diff options
22 files changed, 2860 insertions, 0 deletions
@@ -0,0 +1,8 @@ +/build-OpenHarmony-v3.0.2-LTS.tar.gz +/commonlibrary_c_utils-OpenHarmony-v3.1.2-Release.tar.gz +/dsoftbus_standard-v3.1.2.2-release.tar.gz +/embedded-ipc-v1.0.1-release.tar.gz +/security_device_auth-OpenHarmony-v3.1.2-Release.tar.gz +/security_huks-OpenHarmony-v3.1.2-Release.tar.gz +/third_party_libcoap-OpenHarmony-v3.1.2-Release.tar.gz +/third_party_mbedtls-OpenHarmony-v3.1.2-Release.tar.gz diff --git a/build-0001-add-dsoftbus-build-support-for-embedded-env.patch b/build-0001-add-dsoftbus-build-support-for-embedded-env.patch new file mode 100644 index 0000000..6eccb07 --- /dev/null +++ b/build-0001-add-dsoftbus-build-support-for-embedded-env.patch @@ -0,0 +1,390 @@ +From a7244bd742f999e7ec8462797c7e7a393a844a7b Mon Sep 17 00:00:00 2001 +From: hmilylmk <liumingkai@huawei.com> +Date: Sat, 13 Aug 2022 08:21:36 +0800 +Subject: [PATCH] add dsoftbus build support for embedded env + +Signed-off-by: hmilylmk <liumingkai@huawei.com> +--- + build_scripts/build.sh | 9 ++++---- + config/BUILDCONFIG.gn | 11 ++++----- + config/compiler/compiler.gni | 6 +---- + config/ohos/BUILD.gn | 32 +------------------------- + config/ohos/abi.gni | 5 ----- + config/ohos/config.gni | 4 ++-- + config/ohos/musl.gni | 4 +++- + core/gn/BUILD.gn | 35 ++--------------------------- + loader/preloader/platforms.template | 4 ++-- + ohos.gni | 7 ------ + subsystem_config.json | 6 +++++ + toolchain/linux/BUILD.gn | 8 +++++-- + 12 files changed, 31 insertions(+), 100 deletions(-) + +diff --git a/build_scripts/build.sh b/build_scripts/build.sh +index 3514b36..e2404ca 100755 +--- a/build_scripts/build.sh ++++ b/build_scripts/build.sh +@@ -70,22 +70,22 @@ do + shift + done + +- + if [[ "${source_root_dir}x" == "x" ]]; then + echo "Error: source_root_dir cannot be empty." + exit 1 + fi ++ + if [[ ! -d "${source_root_dir}" ]]; then + echo "Error: source_root_dir is incorrect." + exit 1 + fi ++ + if [[ "${product_name}x" == "x" ]]; then + echo -e "\033[31mError: the product name should be specified!\033[0m" + help + exit 1 + fi + +- + case $(uname -s) in + Darwin) + HOST_DIR="darwin-x86" +@@ -102,10 +102,9 @@ case $(uname -s) in + esac + + # set python3 +-PYTHON3=${source_root_dir}/prebuilts/python/${HOST_DIR}/3.8.5/bin/python3 +- ++PYTHON3=`which python` + if [[ ! -f "${PYTHON3}" ]]; then +- echo -e "\033[33m Please execute the build/prebuilts_download.sh \033[0m" ++ echo -e "\033[33m python3 not found, please check\033[0m" + exit 1 + fi + +diff --git a/config/BUILDCONFIG.gn b/config/BUILDCONFIG.gn +index 98bb98b..9e016df 100755 +--- a/config/BUILDCONFIG.gn ++++ b/config/BUILDCONFIG.gn +@@ -130,10 +130,7 @@ declare_args() { + is_desktop_linux = current_os == "linux" + + # Set to true when compiling with the Clang compiler. +- is_clang = current_os != "linux" || +- (current_cpu != "s390x" && current_cpu != "s390" && +- current_cpu != "ppc64" && current_cpu != "ppc" && +- current_cpu != "mips" && current_cpu != "mips64") ++ is_clang = false + + # Allows the path to a custom target toolchain to be injected as a single + # argument, and set as the default toolchain. +@@ -154,7 +151,7 @@ declare_args() { + } + + declare_args() { +- use_musl = true ++ use_musl = false + } + + asdk_libs_dir = "//prebuilts/asdk_libs" +@@ -220,7 +217,7 @@ if (host_toolchain == "") { + + if (host_os == "linux") { + if (target_os != "linux") { +- host_toolchain = "//build/toolchain/linux:clang_$host_cpu" ++ host_toolchain = "//build/toolchain/linux:$host_cpu" + } else if (is_clang) { + host_toolchain = "//build/toolchain/linux:clang_$host_cpu" + } else { +@@ -250,7 +247,7 @@ _default_toolchain = "" + if (target_os == "ohos") { + assert(host_os == "linux" || host_os == "mac", + "ohos builds are only supported on Linux and Mac hosts.") +- _default_toolchain = "//build/toolchain/ohos:ohos_clang_$target_cpu" ++ _default_toolchain = "//build/toolchain/linux:$target_cpu" + } else if (target_os == "linux") { + if (is_clang) { + _default_toolchain = "//build/toolchain/linux:clang_$target_cpu" +diff --git a/config/compiler/compiler.gni b/config/compiler/compiler.gni +index b77100a..ae45cc8 100755 +--- a/config/compiler/compiler.gni ++++ b/config/compiler/compiler.gni +@@ -152,11 +152,7 @@ declare_args() { + + declare_args() { + # Whether to use the gold linker from binutils instead of lld or bfd. +- use_gold = !use_lld && +- ((is_linux && (current_cpu == "x64" || current_cpu == "x86" || +- current_cpu == "arm")) || +- (is_ohos && (current_cpu == "x86" || current_cpu == "x64" || +- current_cpu == "arm" || current_cpu == "arm64"))) ++ use_gold = false + } + + # If it wasn't manually set, set to an appropriate default. +diff --git a/config/ohos/BUILD.gn b/config/ohos/BUILD.gn +index aa5ac7c..941cc2e 100755 +--- a/config/ohos/BUILD.gn ++++ b/config/ohos/BUILD.gn +@@ -24,31 +24,17 @@ config("compiler") { + "HAVE_SYS_UIO_H", + ] + +- defines += [ +- "__MUSL__", +- "_LIBCPP_HAS_MUSL_LIBC", +- "__BUILD_LINUX_WITH_CLANG", +- ] +- + ldflags = [ + "-Wl,--no-undefined", +- "-Wl,--exclude-libs=libunwind_llvm.a", +- "-Wl,--exclude-libs=libc++_static.a", + + # Don't allow visible symbols from libraries that contain + # assembly code with symbols that aren't hidden properly. + # http://crbug.com/448386 +- "-Wl,--exclude-libs=libvpx_assembly_arm.a", + ] + +- cflags += [ "--target=$abi_target" ] + include_dirs = [ +- "${musl_sysroot}/usr/include/${abi_target}", +- "${clang_base_path}/include/c++/v1", + ] + +- ldflags += [ "--target=$abi_target" ] +- + # Assign any flags set for the C compiler to asmflags so that they are sent + # to the assembler. + asmflags = cflags +@@ -66,13 +52,6 @@ config("runtime_library") { + "CHROMIUM_CXX_TWEAK_INLINES", # Saves binary size. + ] + +- defines += [ +- "__MUSL__", +- "_LIBCPP_HAS_MUSL_LIBC", +- "__BUILD_LINUX_WITH_CLANG", +- ] +- ldflags = [ "-nostdlib" ] +- + libs = [] + + # arm builds of libc++ starting in NDK r12 depend on unwind. +@@ -80,20 +59,11 @@ config("runtime_library") { + libs += [ "unwind" ] + } + +- ldflags += [ +- "-L" + +- rebase_path("${clang_base_path}/lib/${abi_target}/c++", root_build_dir), +- "-L" + rebase_path("${musl_sysroot}/usr/lib/${abi_target}", root_build_dir), +- "-L" + rebase_path("${clang_base_path}/lib/clang/10.0.1/lib/${abi_target}", +- root_build_dir), ++ ldflags = [ + ] +- ldflags += [ "-Wl,--dynamic-linker,/system/bin/ld-musl-${musl_arch}.so.1" ] + + libs += [ +- rebase_path(libclang_rt_file), + "c", +- "c++", +- "c++abi", + ] + + if (current_cpu == "arm" && arm_version == 6) { +diff --git a/config/ohos/abi.gni b/config/ohos/abi.gni +index 57d1dca..600bc3e 100755 +--- a/config/ohos/abi.gni ++++ b/config/ohos/abi.gni +@@ -61,8 +61,3 @@ if (target_cpu == "arm64") { + ohos_secondary_abi_cpu = "x86" + ohos_app_secondary_abi = "x86" + } +- +-if (defined(ohos_secondary_abi_cpu)) { +- ohos_secondary_abi_toolchain = +- "//build/toolchain/ohos:ohos_clang_${ohos_secondary_abi_cpu}" +-} +diff --git a/config/ohos/config.gni b/config/ohos/config.gni +index 072bce1..00c7311 100644 +--- a/config/ohos/config.gni ++++ b/config/ohos/config.gni +@@ -26,11 +26,11 @@ if (is_ohos) { + } + + if (current_cpu == "arm") { +- abi_target = "arm-linux-ohosmusl" ++ abi_target = "" + } else if (current_cpu == "x86") { + abi_target = "" + } else if (current_cpu == "arm64") { +- abi_target = "aarch64-linux-ohosmusl" ++ abi_target = "" + } else if (current_cpu == "x86_64") { + abi_target = "" + } else { +diff --git a/config/ohos/musl.gni b/config/ohos/musl.gni +index 2468ca8..f9cead9 100644 +--- a/config/ohos/musl.gni ++++ b/config/ohos/musl.gni +@@ -16,4 +16,6 @@ if (use_musl){ + musl_target = "//third_party/musl:musl_libs" + musl_sysroot = get_label_info(musl_target, "target_out_dir") + import("//third_party/musl/musl_config.gni") +-} +\ No newline at end of file ++} else { ++ musl_sysroot = "" ++} +diff --git a/core/gn/BUILD.gn b/core/gn/BUILD.gn +index 38d3cc9..cde44b1 100755 +--- a/core/gn/BUILD.gn ++++ b/core/gn/BUILD.gn +@@ -86,41 +86,10 @@ if (product_name == "ohos-sdk") { + deps = [ "//build/ohos/sdk:ohos_sdk" ] + } + } else { +- group("make_all") { +- deps = [ +- ":images", +- ":make_inner_kits", +- ":packages", +- ] +- } +- + group("images") { +- deps = [ "//build/ohos/images:make_images" ] +- } +- +- group("packages") { +- deps = [ "//build/ohos/packages:make_packages" ] +- } +- +- group("make_inner_kits") { +- deps = [ "$root_build_dir/build_configs:inner_kits" ] +- } +- +- group("build_all_test_pkg") { +- testonly = true + deps = [ +- "$root_build_dir/build_configs:parts_test", +- "//test/developertest:make_temp_test", ++ "//foundation/communication/dsoftbus/core/frame:softbus_server_main", ++ "//foundation/communication/dsoftbus/sdk:softbus_client", + ] + } +- +- group("make_test") { +- testonly = true +- deps = [ ":build_all_test_pkg" ] +- deps += [ "//build/ohos/packages:package_testcase_mlf" ] +- deps += [ "//build/ohos/packages:package_testcase" ] +- if (archive_component) { +- deps += [ "//build/ohos/testfwk:archive_testcase" ] +- } +- } + } +diff --git a/loader/preloader/platforms.template b/loader/preloader/platforms.template +index 5cad64d..7577fd6 100644 +--- a/loader/preloader/platforms.template ++++ b/loader/preloader/platforms.template +@@ -4,13 +4,13 @@ + { + "target_os": "ohos", + "target_cpu": "arm64", +- "toolchain": "//build/toolchain/ohos:ohos_clang_arm64", ++ "toolchain": "//build/toolchain/linux:arm64", + "parts_config": "./parts.json" + }, + { + "target_os": "ohos", + "target_cpu": "arm", +- "toolchain": "//build/toolchain/ohos:ohos_clang_arm", ++ "toolchain": "//build/toolchain/linux:arm", + "parts_config": "./parts.json" + } + ] +diff --git a/ohos.gni b/ohos.gni +index 77be836..a34baa3 100755 +--- a/ohos.gni ++++ b/ohos.gni +@@ -11,19 +11,12 @@ + # See the License for the specific language governing permissions and + # limitations under the License. + +-import("//build/config/sanitizers/sanitizers.gni") +-import("//build/ohos/ndk/ndk.gni") +-import("//build/ohos/notice/notice.gni") +-import("//build/ohos/sa_profile/sa_profile.gni") + import("//build/ohos_var.gni") + import("//build/toolchain/toolchain.gni") + + # import cxx base templates + import("//build/templates/cxx/cxx.gni") + +-import("//build/ohos/ace/ace.gni") +-import("//build/ohos/app/app.gni") +- + import("//build/templates/common/ohos_templates.gni") + + # import prebuilt templates +diff --git a/subsystem_config.json b/subsystem_config.json +index f04f29e..ebc0869 100644 +--- a/subsystem_config.json ++++ b/subsystem_config.json +@@ -178,5 +178,11 @@ + "path": "kernel/linux/build", + "name": "kernel", + "dir": "kernel/linux" ++ }, ++ "depend": { ++ "project":"openEuler/depend", ++ "path": "depend", ++ "name": "depend", ++ "dir": "depend" + } + } +diff --git a/toolchain/linux/BUILD.gn b/toolchain/linux/BUILD.gn +index 1a4c4e9..c811cf9 100755 +--- a/toolchain/linux/BUILD.gn ++++ b/toolchain/linux/BUILD.gn +@@ -22,7 +22,8 @@ clang_toolchain("clang_arm64") { + } + + gcc_toolchain("arm64") { +- toolprefix = "aarch64-linux-gnu-" ++ tool_path = rebase_path("//toolchain/bin", root_build_dir) ++ toolprefix = "${tool_path}/aarch64-openeuler-linux-gnu-" + + cc = "${toolprefix}gcc" + cxx = "${toolprefix}g++" +@@ -31,6 +32,7 @@ gcc_toolchain("arm64") { + ld = cxx + readelf = "${toolprefix}readelf" + nm = "${toolprefix}nm" ++ strip = "${toolprefix}strip" + + toolchain_args = { + current_cpu = "arm64" +@@ -40,7 +42,8 @@ gcc_toolchain("arm64") { + } + + gcc_toolchain("arm") { +- toolprefix = "arm-linux-gnueabihf-" ++ tool_path = rebase_path("//toolchain/bin", root_build_dir) ++ toolprefix = "${tool_path}/arm-openeuler-linux-gnu-" + + cc = "${toolprefix}gcc" + cxx = "${toolprefix}g++" +@@ -49,6 +52,7 @@ gcc_toolchain("arm") { + ld = cxx + readelf = "${toolprefix}readelf" + nm = "${toolprefix}nm" ++ strip = "${toolprefix}strip" + + toolchain_args = { + current_cpu = "arm" +-- +2.34.1 + diff --git a/build-0002-support-hichian-for-openeuler.patch b/build-0002-support-hichian-for-openeuler.patch new file mode 100644 index 0000000..4c94697 --- /dev/null +++ b/build-0002-support-hichian-for-openeuler.patch @@ -0,0 +1,37 @@ +From 4a7242c3bb1360510094ee099780e5237f8f0d53 Mon Sep 17 00:00:00 2001 +From: "beiling.xie" <xiekunxun@huawei.com> +Date: Fri, 2 Sep 2022 22:36:29 +0800 +Subject: [PATCH 2/2] support hichian for openeuler + +Signed-off-by: beiling.xie <xiekunxun@huawei.com> +--- + config/BUILDCONFIG.gn | 3 +++ + core/gn/BUILD.gn | 1 + + 2 files changed, 4 insertions(+) + +diff --git a/config/BUILDCONFIG.gn b/config/BUILDCONFIG.gn +index 9e016df..4cc5b41 100755 +--- a/config/BUILDCONFIG.gn ++++ b/config/BUILDCONFIG.gn +@@ -517,3 +517,6 @@ foreach(_target_type, target_type_list) { + } + } + } ++ ++support_jsapi = false ++os_level = "standard" +diff --git a/core/gn/BUILD.gn b/core/gn/BUILD.gn +index 9784cda..9c38fe4 100755 +--- a/core/gn/BUILD.gn ++++ b/core/gn/BUILD.gn +@@ -90,6 +90,7 @@ if (product_name == "ohos-sdk") { + deps = [ + "//foundation/communication/dsoftbus/core/frame:softbus_server_main", + "//foundation/communication/dsoftbus/sdk:softbus_client", ++ "//base/security/deviceauth/services:deviceauth_sdk", + ] + } + } +-- +2.25.1 + diff --git a/build-0003-add-deviceauth-ipc-sdk-compile.patch b/build-0003-add-deviceauth-ipc-sdk-compile.patch new file mode 100644 index 0000000..79864b3 --- /dev/null +++ b/build-0003-add-deviceauth-ipc-sdk-compile.patch @@ -0,0 +1,82 @@ +From 1fb10c696cdde31c5fe30097cc38bbc0d054c812 Mon Sep 17 00:00:00 2001 +From: "beiling.xie" <xiekunxun@huawei.com> +Date: Thu, 10 Nov 2022 10:50:33 +0800 +Subject: [PATCH] remove build_configs to simplify third-party tools + +Signed-off-by: beiling.xie <xiekunxun@huawei.com> +--- + config/ohos/musl.gni | 2 +- + core/build_scripts/make_main.sh | 2 +- + core/gn/BUILD.gn | 12 ------------ + ohos/notice/notice.gni | 1 - + 4 files changed, 2 insertions(+), 15 deletions(-) + +diff --git a/config/ohos/musl.gni b/config/ohos/musl.gni +index f9cead9..628e93c 100644 +--- a/config/ohos/musl.gni ++++ b/config/ohos/musl.gni +@@ -17,5 +17,5 @@ if (use_musl){ + musl_sysroot = get_label_info(musl_target, "target_out_dir") + import("//third_party/musl/musl_config.gni") + } else { +- musl_sysroot = "" ++ musl_sysroot = getenv("STAGING_DIR_TARGET") + } +diff --git a/core/build_scripts/make_main.sh b/core/build_scripts/make_main.sh +index 770145c..e1168d8 100755 +--- a/core/build_scripts/make_main.sh ++++ b/core/build_scripts/make_main.sh +@@ -78,7 +78,7 @@ do_make() + if [ "${TARGET_PLATFORM}" != "" ];then + ninja_build_args="$ninja_build_args --target-platform ${TARGET_PLATFORM}" + fi +- real_build_target=$(python ${BASE_HOME}/build/scripts/build_target_handler.py $ninja_build_args) ++ real_build_target="images" + echo "build_target: "$real_build_target + + if [ "${USE_NARUTO}"x = "truex" ];then +diff --git a/core/gn/BUILD.gn b/core/gn/BUILD.gn +index 9c38fe4..0dc0260 100755 +--- a/core/gn/BUILD.gn ++++ b/core/gn/BUILD.gn +@@ -20,9 +20,6 @@ print("root_gen_dir=$root_gen_dir") + print("current_toolchain=$current_toolchain") + print("host_toolchain=$host_toolchain") + +-# load build configs and write load result to