++++++
+ 7 files changed, 223 insertions(+), 32 deletions(-)
+ create mode 100644 ChangeLog.d/fix-pkcs12-null-password.txt
+ mode change 100755 => 100644 library/pkcs12.c
+ create mode 100644 tests/suites/test_suite_pkcs12.data
+ create mode 100644 tests/suites/test_suite_pkcs12.function
+
+diff --git a/ChangeLog.d/fix-pkcs12-null-password.txt b/ChangeLog.d/fix-pkcs12-null-password.txt
+new file mode 100644
+index 0000000000000000000000000000000000000000..a6ce140fdc3479cfac671542692ab646f7c8b5f3
+--- /dev/null
++++ b/ChangeLog.d/fix-pkcs12-null-password.txt
+@@ -0,0 +1,5 @@
++Bugfix
++ * Fix a potential invalid pointer dereference and infinite loop bugs in
++ pkcs12 functions when the password is empty. Fix the documentation to
++ better describe the inputs to these functions and their possible values.
++ Fixes #5136.
+\ No newline at end of file
+diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
+index 9cbcb1730559bb7d3a22a378467b9f6aa1b1c3fa..9e11e24a8d07b9e377fd49d9206fd300330bcdbf 100755
+--- a/include/mbedtls/pkcs12.h
++++ b/include/mbedtls/pkcs12.h
+@@ -83,8 +83,9 @@ extern "C" {
+ * \brief PKCS12 Password Based function (encryption / decryption)
+ * for pbeWithSHAAnd128BitRC4
+ *
+- * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
+- * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
++ * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure
++ * \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or
++ * #MBEDTLS_PKCS12_PBE_DECRYPT
+ * \param pwd the password used (may be NULL if no password is used)
+ * \param pwdlen length of the password (may be 0)
+ * \param input the input data
+@@ -105,8 +106,9 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
+ * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
+ * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
+ * \param cipher_type the cipher used
+- * \param md_type the mbedtls_md used
+- * \param pwd the password used (may be NULL if no password is used)
++ * \param md_type the mbedtls_md used
++ * \param pwd Latin1-encoded password used. This may only be \c NULL when
++ * \p pwdlen is 0. No null terminator should be used.
+ * \param pwdlen length of the password (may be 0)
+ * \param input the input data
+ * \param len data length
+@@ -127,18 +129,24 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
+ * to produce pseudo-random bits for a particular "purpose".
+ *
+ * Depending on the given id, this function can produce an
+- * encryption/decryption key, an nitialization vector or an
++ * encryption/decryption key, an initialization vector or an
+ * integrity key.
+ *
+ * \param data buffer to store the derived data in
+- * \param datalen length to fill
+- * \param pwd password to use (may be NULL if no password is used)
+- * \param pwdlen length of the password (may be 0)
+- * \param salt salt buffer to use
+- * \param saltlen length of the salt
+- * \param mbedtls_md mbedtls_md type to use during the derivation
+- * \param id id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY,
+- * MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
++ * \param datalen length of buffer to fill
++ * \param pwd The password to use. For compliance with PKCS#12 §B.1, this
++ * should be a BMPString, i.e. a Unicode string where each
++ * character is encoded as 2 bytes in big-endian order, with
++ * no byte order mark and with a null terminator (i.e. the
++ * last two bytes should be 0x00 0x00).
++ * \param pwdlen length of the password (may be 0).
++ * \param salt Salt buffer to use This may only be \c NULL when
++ * \p saltlen is 0.
++ * \param saltlen length of the salt (may be zero)
++ * \param mbedtls_md mbedtls_md type to use during the derivation
++ * \param id id that describes the purpose (can be
++ * #MBEDTLS_PKCS12_DERIVE_KEY, #MBEDTLS_PKCS12_DERIVE_IV or
++ * #MBEDTLS_PKCS12_DERIVE_MAC_KEY)
+ * \param iterations number of iterations
+ *
+ * \return 0 if successful, or a MD, BIGNUM type error.