out_build_dir/build_configs +-build_loader_script = rebase_path("//build/loader/load.py") +- + _platforms_config_file = "//out/build_configs/standard_system/platforms.build" + + build_platform = "" +@@ -71,15 +68,6 @@ arguments += [ + "subsystem_examples", + ] + +-load_result = exec_script(build_loader_script, arguments, "string") +- +-if (load_result != "") { +- print() +- print(load_result) +-} +- +-print("build configs generation is complete.") +- + # gn target defined + if (product_name == "ohos-sdk") { + group("build_ohos_sdk") { +diff --git a/ohos/notice/notice.gni b/ohos/notice/notice.gni +index db49684..566aeb4 100755 +--- a/ohos/notice/notice.gni ++++ b/ohos/notice/notice.gni +@@ -14,7 +14,6 @@ + import("//build/config/python.gni") + import("//build/ohos/build_var.gni") + import("//build/ohos_var.gni") +-import("${build_configs_path}/platforms_list.gni") + + declare_args() { + sdk_notice_dir = "$root_build_dir/NOTICE_FILES/sdk" +-- +2.25.1 + diff --git a/build-0004-change-set-for-obs-build.patch b/build-0004-change-set-for-obs-build.patch new file mode 100644 index 0000000..7fa7a2f --- /dev/null +++ b/build-0004-change-set-for-obs-build.patch @@ -0,0 +1,73 @@ +diff -Naur build-OpenHarmony-v3.0.2-LTS/config/sanitizers/BUILD.gn build-OpenHarmony-v3.0.2-LTS-path2/config/sanitizers/BUILD.gn +--- build-OpenHarmony-v3.0.2-LTS/config/sanitizers/BUILD.gn 2022-02-26 17:17:05.000000000 +0800 ++++ build-OpenHarmony-v3.0.2-LTS-path2/config/sanitizers/BUILD.gn 2022-07-14 11:50:09.927655500 +0800 +@@ -678,6 +678,8 @@ + } + } + ++ print(_clang_rt_libs_dir) ++ + foreach(rt_lib, _dso_names) { + _clang_rt_dso_paths += [ "$_clang_rt_libs_dir/${rt_lib}" ] + } +diff -Naur build-OpenHarmony-v3.0.2-LTS/loader/preloader/platforms.template build-OpenHarmony-v3.0.2-LTS-path2/loader/preloader/platforms.template +--- build-OpenHarmony-v3.0.2-LTS/loader/preloader/platforms.template 2022-07-14 11:49:08.352875000 +0800 ++++ build-OpenHarmony-v3.0.2-LTS-path2/loader/preloader/platforms.template 2022-07-14 11:06:07.951920300 +0800 +@@ -12,6 +12,12 @@ + "target_cpu": "arm", + "toolchain": "//build/toolchain/linux:arm", + "parts_config": "./parts.json" ++ }, ++ { ++ "target_os": "ohos", ++ "target_cpu": "x86_64", ++ "toolchain": "//build/toolchain/linux:x86_64", ++ "parts_config": "./parts.json" + } + ] + } +diff -Naur build-OpenHarmony-v3.0.2-LTS/toolchain/linux/BUILD.gn build-OpenHarmony-v3.0.2-LTS-path2/toolchain/linux/BUILD.gn +--- build-OpenHarmony-v3.0.2-LTS/toolchain/linux/BUILD.gn 2022-07-14 11:49:08.511178900 +0800 ++++ build-OpenHarmony-v3.0.2-LTS-path2/toolchain/linux/BUILD.gn 2022-07-14 11:10:51.681272300 +0800 +@@ -25,6 +25,8 @@ + tool_path = rebase_path("//toolchain/bin", root_build_dir) + toolprefix = "${tool_path}/aarch64-openeuler-linux-gnu-" + ++ toolprefix = "" ++ + cc = "${toolprefix}gcc" + cxx = "${toolprefix}g++" + +@@ -45,6 +47,8 @@ + tool_path = rebase_path("//toolchain/bin", root_build_dir) + toolprefix = "${tool_path}/arm-openeuler-linux-gnu-" + ++ toolprefix = "" ++ + cc = "${toolprefix}gcc" + cxx = "${toolprefix}g++" + +@@ -120,4 +124,23 @@ + current_os = "linux" + is_clang = false + } ++} ++ ++gcc_toolchain("x86_64") { ++ cc = "gcc" ++ cxx = "g++" ++ ++ readelf = "readelf" ++ nm = "nm" ++ ar = "ar" ++ ld = cxx ++ ++ # Output linker map files for binary size analysis. ++ enable_linker_map = true ++ ++ toolchain_args = { ++ current_cpu = "x86_64" ++ current_os = "linux" ++ is_clang = false ++ } + } diff --git a/commonlibrary-c-utils-0001-Adaptation-for-dsoftbus.patch b/commonlibrary-c-utils-0001-Adaptation-for-dsoftbus.patch new file mode 100644 index 0000000..22229bf --- /dev/null +++ b/commonlibrary-c-utils-0001-Adaptation-for-dsoftbus.patch @@ -0,0 +1,99 @@ +From 1e7842b01138c2313b2d8d8e736f461a9690c027 Mon Sep 17 00:00:00 2001 +From: "beiling.xie" <xiekunxun@huawei.com> +Date: Wed, 21 Sep 2022 11:57:27 +0800 +Subject: [PATCH] Adaptation for dsoftbus + +Signed-off-by: beiling.xie <xiekunxun@huawei.com> +--- + base/BUILD.gn | 37 ++++--------------------------------- + base/src/parcel.cpp | 1 + + 2 files changed, 5 insertions(+), 33 deletions(-) + +diff --git a/base/BUILD.gn b/base/BUILD.gn +index 883b1ec..723627b 100644 +--- a/base/BUILD.gn ++++ b/base/BUILD.gn +@@ -38,24 +38,8 @@ config("static_utils_config") { + } + + sources_utils = [ +- "src/string_ex.cpp", +- "src/unicode_ex.cpp", +- "src/directory_ex.cpp", +- "src/datetime_ex.cpp", + "src/refbase.cpp", + "src/parcel.cpp", +- "src/semaphore_ex.cpp", +- "src/thread_pool.cpp", +- "src/file_ex.cpp", +- "src/observer.cpp", +- "src/thread_ex.cpp", +- "src/event_demultiplexer.cpp", +- "src/event_handler.cpp", +- "src/event_reactor.cpp", +- "src/timer.cpp", +- "src/timer_event_handler.cpp", +- "src/ashmem.cpp", +- "src/rwlock.cpp", + ] + + securec_sources = [ +@@ -110,21 +94,18 @@ ohos_static_library("utilsbase") { + ] + public_configs = [ ":static_utils_config" ] + defines = [ "CONFIG_HILOG" ] +- external_deps = [ "hilog_native:libhilog_base" ] + } + + ohos_shared_library("utils") { + sources = sources_utils +- sources += securec_sources + configs = [ + ":utils_config", + ":private_securec_config", + ] + public_configs = [ ":static_utils_config" ] +- subsystem_name = "utils" + defines = [ "CONFIG_HILOG" ] +- external_deps = [ "hilog_native:libhilog_base" ] +- part_name = "utils_base" ++ deps = [ "//third_party/bounds_checking_function:libsec_shared" ] ++ deps += [ "//depend:libhilog" ] + install_images = [ + "system", + "updater", +@@ -159,17 +140,7 @@ ohos_static_library("utilsecurec_ace_allplatforms") { + public_configs = [ ":static_utils_config" ] + } + +-ohos_shared_library("utilsecurec_shared") { +- sources = securec_sources +- configs = [ +- ":utils_config", +- ":private_securec_config", +- ] +- public_configs = [ ":utils_config" ] +- part_name = "utils_base" +- install_images = [ +- "system", +- "updater", +- ] ++group("utilsecurec_shared") { + } ++ + ############################################################################### +diff --git a/base/src/parcel.cpp b/base/src/parcel.cpp +index 855f7cf..1abaec5 100755 +--- a/base/src/parcel.cpp ++++ b/base/src/parcel.cpp +@@ -13,6 +13,7 @@ + * limitations under the License. + */ + ++#include <climits> + #include "parcel.h" + #include "securec.h" + #include "utils_log.h" +-- +2.25.1 + diff --git a/depend-0001-add-productdefine-for-openeuler.patch b/depend-0001-add-productdefine-for-openeuler.patch new file mode 100644 index 0000000..3567e5b --- /dev/null +++ b/depend-0001-add-productdefine-for-openeuler.patch @@ -0,0 +1,49 @@ +From: "liheavy" <lihaiwei8@huawei.com> +Date: Fir, 26 Nov 2022 09:45:38 +0800 +Subject: [PATCH] Adaptation for productdefine of dsoftbus + +--- +diff -Nur a/common/base/standard_system.json b/common/base/standard_system.json +--- a/common/base/standard_system.json 1970-01-01 08:00:00.000000000 +0800 ++++ b/common/base/standard_system.json 2022-09-28 10:28:40.000000000 +0800 +@@ -0,0 +1 @@ ++{} +diff -Nur a/common/device/openEuler.json b/common/device/openEuler.json +--- a/common/device/openEuler.json 1970-01-01 08:00:00.000000000 +0800 ++++ b/common/device/openEuler.json 2022-09-28 10:28:40.000000000 +0800 +@@ -0,0 +1,8 @@ ++{ ++ "device_name": "openEuler", ++ "device_company": "hisilicon", ++ "target_os": "ohos", ++ "target_cpu": "arm64", ++ "kernel_version": "", ++ "device_build_path": "device/hisilicon/build" ++} +diff -Nur a/common/products/openEuler.json b/common/products/openEuler.json +--- a/common/products/openEuler.json 1970-01-01 08:00:00.000000000 +0800 ++++ b/common/products/openEuler.json 2022-09-28 