+diff --git a/library/pkcs12.c b/library/pkcs12.c
+old mode 100755
+new mode 100644
+index 3d23d5e354923cd01d69a479fcf572d80af540a6..05ade49e93b3d2cb8e03f7915f0ead4b79e919c4
+--- a/library/pkcs12.c
++++ b/library/pkcs12.c
+@@ -209,6 +209,9 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
+ mbedtls_cipher_context_t cipher_ctx;
+ size_t olen = 0;
+
++ if( pwd == NULL && pwdlen != 0 )
++ return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
++
+ cipher_info = mbedtls_cipher_info_from_type( cipher_type );
+ if( cipher_info == NULL )
+ return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
+@@ -261,12 +264,23 @@ static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
+ unsigned char *p = data;
+ size_t use_len;
+
+- while( data_len > 0 )
++ if( filler != NULL && fill_len != 0 )
+ {
+- use_len = ( data_len > fill_len ) ? fill_len : data_len;
+- memcpy( p, filler, use_len );
+- p += use_len;
+- data_len -= use_len;
++ while( data_len > 0 )
++ {
++ use_len = ( data_len > fill_len ) ? fill_len : data_len;
++ memcpy( p, filler, use_len );
++ p += use_len;
++ data_len -= use_len;
++ }
++ }
++ else
++ {
++ /* If either of the above are not true then clearly there is nothing
++ * that this function can do. The function should *not* be called
++ * under either of those circumstances, as you could end up with an
++ * incorrect output but for safety's sake, leaving the check in as
++ * otherwise we could end up with memory corruption.*/
+ }
+ }
+
+@@ -283,6 +297,8 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
+ unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
+ unsigned char *p;
+ unsigned char c;
++ int use_password = 0;
++ int use_salt = 0;
+
+ size_t hlen, use_len, v, i;
+
+@@ -293,6 +309,15 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
+ if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
+ return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
+
++ if( pwd == NULL && pwdlen != 0 )
++ return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
++
++ if( salt == NULL && saltlen != 0 )
++ return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
++
++ use_password = ( pwd && pwdlen != 0 );
++ use_salt = ( salt && saltlen != 0 );
++
+ md_info = mbedtls_md_info_from_type( md_type );
+ if( md_info == NULL )
+ return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
+@@ -310,8 +335,15 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
+
+ memset( diversifier, (unsigned char) id, v );
+
+- pkcs12_fill_buffer( salt_block, v, salt, saltlen );
+- pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen );
++ if( use_salt != 0 )
++ {
++ pkcs12_fill_buffer( salt_block, v, salt, saltlen );
++ }
++
++ if( use_password != 0 )
++ {
++ pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen );
++ }
+
+ p = data;
+ while( datalen > 0 )
+@@ -323,11 +355,17 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
+ if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
+ goto exit;
+
+- if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 )
+- goto exit;
++ if( use_salt != 0 )
++ {
++ if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v )) != 0 )
++ goto exit;
++ }
+
+- if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 )
+- goto exit;
++ if( use_password != 0)
++ {
++ if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v )) != 0 )
++ goto exit;
++ }
+
+ if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
+ goto exit;
+@@ -355,22 +393,28 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
+ if( ++hash_block[i - 1] != 0 )
+ break;
+
+- // salt_block += B
+- c = 0;
+- for( i = v; i > 0; i-- )
++ if( use_salt != 0 )
+ {
+- j = salt_block[i - 1] + hash_block[i - 1] + c;
++ // salt_block += B
++ c = 0;
++ for( i = v; i > 0; i-- )
++ {
++ j = salt_block[i - 1] + hash_block[i - 1] + c;
+ c = (unsigned char) (j >> 8);
+ salt_block[i - 1] = j & 0xFF;
++ }
+ }
+
+- // pwd_block += B
+- c = 0;
+- for( i = v; i > 0; i-- )
++ if( use_password != 0 )
+ {
+- j = pwd_block[i - 1] + hash_block[i - 1] + c;
++ // pwd_block += B
++ c = 0;
++ for( i = v; i > 0; i-- )
++ {
++ j = pwd_block[i - 1] + hash_block[i - 1] + c;
+ c = (unsigned char) (j >> 8);
+ pwd_block[i - 1] = j & 0xFF;
++ }
+ }
+ }
+
+diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
+index a8e7523e504bc5cff9925648dd1b3bd7fb55f0cf..c5d484f924328bde2d2525b6f89e125974c3b770 100644
+--- a/tests/CMakeLists.txt
++++ b/tests/CMakeLists.txt
+@@ -120,6 +120,7 @@ add_test_suite(pem)
+ add_test_suite(pkcs1_v15)
+ add_test_suite(pkcs1_v21)
+ add_test_suite(pkcs5)
++add_test_suite(pkcs12)
+ add_test_suite(pk)
+ add_test_suite(pkparse)
+ add_test_suite(pkwrite)
+diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
+index 1a4de44b665f8df822adbd83bece912119bca98f..00222f379e808d8662967fdf200e18739cbabe61 100755
+--- a/tests/scripts/all.sh
++++ b/tests/scripts/all.sh
+@@ -1683,6 +1683,36 @@ component_test_valgrind () {
+ fi
+ }
+
++support_test_cmake_out_of_source () {
++ distrib_id=""
++ distrib_ver=""
++ distrib_ver_minor=""
++ distrib_ver_major=""
++
++ # Attempt to parse lsb-release to find out distribution and version. If not
++ # found this should fail safe (test is supported).
++ if [[ -f /etc/lsb-release ]]; then
++
++ while read -r lsb_line; do
++ case "$lsb_line" in
++ "DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};;
++ "DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};;
++ esac
++ done < /etc/lsb-release
++
++ distrib_ver_major="${distrib_ver%%.*}"
++ distrib_ver="${distrib_ver#*.}"
++ distrib_ver_minor="${distrib_ver%%.*}"
++ fi
++
++ # Running the out of source CMake test on Ubuntu 16.04 using more than one
++ # processor (as the CI does) can create a race condition whereby the build
++ # fails to see a generated file, despite that file actually having been
++ # generated. This problem appears to go away with 18.04 or newer, so make
++ # the out of source tests unsupported on Ubuntu 16.04.
++ [ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ]
++}
++
+ component_test_cmake_out_of_source () {
+ msg "build: cmake 'out-of-source' build"
+ MBEDTLS_ROOT_DIR="$PWD"
+diff --git a/tests/suites/test_suite_pkcs12.data b/tests/suites/test_suite_pkcs12.data
+new file mode 100644
+index 0000000000000000000000000000000000000000..bda7d9921caad35c1835e0093df8a9644d4bd9cb
+--- /dev/null
++++ b/tests/suites/test_suite_pkcs12.data
+@@ -0,0 +1,35 @@
++PKCS#12 derive key : MD5: Zero length password and hash
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_GIVEN_INPUT:"":USE_GIVEN_INPUT:3:"6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b":0
++
++PKCS#12 derive key: MD5: NULL password and hash
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_NULL_INPUT:"":USE_NULL_INPUT:3:"6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b":0
++
++PKCS#12 derive key: MD5: Zero length password
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_GIVEN_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"832d8502114fcccfd3de0c2b2863b1c45fb92a8db2ed1e704727b324adc267bdd66ae4918a81fa2d1ba15febfb9e6c4e":0
++
++PKCS#12 derive key: MD5: NULL password
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_NULL_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"832d8502114fcccfd3de0c2b2863b1c45fb92a8db2ed1e704727b324adc267bdd66ae4918a81fa2d1ba15febfb9e6c4e":0
++
++PKCS#12 derive key: MD5: Invalid length NULL password
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_NULL_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"":MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
++
++PKCS#12 derive key: MD5: Zero length salt