10:28:40.000000000 +0800 +@@ -0,0 +1,23 @@ ++{ ++ "product_name": "openEuler", ++ "product_company": "hisilicon", ++ "product_device": "openEuler", ++ "version": "2.0", ++ "type": "standard", ++ "product_build_path": "device/hisilicon/build", ++ "parts": { ++ "communication:dsoftbus_standard": {}, ++ "security:huks_standard": {}, ++ "security:deviceauth_standard": {}, ++ "depend:hiviewdfx_hilog_native": {}, ++ "depend:ipc": {}, ++ "depend:ces_standard": {}, ++ "depend:aafwk_standard": {}, ++ "depend:appexecfwk_standard": {}, ++ "depend:permission_standard": {}, ++ "depend:safwk": {}, ++ "depend:samgr_L2": {}, ++ "depend:samgr_standard": {}, ++ "depend:access_token": {} ++ } ++} diff --git a/depend-0002-add-depend-for-openeuler.patch b/depend-0002-add-depend-for-openeuler.patch new file mode 100644 index 0000000..baf0915 --- /dev/null +++ b/depend-0002-add-depend-for-openeuler.patch @@ -0,0 +1,389 @@ +From: "liheavy" <lihaiwei8@huawei.com> +Date: Fir, 26 Nov 2022 09:45:38 +0800 +Subject: [PATCH] Adaptation for depend of dsoftbus + +--- +diff -Nur a/BUILD.gn b/BUILD.gn +--- a/BUILD.gn 1970-01-01 08:00:00.000000000 +0800 ++++ b/BUILD.gn 2022-09-28 10:28:40.000000000 +0800 +@@ -0,0 +1,59 @@ ++import("//build/ohos.gni") ++ ++config("hilog_config") { ++ include_dirs = [ ++ "hilog/include", ++ "//third_party/bounds_checking_function/include", ++ ] ++} ++ ++ohos_shared_library("libhilog") { ++ public_configs = [ ":hilog_config" ] ++ sources = [ ++ "hilog/hilog.c", ++ ] ++ deps = [ ++ "//third_party/bounds_checking_function:libsec_shared", ++ ] ++} ++ ++group("system_ability_fwk") { ++} ++ ++group("samgr_proxy") { ++} ++ ++group("libpermissionsdk_standard") { ++} ++ ++group("cesfwk_innerkits") { ++} ++ ++group("want") { ++} ++ ++group("appexecfwk_core") { ++} ++ ++group("libaccesstoken_sdk") { ++} ++ ++config("syspara_config") { ++ include_dirs = [ ++ "syspara/include", ++ ] ++} ++ ++ohos_shared_library("syspara") { ++ include_dirs = [ ++ "syspara/include", ++ ] ++ sources = [ ++ "syspara/syspara.c", ++ ] ++ public_configs = [ ":syspara_config" ] ++ deps = [ ++ "//third_party/bounds_checking_function:libsec_shared", ++ "//third_party/mbedtls:mbedtls_shared", ++ ] ++} +diff -Nur a/hilog/hilog.c b/hilog/hilog.c +--- a/hilog/hilog.c 1970-01-01 08:00:00.000000000 +0800 ++++ b/hilog/hilog.c 2022-09-28 10:28:40.000000000 +0800 +@@ -0,0 +1,39 @@ ++#include <stdio.h> ++#include <string.h> ++#include <stdlib.h> ++#include <stdarg.h> ++#include "securec.h" ++#include "hilog_base/log_base.h" ++ ++#ifndef LOG_PRINT_MAX_LEN ++#define LOG_PRINT_MAX_LEN 256 ++#endif ++ ++char *adapterStrForPrintfFormat(const char *fmt) { ++ char *left, *right; ++ char *buffer = (char *)malloc(LOG_PRINT_MAX_LEN * sizeof(char)); ++ (void)memset_s(buffer, LOG_PRINT_MAX_LEN * sizeof(char), 0, LOG_PRINT_MAX_LEN * sizeof(char)); ++ strcpy_s(buffer, LOG_PRINT_MAX_LEN * sizeof(char), fmt); ++ while (strstr(buffer, "{")) { ++ left = strstr(buffer, "{"); ++ right = strstr(buffer, "}"); ++ right++; ++ while (*right != '\0') { ++ *left = *right; ++ left++; ++ right++; ++ } ++ *left = '\0'; ++ } ++ return buffer; ++} ++ ++void printfAdapter(const char *fmt, ...) { ++ char *buffer; ++ buffer = adapterStrForPrintfFormat(fmt); ++ va_list ap; ++ va_start(ap, fmt); ++ vprintf(buffer, ap); ++ va_end(ap); ++ free(buffer); ++} +diff -Nur a/hilog/include/hilog/log.h b/hilog/include/hilog/log.h +--- a/hilog/include/hilog/log.h 1970-01-01 08:00:00.000000000 +0800 ++++ b/hilog/include/hilog/log.h 2022-09-28 10:28:40.000000000 +0800 +@@ -0,0 +1,37 @@ ++#ifndef _HILOG_H ++#define _HILOG_H ++ ++#ifdef __cplusplus ++#if __cplusplus ++extern "C" { ++#endif ++#endif ++ ++// Log type ++typedef enum { ++ LOG_TYPE_MIN = 0, ++ LOG_APP = 0, ++ // Log to kmsg, only used by init phase. ++ LOG_INIT = 1, ++ // Used by core service, framework. ++ LOG_CORE = 3, ++ LOG_TYPE_MAX ++} LogType; ++ ++char *adapterStrForPrintfFormat(const char *fmt); ++void printfAdapter(const char *fmt, ...); ++ ++#define HILOG_DEBUG(type, fmt, ...) printfAdapter(fmt"\n", ##__VA_ARGS__) ++#define HILOG_INFO(type, fmt, ...) printfAdapter(fmt"\n", ##__VA_ARGS__) ++#define HILOG_WARN(type, fmt, ...) printfAdapter(fmt"\n", ##__VA_ARGS__) ++#define HILOG_ERROR(type, fmt, ...) printfAdapter(fmt"\n", ##__VA_ARGS__) ++#define HiLogPrint(type, level, domain, tag, fmt, ...) printf(fmt"\n", ##__VA_ARGS__) ++#define HiLogBasePrint(type, level, domain, tag, fmt, ...) printfAdapter(fmt"\n", ##__VA_ARGS__) ++ ++#ifdef __cplusplus ++#if __cplusplus ++} ++#endif ++#endif ++ ++#endif +diff -Nur a/hilog/include/hilog_base/log_base.h b/hilog/include/hilog_base/log_base.h +--- a/hilog/include/hilog_base/log_base.h 1970-01-01 08:00:00.000000000 +0800 ++++ b/hilog/include/hilog_base/log_base.h 2022-09-28 10:28:40.000000000 +0800 +@@ -0,0 +1 @@ ++#include <hilog/log.h> +diff -Nur a/ohos.build b/ohos.build +--- a/ohos.build 1970-01-01 08:00:00.000000000 +0800 ++++ b/ohos.build 2022-09-28 10:28:40.000000000 +0800 +@@ -0,0 +1,114 @@ ++{ ++ "subsystem": "depend", ++ "parts": { ++ "hiviewdfx_hilog_native": { ++ "module_list": [ ], ++ "inner_kits": [ ++ { ++ "name": "//depend:libhilog", ++ "header": { ++ "header_files": [ ], ++ "header_base": "//depend" ++ } ++ } ++ ] ++ }, ++ "ces_standard": { ++ "module_list": [ ], ++ "inner_kits": [ ++ { ++ "name": "//depend:cesfwk_innerkits", ++ "header": { ++ "header_files": [ ], ++ "header_base": "//depend" ++ } ++ } ++ ] ++ }, ++ "aafwk_standard": { ++ "module_list": [ ], ++ "inner_kits": [ ++ { ++ "name": "//depend:want", ++ "header": { ++ "header_files": [ ], ++ "header_base": "//depend" ++ } ++ } ++ ] ++ }, ++ "appexecfwk_standard": { ++ "module_list": [ ], ++ "inner_kits": [ ++ { ++ "name": "//depend:appexecfwk_core", ++ "header": { ++ "header_files": [ ], ++ "header_base": "//depend" ++ } ++ } ++ ] ++ }, ++ "permission_standard": { ++ "module_list": [ ], ++ "inner_kits": [ ++ { ++ "name": "//depend:libpermissionsdk_standard", ++ "header": { ++ "header_files": [ ], ++ "header_base":"//depend" ++ } ++ } ++ ] ++ }, ++ "safwk": { ++ "module_list": [ ], ++ "inner_kits": [ ++ { ++ "name": "//depend:system_ability_fwk", ++ "header": { ++ "header_files": [ ], ++ "header_base": "//depend" ++ } ++ } ++ ] ++ }, ++ "samgr_L2": { ++ "module_list": [ ], ++ "inner_kits": [ ++ { ++ "name": "//depend:samgr_proxy", ++ "header": { ++ "header_files": [ ], ++ "header_base": "//depend" ++ } ++ } ++ ] ++ }, ++ "samgr_standard": { ++ "module_list": [ ], ++ "inner_kits": [ ++ { ++ "name": "//depend:samgr_proxy", ++ "header": { ++ "header_files": [ ], ++ "header_base": "//depend" ++ } ++ } ++ ] ++ }, ++ "access_token": { ++ "module_list": [ ], ++ "inner_kits": [ ++ { ++ "name": "//depend:libaccesstoken_sdk", ++ "header": { ++ "header_files": [ ], ++ "header_base": "//depend" ++ } ++ } ++ ] ++ } ++ } ++} ++ +diff -Nur a/syspara/include/parameter.h b/syspara/include/parameter.h +--- a/syspara/include/parameter.h 1970-01-01 08:00:00.000000000 +0800 ++++ b/syspara/include/parameter.h 2022-09-28 10:28:40.000000000 +0800 +@@ -0,0 +1,20 @@ ++#ifndef SYSPARA_PARAMETER_H ++#define SYSPARA_PARAMETER_H ++ ++#ifdef __cplusplus ++#if __cplusplus ++extern "C" { ++#endif ++#endif /* __cplusplus */ ++ ++int GetDevUdid(char *udid, int size); ++ ++char * GetDeviceType(void); ++ ++#ifdef __cplusplus ++#if __cplusplus ++} ++#endif ++#endif /* __cplusplus */ ++ ++#endif /* SYSPARA_PARAMETER_H */ +diff -Nur a/syspara/syspara.c b/syspara/syspara.c +--- a/syspara/syspara.c 1970-01-01 08:00:00.000000000 +0800 ++++ b/syspara/syspara.c 2022-09-28 10:28:40.000000000 +0800 +@@ -0,0 +1,86 @@ ++#include <string.h> ++#include "securec.h" ++#include "parameter.h" ++#include "sha256.h" ++ ++#define SN_FILE "/etc/SN" ++#define SN_LEN 65 ++#define UDID_LEN 65 ++#define DEV_BUF_LENGTH 3 ++#define HASH_LENGTH 32 ++static char *deviceType = "UNKNOWN"; ++ ++static int GetHash(const char *input, char *output, int size) ++{ ++ char buf[DEV_BUF_LENGTH] = { 0 }; ++ unsigned char hash[HASH_LENGTH] = { 0 }; ++ mbedtls_sha256_context context; ++ ++ mbedtls_sha256_init(&context); ++ mbedtls_sha256_starts_ret(&context, 0); ++ mbedtls_sha256_update_ret(&context, (const unsigned char*)input, strlen(input)); ++ mbedtls_sha256_finish_ret(&context, hash); ++ ++ for (size_t i = 0; i < HASH_LENGTH; i++) { ++ unsigned char value = hash[i]; ++ memset_s(buf, DEV_BUF_LENGTH, 0, DEV_BUF_LENGTH); ++ sprintf_s(buf, sizeof(buf), "%02X", value); ++ if (strcat_s(output, size, buf) != 0) { ++ return -1; ++ } ++ } ++ return 0; ++} ++ ++int GetDevUdid(char *udid, int size) ++{ ++ FILE *fp; ++ char *realPath = NULL; ++ char sn[SN_LEN] = {0}; ++ char out[UDID_LEN] = {0}; ++ int ret; ++ ++ realPath = realpath(SN_FILE, NULL); ++ if (realPath == NULL) { ++ printf("realpath fail.\n"); ++ goto err_realpath; ++ } ++ ++ fp = fopen(realPath, "r"); ++ if (fp == NULL) { ++ printf("open SN fail.\n"); ++ goto err_fopen; ++ } ++ ++ ret = fscanf_s(fp, "%s", sn, SN_LEN); ++ if (ret < 1) { ++ printf("get sn fail.\n"); ++ goto err_out; ++ } ++ ++ ret = GetHash(sn, out, UDID_LEN); ++ if (ret < 0) { ++ printf("get hash fail.\n"); ++ goto err_out; ++ } ++ ++ ret = sprintf_s(udid, size, "%s", out); ++ if (ret <= 0) { ++ printf("sprintf_s error.\n"); ++ goto err_out; ++ } ++ ++ fclose(fp); ++ return 0; ++err_out: ++ fclose(fp); ++err_fopen: ++ free(realPath); ++err_realpath: ++ return -1; ++} ++ ++char * GetDeviceType(void) ++{ ++ return deviceType; ++} diff --git a/dsoftbus-standard-0001-simplify-dependency-for-dsoftbus-standard.patch b/dsoftbus-standard-0001-simplify-dependency-for-dsoftbus-standard.patch new file mode 100644 index 0000000..1099f1d --- /dev/null +++ b/dsoftbus-standard-0001-simplify-dependency-for-dsoftbus-standard.patch @@ -0,0 +1,89 @@ +From 26d71c4574464eb92b506ba7be48a2980500bee7 Mon Sep 17 00:00:00 2001 +From: "beiling.xie" <xiekunxun@huawei.com> +Date: Thu, 10 Nov 2022 10:26:14 +0800 +Subject: [PATCH] simplify dependency on third-party packages + +Signed-off-by: beiling.xie <xiekunxun@huawei.com> +--- + adapter/BUILD.gn | 2 +- + core/common/BUILD.gn | 2 +- + core/frame/BUILD.gn | 13 ++++++------- + sdk/BUILD.gn | 6 +++--- + 4 files changed, 11 insertions(+), 12 deletions(-) + +diff --git a/adapter/BUILD.gn b/adapter/BUILD.gn +index fe6cb79b..e59c2965 100644 +--- a/adapter/BUILD.gn ++++ b/adapter/BUILD.gn +@@ -137,7 +137,7 @@ if (defined(ohos_lite)) { + ] + public_configs = [ ":config_adapter_common" ] + if (is_standard_system) { +- external_deps = [ "hiviewdfx_hilog_native:libhilog" ] ++ deps += [ "//depend:libhilog" ] + } + part_name = "dsoftbus_standard" + subsystem_name = "communication" +diff --git a/core/common/BUILD.gn b/core/common/BUILD.gn +index fdb4134d..4c305d7f 100644 +--- a/core/common/BUILD.gn ++++ b/core/common/BUILD.gn +@@ -114,7 +114,7 @@ if (defined(ohos_lite)) { + "//utils/native/base:utilsecurec_shared", + ] + if (is_standard_system) { +- external_deps = [ "hiviewdfx_hilog_native:libhilog" ] ++ deps = [ "//depend:libhilog" ] + } + part_name = "dsoftbus_standard" + subsystem_name = "communication" +diff --git a/core/frame/BUILD.gn b/core/frame/BUILD.gn +index 5109f201..3948ef68 100644 +--- a/core/frame/BUILD.gn ++++ b/core/frame/BUILD.gn +@@ -163,10 +163,9 @@ if (defined(ohos_lite)) { + "//base/security/deviceauth/services:deviceauth", + ] + if (is_standard_system) { +- external_deps = bus_center_server_external_deps +- external_deps += [ +- "hiviewdfx_hilog_native:libhilog", +- "ipc:ipc_core", ++ deps += [ ++ "//depend:libhilog", ++ "//depend/ipc:ipc_core", + ] + } + +@@ -192,9 +191,9 @@ if (defined(ohos_lite)) { + "//base/security/huks/services/huks_standard/huks_engine/main/core:huks_engine_core_standard", + "//depend:syspara", + ] +- external_deps = [ +- "hiviewdfx_hilog_native:libhilog", +- "ipc:ipc_core", ++ deps += [ ++ "//depend:libhilog", ++ "//depend/ipc:ipc_core", + ] + part_name = "dsoftbus_standard" + subsystem_name = "communication" +diff --git a/sdk/BUILD.gn b/sdk/BUILD.gn +index f322ce5c..73771588 100644 +--- a/sdk/BUILD.gn ++++ b/sdk/BUILD.gn +@@ -85,9 +85,9 @@ target(build_type, "softbus_client") { + cflags = [ "-fPIC" ] + cflags_cc = [ "-std=c++14" ] + if (is_standard_system) { +- external_deps = [ +- "hiviewdfx_hilog_native:libhilog", +- "ipc:ipc_single", ++ deps += [ ++ "//depend:libhilog", ++ "//depend/ipc:ipc_single", + ] + } + part_name = "dsoftbus_standard" +-- +Gitee diff --git a/dsoftbus.spec b/dsoftbus.spec new file mode 100644 index 0000000..0a97a51 --- /dev/null +++ b/dsoftbus.spec @@ -0,0 +1,235 @@ +%define debug_package %{nil} +%global source_dsoftbus_standard dsoftbus_standard +%global release_dsoftbus_standard v3.1.2.2-release +%global source_embedded_ipc embedded-ipc +%global release_embedded_ipc v1.0.1-release +%global source_commonlibrary_c_utils commonlibrary_c_utils +%global source_security_device_auth security_device_auth +%global source_security_huks security_huks +%global source_third_party_libcoap third_party_libcoap +%global source_third_party_mbedtls third_party_mbedtls +%global source_build build +%global release_build OpenHarmony-v3.0.2-LTS +%global openHarmony_source_release OpenHarmony-v3.1.2-Release + +Name: dsoftbus +Version: 1.0.0 +Release: 9 +Summary: openEuler embedded softbus capability support +License: Apache License 2.0 +Url: https://openeuler.gitee.io/yocto-meta-openeuler/features/distributed_softbus.html +Source0: https://gitee.com/openeuler/%{source_dsoftbus_standard}/repository/archive/%{release_dsoftbus_standard}.tar.gz #/%{source_dsoftbus_standard}-%{release_dsoftbus_standard}.tar.gz +Source1: https://gitee.com/openeuler/%{source_embedded_ipc}/repository/archive/%{release_embedded_ipc}.tar.gz #/%{source_embedded_ipc}-%{release_embedded_ipc}.tar.gz +Source2: https://gitee.com/openharmony/%{source_commonlibrary_c_utils}/repository/archive/%{openHarmony_source_release}.tar.gz #/%{source_commonlibrary_c_utils}-%{openHarmony_source_release}.tar.gz +Source3: https://gitee.com/openharmony/%{source_security_device_auth}/repository/archive/%{openHarmony_source_release}.tar.gz #/%{source_security_device_auth}-%{openHarmony_source_release}.tar.gz +Source4: https://gitee.com/openharmony/%{source_security_huks}/repository/archive/%{openHarmony_source_release}.tar.gz #/%{source_security_huks}-%{openHarmony_source_release}.tar.gz +Source5: https://gitee.com/openharmony/%{source_third_party_libcoap}/repository/archive/%{openHarmony_source_release}.tar.gz #/%{source_third_party_libcoap}-%{openHarmony_source_release}.tar.gz +Source6: https://gitee.com/openharmony/%{source_third_party_mbedtls}/repository/archive/%{openHarmony_source_release}.tar.gz #/%{source_third_party_mbedtls}-%{openHarmony_source_release}.tar.gz +Source7: https://gitee.com/openharmony/%{source_build}/repository/archive/%{release_build}.tar.gz #/%{source_build}-%{release_build}.tar.gz + +Patch0000: build-0001-add-dsoftbus-build-support-for-embedded-env.patch +Patch0001: build-0002-support-hichian-for-openeuler.patch +Patch0002: build-0003-add-deviceauth-ipc-sdk-compile.patch +Patch0003: build-0004-change-set-for-obs-build.patch +Patch0100: dsoftbus-standard-0001-simplify-dependency-for-dsoftbus-standard.patch +Patch0200: security-device-auth-0001-deviceauth-for-openeuler.patch +Patch0201: security-device-auth-0002-deviceauth-ipc-service.patch +Patch0202: security-device-auth-0003-simplify-dependency-on-third-party-packages.patch +Patch0300: security-huks-0001-support-huks-for-openeuler.patch +Patch0301: security-huks-0002-simplify-dependency-on-third-party-packages.patch +Patch0302: security-huks-0003-fix-discarded-qualifiers-error.patch +Patch0400: commonlibrary-c-utils-0001-Adaptation-for-dsoftbus.patch +Patch0401: libboundscheck-0001-Adaptation-for-dsoftbus.patch +Patch0402: third-party-cjson-0001-adapter-cjson-in-openEuler-for-softbus.patch +Patch0403: third-party-mbedtls-0001-Adaptation-for-dsoftbus.patch +Patch0404: third-party-mbedtls-0002-fix-CVE-2021-43666.patch +Patch0405: third-party-mbedtls-0002-fix-CVE-2021-45451.patch +Patch0500: depend-0001-add-productdefine-for-openeuler.patch +Patch0501: depend-0002-add-depend-for-openeuler.patch + +BuildRequires: gcc, g++, cmake, python, zip, unzip, ninja-build, git, libboundscheck, cjson-devel, openssl-devel, gn + +%description +OpenEuler supports distributed softbus capability, which is part of openEuler's embedded capability + +%prep +# Create the directories needed for the build +dsoftbus_build_dir="%{_builddir}/dsoftbus_build" +dsoftbus_prebuilts_build_tools="${dsoftbus_build_dir}/prebuilts/build-tools/linux-x86/bin" +dsoftbus_thirdparty="${dsoftbus_build_dir}/third_party" +dsoftbus_utils="${dsoftbus_build_dir}/utils" +dsoftbus_src="${dsoftbus_build_dir}/foundation/communication" +dsoftbus_hichain="${dsoftbus_build_dir}/base/security" +dsoftbus_bounds_checking="${dsoftbus_thirdparty}/bounds_checking_function" +dsoftbus_productdefine="${dsoftbus_build_dir}/productdefine" +dsoftbus_depend="${dsoftbus_build_dir}/depend" + +mkdir -p ${dsoftbus_prebuilts_build_tools} +mkdir -p ${dsoftbus_thirdparty} +mkdir -p ${dsoftbus_utils} +mkdir -p ${dsoftbus_src} +mkdir -p ${dsoftbus_hichain} +mkdir -p ${dsoftbus_bounds_checking} +mkdir -p ${dsoftbus_productdefine} +mkdir -p ${dsoftbus_depend} + +# Decompressing the compressed package +%setup -q -T -D -b 0 -n %{source_dsoftbus_standard}-%{release_dsoftbus_standard} +%setup -q -T -D -b 1 -n %{source_embedded_ipc}-%{release_embedded_ipc} +%setup -q -T -D -b 2 -n %{source_commonlibrary_c_utils}-%{openHarmony_source_release} +%setup -q -T -D -b 3 -n %{source_security_device_auth}-%{openHarmony_source_release} +%setup -q -T -D -b 4 -n %{source_security_huks}-%{openHarmony_source_release} +%setup -q -T -D -b 5 -n %{source_third_party_libcoap}-%{openHarmony_source_release} +%setup -q -T -D -b 6 -n %{source_third_party_mbedtls}-%{openHarmony_source_release} +%setup -q -T -D -b 7 -n %{source_build}-%{release_build} + +cd %{_builddir} +mv %{source_dsoftbus_standard}-%{release_dsoftbus_standard} %{source_dsoftbus_standard} +mv %{source_embedded_ipc}-%{release_embedded_ipc} %{source_embedded_ipc} + +#copy gn +gn_dir=$(which gn) +cp ${gn_dir[0]} ${dsoftbus_prebuilts_build_tools} + +# copy ninja +ninja_dir=$(which ninja) +cp ${ninja_dir[0]} ${dsoftbus_prebuilts_build_tools} + +# unpack third_party +mv %{_builddir}/%{source_build}-%{release_build} ${dsoftbus_build_dir}/build +mkdir %{_builddir}/%{source_build}-%{release_build} +mv %{_builddir}/%{source_third_party_libcoap}-%{openHarmony_source_release} ${dsoftbus_thirdparty}/libcoap +mv %{_builddir}/%{source_third_party_mbedtls}-%{openHarmony_source_release} ${dsoftbus_thirdparty}/mbedtls +mkdir -p ${dsoftbus_thirdparty}/cJSON + +# unpack hichain +mv %{_builddir}/%{source_security_huks}-%{openHarmony_source_release} ${dsoftbus_hichain}/huks +mv %{_builddir}/%{source_security_device_auth}-%{openHarmony_source_release} ${dsoftbus_hichain}/deviceauth + +# unpack utils +mv %{_builddir}/%{source_commonlibrary_c_utils}-%{openHarmony_source_release} ${dsoftbus_utils}/native + +# do patch +%patch0 -p1 -d ${dsoftbus_build_dir}/build +%patch1 -p1 -d ${dsoftbus_build_dir}/build +%patch2 -p1 -d ${dsoftbus_build_dir}/build +%patch3 -p1 -d ${dsoftbus_build_dir}/build +%patch100 -p1 -d %{_builddir}/%{source_dsoftbus_standard} +%patch200 -p1 -d ${dsoftbus_hichain}/deviceauth +%patch201 -p1 -d ${dsoftbus_hichain}/deviceauth +%patch202 -p1 -d ${dsoftbus_hichain}/deviceauth +%patch300 -p1 -d ${dsoftbus_hichain}/huks +%patch301 -p1 -d ${dsoftbus_hichain}/huks +%patch302 -p1 -d ${dsoftbus_hichain}/huks +%patch400 -p1 -d ${dsoftbus_utils}/native +%patch401 -p1 -d ${dsoftbus_thirdparty}/bounds_checking_function +%patch402 -p1 -d ${dsoftbus_thirdparty}/cJSON +%patch403 -p1 -d ${dsoftbus_thirdparty}/mbedtls +%patch404 -p1 -d ${dsoftbus_thirdparty}/mbedtls +%patch405 -p1 -d ${dsoftbus_thirdparty}/mbedtls +%patch500 -p1 -d ${dsoftbus_productdefine} +%patch501 -p1 -d ${dsoftbus_depend} + +# init gn root +ln -s ${dsoftbus_build_dir}/build/build_scripts/build.sh ${dsoftbus_build_dir}/build.sh +ln -s ${dsoftbus_build_dir}/build/core/gn/dotfile.gn ${dsoftbus_build_dir}/.gn + +# link selfcode +ln -s %{_builddir}/embedded-ipc ${dsoftbus_build_dir}/depend/ipc +ln -s %{_builddir}/dsoftbus_standard ${dsoftbus_src}/dsoftbus + +# link toolchain +toolchain_path="/usr1/openeuler/gcc/openeuler_gcc_arm64le" +ln -s ${toolchain_path} ${dsoftbus_build_dir}/toolchain + +# copy libboundscheck file +mkdir ${dsoftbus_thirdparty}/bounds_checking_function/include +cp /usr/include/securec*.h ${dsoftbus_thirdparty}/bounds_checking_function/include/ + +# link cjson +cjson_devel_include="/usr/include/cjson/cJSON.h" +ln -s ${cjson_devel_include} ${dsoftbus_thirdparty}/cJSON/cJSON.h + +%ifarch x86_64 + sed -i 's/"target_cpu": "arm64"/"target_cpu": "x86_64"/' ${dsoftbus_productdefine}/common/device/openEuler.json +%endif + +%build +rm -rf %{_builddir}/dsoftbus_build/out +cd %{_builddir}/dsoftbus_build +./build.sh --product-name openEuler + +%install +dsoftbus_build_dir="%{_builddir}/dsoftbus_build" +%ifarch x86_64 + dsoftbus_release_dir_name="ohos-x86_64-release" +%endif +%ifarch aarch64 + dsoftbus_release_dir_name="ohos-arm64-release" +%endif + +install -d %{buildroot}/%{_includedir}/dsoftbus +install -d %{buildroot}/%{_libdir} +install -d %{buildroot}/%{_bindir} +install -d %{buildroot}/data/data/deviceauth/ + +# prepare so +install -m 0755 ${dsoftbus_build_dir}/out/${dsoftbus_release_dir_name}/common/common/*.so %{buildroot}/%{_libdir} +install -m 0755 ${dsoftbus_build_dir}/out/${dsoftbus_release_dir_name}/communication/dsoftbus_standard/*.so %{buildroot}/%{_libdir} +install -m 0755 ${dsoftbus_build_dir}/out/${dsoftbus_release_dir_name}/security/huks/*.so %{buildroot}/%{_libdir} +install -m 0755 ${dsoftbus_build_dir}/out/${dsoftbus_release_dir_name}/security/deviceauth_standard/*.so %{buildroot}/%{_libdir} + +# prepare bin +install -m 0755 ${dsoftbus_build_dir}/out/${dsoftbus_release_dir_name}/communication/dsoftbus_standard/softbus_server_main %{buildroot}/%{_bindir} + +# prepare head files +install -m 554 \ +${dsoftbus_build_dir}/foundation/communication/dsoftbus/interfaces/kits/discovery/*.h \ +${dsoftbus_build_dir}/foundation/communication/dsoftbus/interfaces/kits/common/*.h \ +${dsoftbus_build_dir}/foundation/communication/dsoftbus/interfaces/kits/bus_center/*.h \ +${dsoftbus_build_dir}/foundation/communication/dsoftbus/interfaces/kits/transport/*.h \ +${dsoftbus_build_dir}/foundation/communication/dsoftbus/core/common/include/softbus_errcode.h \ +${dsoftbus_build_dir}/base/security/deviceauth/interfaces/innerkits/*.h \ +${dsoftbus_build_dir}/third_party/cJSON/*.h \ +${dsoftbus_build_dir}/third_party/bounds_checking_function/include/*.h \ +${dsoftbus_build_dir}/depend/syspara/include/*.h \ + %{buildroot}/%{_includedir}/dsoftbus + +# strip symbol table +find %{buildroot} -type f -name "*.so" -exec strip '{}' ';' +find %{buildroot} -type f -name "softbus_server_main" -exec strip '{}' ';' + +%files +%{_includedir}/dsoftbus/* +%{_bindir}/softbus_server_main +%{_libdir}/*.so +/data/data + +%changelog +* Fri Mar 3 2023 liheavy <lihaiwei8@huawei.com> - 1.0.0-9 +- Old rpm package missing file parameter.h, add it to the rpm package + +* Wed Mar 1 2023 liheavy <lihaiwei8@huawei.com> - 1.0.0-8 +- Add strip + +* Wed Feb 8 2023 liheavy <lihaiwei8@huawei.com> - 1.0.0-7 +- fix security huks discarded qualifiers error + +* Fri Dec 30 2022 liheavy <lihaiwei8@huawei.com> - 1.0.0-6 +- update version of dsoftbus_standard and embedded-ipc + +* Mon Dec 19 2022 beiling.xie <xiekunxun@huawei.com> - 1.0.0-5 +- The dependency path of the third-party is optimized + +* Mon Dec 19 2022 beiling.xie <xiekunxun@huawei.com> - 1.0.0-4 +- rename patch for each modules + +* Wed Nov 30 2022 liheavy <lihaiwei8@huawei.com> - 1.0.0-3 +- Disassemble yocto-embedded-tools and replace cjson, ninja, gn, openssl, libboundscheck +- with openEuler software package + +* Wed Nov 23 2022 xuchongyu <xuchongyu@huawei.com> - 1.0.0-2 +- add URL,change branch of libboundscheck to 22.03-LTS-SP1 + +* Tue Nov 22 2022 xuchongyu <xuchongyu@huawei.com> - 1.0.0-1 +- init dsoftbus diff --git a/libboundscheck-0001-Adaptation-for-dsoftbus.patch b/libboundscheck-0001-Adaptation-for-dsoftbus.patch new file mode 100644 index 0000000..054c707 --- /dev/null +++ b/libboundscheck-0001-Adaptation-for-dsoftbus.patch @@ -0,0 +1,44 @@ +From f3054acbbb67d6e4889f3a7c2641dc1d74ee1984 Mon Sep 17 00:00:00 2001 +From: "beiling.xie" <xiekunxun@huawei.com> +Date: Tue, 20 Sep 2022 09:45:38 +0800 +Subject: [PATCH] Adaptation for dsoftbus + +Signed-off-by: beiling.xie <xiekunxun@huawei.com> +--- + BUILD.gn | 24 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + create mode 100644 BUILD.gn + +diff --git a/BUILD.gn b/BUILD.gn +new file mode 100644 +index 0000000..9bec199 +--- /dev/null ++++ b/BUILD.gn +@@ -0,0 +1,24 @@ ++# Copyright (c) 2021 Huawei Device Co., Ltd. ++# Licensed under the Apache License, Version 2.0 (the "License"); ++# you may not use this file except in compliance with the License. ++# You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, software ++# distributed under the License is distributed on an "AS IS" BASIS, ++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++# See the License for the specific language governing permissions and ++# limitations under the License. ++ ++config("libsec_public_config") { ++ libs = [ "boundscheck" ] ++} ++ ++group("libsec_static") { ++ public_configs = [ ":libsec_public_config" ] ++} ++ ++group("libsec_shared") { ++ public_configs = [ ":libsec_public_config" ] ++} +-- +2.25.1 + diff --git a/security-device-auth-0001-deviceauth-for-openeuler.patch b/security-device-auth-0001-deviceauth-for-openeuler.patch new file mode 100644 index 0000000..8bfb0ef --- /dev/null +++ b/security-device-auth-0001-deviceauth-for-openeuler.patch @@ -0,0 +1,103 @@ +From 6a4234339518e8be293aacee4aeef6aaa38d7e69 Mon Sep 17 00:00:00 2001 +From: "beiling.xie" <xiekunxun@huawei.com> +Date: Wed, 14 Sep 2022 00:12:20 +0800 +Subject: [PATCH] support deviceauth for openeuler + +Signed-off-by: beiling.xie <xiekunxun@huawei.com> +--- + deps_adapter/BUILD.gn | 3 ++- + deps_adapter/os_adapter/interfaces/linux/hc_log.h | 8 ++++---- + services/BUILD.gn | 2 +- + .../src/permission_adapter/permission_adapter.cpp | 11 +++++++---- + 4 files changed, 14 insertions(+), 10 deletions(-) + +diff --git a/deps_adapter/BUILD.gn b/deps_adapter/BUILD.gn +index 28df2d9..906b8ca 100644 +--- a/deps_adapter/BUILD.gn ++++ b/deps_adapter/BUILD.gn +@@ -118,10 +118,11 @@ if (defined(ohos_lite)) { + cflags = [ "-DHILOG_ENABLE" ] + deps = [ + "//base/security/huks/interfaces/innerkits/huks_standard/main:libhukssdk", +- "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara", ++ "//depend:syspara", + "//third_party/cJSON:cjson_static", + "//third_party/openssl:libcrypto_static", + "//utils/native/base:utils", ++ "//third_party/bounds_checking_function:libsec_shared", + ] + external_deps = [ "hiviewdfx_hilog_native:libhilog" ] + } +diff --git a/deps_adapter/os_adapter/interfaces/linux/hc_log.h b/deps_adapter/os_adapter/interfaces/linux/hc_log.h +index 7cfd649..f881d1e 100644 +--- a/deps_adapter/os_adapter/interfaces/linux/hc_log.h ++++ b/deps_adapter/os_adapter/interfaces/linux/hc_log.h +@@ -44,10 +44,10 @@ void DevAuthLogPrint(DevAuthLogLevel level, const char *funName, const char *fmt + #define LOGW(fmt, ...) (DevAuthLogPrint(DEV_AUTH_LOG_LEVEL_WARN, __FUNCTION__, fmt, ##__VA_ARGS__))
+ #define LOGE(fmt, ...) (DevAuthLogPrint(DEV_AUTH_LOG_LEVEL_ERROR, __FUNCTION__, fmt, ##__VA_ARGS__))
+
+-#define DEV_AUTH_LOG_DEBUG(buf) HiLogPrint(LOG_CORE, LOG_DEBUG, LOG_DOMAIN, "[DEVAUTH]", "%{public}s", buf)
+-#define DEV_AUTH_LOG_INFO(buf) HiLogPrint(LOG_CORE, LOG_INFO, LOG_DOMAIN, "[DEVAUTH]", "%{public}s", buf)
+-#define DEV_AUTH_LOG_WARN(buf) HiLogPrint(LOG_CORE, LOG_WARN, LOG_DOMAIN, "[DEVAUTH]", "%{public}s", buf)
+-#define DEV_AUTH_LOG_ERROR(buf) HiLogPrint(LOG_CORE, LOG_ERROR, LOG_DOMAIN, "[DEVAUTH]", "%{public}s", buf)
++#define DEV_AUTH_LOG_DEBUG(buf) HiLogPrint(LOG_CORE, LOG_DEBUG, LOG_DOMAIN, "[DEVAUTH]", "%s", buf)
++#define DEV_AUTH_LOG_INFO(buf) HiLogPrint(LOG_CORE, LOG_INFO, LOG_DOMAIN, "[DEVAUTH]", "%s", buf)
++#define DEV_AUTH_LOG_WARN(buf) HiLogPrint(LOG_CORE, LOG_WARN, LOG_DOMAIN, "[DEVAUTH]", "%s", buf)
++#define DEV_AUTH_LOG_ERROR(buf) HiLogPrint(LOG_CORE, LOG_ERROR, LOG_DOMAIN, "[DEVAUTH]", "%s", buf)
+
+ #else
+
+diff --git a/services/BUILD.gn b/services/BUILD.gn +index bb15b89..b2cdb17 100644 +--- a/services/BUILD.gn ++++ b/services/BUILD.gn +@@ -159,10 +159,10 @@ if (defined(ohos_lite)) { + "${deps_adapter_path}:${hal_module_name}", + "//third_party/cJSON:cjson_static", + "//utils/native/base:utils", ++ "//foundation/communication/dsoftbus/sdk:softbus_client" + ] + + external_deps = [ +- "dsoftbus_standard:softbus_client", + "hiviewdfx_hilog_native:libhilog", + ] + if (support_jsapi) { +diff --git a/services/frameworks/src/permission_adapter/permission_adapter.cpp b/services/frameworks/src/permission_adapter/permission_adapter.cpp +index dcdb912..6f4f8a3 100644 +--- a/services/frameworks/src/permission_adapter/permission_adapter.cpp ++++ b/services/frameworks/src/permission_adapter/permission_adapter.cpp +@@ -15,17 +15,18 @@ +
+ #include "permission_adapter.h"
+
+-#include "accesstoken_kit.h"
++//#include "accesstoken_kit.h"
+ #include "ipc_skeleton.h"
+
+ #include "device_auth_defines.h"
+ #include "hc_log.h"
+
+-using namespace OHOS;
+-using namespace OHOS::Security::AccessToken;
++//using namespace OHOS;
++//using namespace OHOS::Security::AccessToken;
+
+ int32_t CheckPermission(void)
+ {
++#if 0
+ AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
+ ATokenTypeEnum tokenType = AccessTokenKit::GetTokenType(tokenId);
+ if (tokenType == TOKEN_NATIVE) {
+@@ -45,4 +46,6 @@ int32_t CheckPermission(void) + LOGE("Invalid token type: %d", tokenType);
+ return HC_ERROR;
+ }
+-} +\ No newline at end of file ++#endif
++ return HC_SUCCESS;
++}