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"":USE_GIVEN_INPUT:3:"832d8502114fcccfd3de0c2b2863b1c45fb92a8db2ed1e704727b324adc267bdd66ae4918a81fa2d1ba15febfb9e6c4e":0
++
++PKCS#12 derive key: MD5: NULL salt
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"":USE_NULL_INPUT:3:"832d8502114fcccfd3de0c2b2863b1c45fb92a8db2ed1e704727b324adc267bdd66ae4918a81fa2d1ba15febfb9e6c4e":0
++
++PKCS#12 derive key: MD5: Invalid length NULL salt
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"0123456789abcdef":USE_NULL_INPUT:3:"":MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
++
++PKCS#12 derive key: MD5: Valid password and salt
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"46559deeee036836ab1b633ec620178d4c70eacf42f72a2ad7360c812efa09ca3d7567b489a109050345c2dc6a262995":0
+diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function
+new file mode 100644
+index 0000000000000000000000000000000000000000..56b896c8253b5d9734d27b0bd7cd315b3cbc7ee7
+--- /dev/null
++++ b/tests/suites/test_suite_pkcs12.function
+@@ -0,0 +1,68 @@
++/* BEGIN_HEADER */
++#include "mbedtls/pkcs12.h"
++
++typedef enum
++{
++ USE_NULL_INPUT = 0,
++ USE_GIVEN_INPUT = 1,
++} input_usage_method_t;
++
++/* END_HEADER */
++
++/* BEGIN_DEPENDENCIES
++ * depends_on:MBEDTLS_PKCS12_C
++ * END_DEPENDENCIES
++ */
++
++/* BEGIN_CASE */
++void pkcs12_derive_key( int md_type, int key_size_arg,
++ data_t *password_arg, int password_usage,
++ data_t *salt_arg, int salt_usage,
++ int iterations,
++ data_t* expected_output, int expected_status )
++
++{
++ int ret = 0;
++ unsigned char *output_data = NULL;
++
++ unsigned char *password = NULL;
++ size_t password_len = 0;
++ unsigned char *salt = NULL;
++ size_t salt_len = 0;
++ size_t key_size = key_size_arg;
++
++ if( password_usage == USE_GIVEN_INPUT )
++ password = password_arg->x;
++
++ password_len = password_arg->len;
++
++ if( salt_usage == USE_GIVEN_INPUT )
++ salt = salt_arg->x;
++
++ salt_len = salt_arg->len;
++
++ ASSERT_ALLOC( output_data, key_size );
++
++ ret = mbedtls_pkcs12_derivation( output_data,
++ key_size,
++ password,
++ password_len,
++ salt,
++ salt_len,
++ md_type,
++ MBEDTLS_PKCS12_DERIVE_KEY,
++ iterations );
++
++ TEST_EQUAL( ret, expected_status );
++
++ if( expected_status == 0 )
++ {
++ ASSERT_COMPARE( expected_output->x, expected_output->len,
++ output_data, key_size );
++ }
++
++exit:
++ mbedtls_free( output_data );
++
++}
++/* END_CASE */
+\ No newline at end of file
diff --git a/third-party-mbedtls-0002-fix-CVE-2021-45451.patch b/third-party-mbedtls-0002-fix-CVE-2021-45451.patch
new file mode 100644
index 0000000..ce1251d
--- /dev/null
+++ b/third-party-mbedtls-0002-fix-CVE-2021-45451.patch
@@ -0,0 +1,24 @@
+From: =?UTF-8?q?=E6=AF=9B=E5=AE=87=E9=94=8B?= <maoyufeng3@huawei.com>
+Date: Mon, 18 Jul 2022 02:20:45 +0000
+Subject: [PATCH] [session] fix a session copy bug fix a possible double
+ reference on 'ticket' when peer_cert/peer_cert_digest calloc failed.
+ Cherry-pick from
+ https://github.com/Mbed-TLS/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc
+
+Signed-off-by: maoyufeng <maoyufeng3@huawei.com>
+
+diff --git a/library/ssl_tls.c b/library/ssl_tls.c
+index 3c1e9175981c4c0d175af94914e4c8ebb4558fc9..962d6254353e92b8422842362f603228850184b7 100755
+--- a/library/ssl_tls.c
++++ b/library/ssl_tls.c
+@@ -301,6 +301,10 @@ static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session
+ mbedtls_ssl_session_free( dst );
+ memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
+
++#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
++ dst->ticket = NULL;
++#endif
++
+ #if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( src->peer_cert != NULL )
+ {
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 07:59:06 +0000