+-- +2.25.1 + diff --git a/security-device-auth-0002-deviceauth-ipc-service.patch b/security-device-auth-0002-deviceauth-ipc-service.patch new file mode 100644 index 0000000..e94772a --- /dev/null +++ b/security-device-auth-0002-deviceauth-ipc-service.patch @@ -0,0 +1,276 @@ +From 31f1a71fee10a1248de00ea1f36eeaf80e683673 Mon Sep 17 00:00:00 2001 +From: "beiling.xie" <xiekunxun@huawei.com> +Date: Fri, 16 Sep 2022 01:11:40 +0800 +Subject: [PATCH] adapter deviceauth ipc service + +Signed-off-by: beiling.xie <xiekunxun@huawei.com> +--- + frameworks/inc/ipc_service.h | 2 ++ + frameworks/src/ipc_service.c | 16 +----------- + frameworks/src/standard/ipc_adapt.cpp | 18 +++++++------ + .../src/standard/ipc_dev_auth_proxy.cpp | 25 ++++--------------- + frameworks/src/standard/ipc_dev_auth_stub.cpp | 7 +----- + services/BUILD.gn | 15 ++++++++++- + services/device_auth.c | 6 +++++ + 7 files changed, 39 insertions(+), 50 deletions(-) + +diff --git a/frameworks/inc/ipc_service.h b/frameworks/inc/ipc_service.h +index e3eb11b..ed73555 100755 +--- a/frameworks/inc/ipc_service.h ++++ b/frameworks/inc/ipc_service.h +@@ -20,6 +20,8 @@ + extern "C" { + #endif + ++int DeviceAuthIpcInit(); ++ + #ifdef __cplusplus + } + #endif +diff --git a/frameworks/src/ipc_service.c b/frameworks/src/ipc_service.c +index afc21fc..3db6bb5 100644 +--- a/frameworks/src/ipc_service.c ++++ b/frameworks/src/ipc_service.c +@@ -1038,20 +1038,10 @@ int32_t MainRescInit(void) + return HC_SUCCESS; + } + +-int32_t main(int32_t argc, char const *argv[]) ++int DeviceAuthIpcInit() + { + uintptr_t serviceCtx = 0x0; + int32_t ret; +- HcCondition cond; +- +- (void)argc; +- (void)argv; +- LOGI("device authentication service starting ..."); +- ret = InitDeviceAuthService(); +- if (ret != HC_SUCCESS) { +- LOGE("device auth service main, InitDeviceAuthService failed, ret %d", ret); +- return 1; +- } + + ret = MainRescInit(); + if (ret != HC_SUCCESS) { +@@ -1070,10 +1060,6 @@ int32_t main(int32_t argc, char const *argv[]) + } + (void)AddMethodMap(serviceCtx); + LOGI("device authentication service register to IPC manager done, service running..."); +- (void)memset_s(&cond, sizeof(cond), 0, sizeof(cond)); +- InitHcCond(&cond, NULL); +- cond.wait(&cond); +- DestroyHcCond(&cond); + return 0; + } + +diff --git a/frameworks/src/standard/ipc_adapt.cpp b/frameworks/src/standard/ipc_adapt.cpp +index 3dd4ec8..3910726 100644 +--- a/frameworks/src/standard/ipc_adapt.cpp ++++ b/frameworks/src/standard/ipc_adapt.cpp +@@ -23,12 +23,14 @@ + #include "ipc_dev_auth_stub.h" + #include "ipc_sdk.h" + #include "ipc_service.h" +-#include "iservice_registry.h" + #include "securec.h" + #include "system_ability_definition.h" ++#include "ipc_center.h" ++ + + using namespace std; + using namespace OHOS; ++static IpcCenter *g_deviceIpc = nullptr; + namespace { + static const int32_t BUFF_MAX_SZ = 128; + static const int32_t IPC_CALL_BACK_MAX_NODES = 64; +@@ -1335,19 +1337,19 @@ void DestroyServiceInstance(uintptr_t *ipcInstance) + + int32_t AddDevAuthServiceToManager(uintptr_t *serviceCtx) + { +- int32_t ret = ERR_OK; ++ int32_t ret = HC_SUCCESS; + ServiceDevAuth *sPtr = nullptr; + +- sptr<ISystemAbilityManager> sysMgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); +- if (sysMgr == nullptr) { +- return HC_ERR_IPC_GET_SERVICE; +- } + sPtr = new(std::nothrow) ServiceDevAuth(); + if (sPtr == nullptr) { + return HC_ERR_ALLOC_MEMORY; + } +- ret = sysMgr->AddSystemAbility(DEVICE_AUTH_SERVICE_ID, sPtr); +- if (ret != ERR_OK) { ++ sPtr->isDSoftBusObj = false; ++ if (!g_deviceIpc->Init(true, static_cast<IPCObjectStub*>(sPtr))) { ++ LOGE("deviceIpc init failed"); ++ } ++ ret = IPCSkeleton::SetDeviceAuthObj(sPtr); ++ if (ret != true) { + LOGE("add service failed"); + delete sPtr; + return HC_ERROR; +diff --git a/frameworks/src/standard/ipc_dev_auth_proxy.cpp b/frameworks/src/standard/ipc_dev_auth_proxy.cpp +index bc3abeb..c493f7a 100644 +--- a/frameworks/src/standard/ipc_dev_auth_proxy.cpp ++++ b/frameworks/src/standard/ipc_dev_auth_proxy.cpp +@@ -19,9 +19,9 @@ + #include "hc_log.h" + #include "ipc_adapt.h" + #include "ipc_sdk.h" +-#include "iservice_registry.h" + #include "system_ability_definition.h" + ++ + namespace OHOS { + ProxyDevAuth::ProxyDevAuth(const sptr<IRemoteObject> &impl) : IRemoteProxy<IMethodsIpcCall>(impl) + {} +@@ -33,7 +33,7 @@ int32_t ProxyDevAuth::DoCallRequest(MessageParcel &dataParcel, MessageParcel &re + { + int32_t ret; + sptr<IRemoteObject> remote = nullptr; +- MessageOption option = { MessageOption::TF_SYNC }; ++ MessageOption option; + + LOGI("ProxyDevAuth, SendRequest..."); + remote = Remote(); +@@ -42,9 +42,6 @@ int32_t ProxyDevAuth::DoCallRequest(MessageParcel &dataParcel, MessageParcel &re + return HC_ERR_IPC_INTERNAL_FAILED; + } + +- if (withSync == false) { +- option = { MessageOption::TF_ASYNC }; +- } + ret = remote->SendRequest(DEV_AUTH_CALL_REQUEST, dataParcel, replyParcel, option); + LOGI("SendRequest done, ret %d", ret); + (ret == ERR_NONE) ? replyParcel.ReadInt32(ret) : (ret = HC_ERR_IPC_INTERNAL_FAILED); +@@ -53,15 +50,8 @@ int32_t ProxyDevAuth::DoCallRequest(MessageParcel &dataParcel, MessageParcel &re + + bool ProxyDevAuth::ServiceRunning(void) + { +- auto saMgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); +- if (saMgr == nullptr) { +- return false; +- } +- auto daSa = saMgr->GetSystemAbility(DEVICE_AUTH_SERVICE_ID); +- if (daSa == nullptr) { +- return false; +- } +- return true; ++ auto daSa = IPCSkeleton::GetDeviceAuthObj(); ++ return daSa != nullptr; + } + + int32_t ProxyDevAuthData::EncodeCallRequest(int32_t type, const uint8_t *param, int32_t paramSz) +@@ -117,12 +107,7 @@ int32_t ProxyDevAuthData::FinalCallRequest(int32_t methodId) + + sptr<ProxyDevAuth> ProxyDevAuthData::GetProxy() const + { +- auto saMgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); +- if (saMgr == nullptr) { +- LOGE("GetSystemAbilityManager failed"); +- return nullptr; +- } +- auto daSa = saMgr->GetSystemAbility(DEVICE_AUTH_SERVICE_ID); ++ auto daSa = IPCSkeleton::GetDeviceAuthObj(); + if (daSa == nullptr) { + LOGE("GetSystemAbility failed"); + return nullptr; +diff --git a/frameworks/src/standard/ipc_dev_auth_stub.cpp b/frameworks/src/standard/ipc_dev_auth_stub.cpp +index e33b770..648bc3b 100644 +--- a/frameworks/src/standard/ipc_dev_auth_stub.cpp ++++ b/frameworks/src/standard/ipc_dev_auth_stub.cpp +@@ -286,12 +286,7 @@ void ServiceDevAuth::ActCallback(int32_t objIdx, int32_t callbackId, bool sync, + LOGW("nothing to do, callback id %d, remote object id %d", callbackId, objIdx); + return; + } +- MessageOption option(MessageOption::TF_SYNC); +- option.SetWaitTime(DEV_AUTH_CALL_WAIT_TIME); +- if (!sync) { +- option.SetFlags(MessageOption::TF_ASYNC); +- option.SetWaitTime(0); +- } ++ MessageOption option; + std::lock_guard<std::mutex> autoLock(g_cBMutex); + sptr<ICommIpcCallback> proxy = iface_cast<ICommIpcCallback>(g_cbStub[objIdx].cbStub); + proxy->DoCallBack(callbackId, cbHook, dataParcel, reply, option); +diff --git a/services/BUILD.gn b/services/BUILD.gn +index b2cdb17..ce6e24b 100644 +--- a/services/BUILD.gn ++++ b/services/BUILD.gn +@@ -142,9 +142,14 @@ if (defined(ohos_lite)) { + "//foundation/communication/dsoftbus/interfaces/kits/transport", + "//foundation/communication/dsoftbus/interfaces/inner_kits/transport", + "//third_party/json/include", ++ "${frameworks_path}/inc", ++ "${dev_frameworks_path}/inc/permission_adapter", + ] + + sources = deviceauth_files ++ sources += deviceauth_ipc_files ++ sources += permission_adapter_files ++ sources += [ "${frameworks_path}/src/ipc_service.c" ] + cflags = [ "-DHILOG_ENABLE" ] + defines = deviceauth_defines + cflags += build_flags +@@ -164,6 +169,7 @@ if (defined(ohos_lite)) { + + external_deps = [ + "hiviewdfx_hilog_native:libhilog", ++ "ipc:ipc_core", + ] + if (support_jsapi) { + external_deps += [ "os_account_standard:os_account_innerkits" ] +@@ -238,6 +244,12 @@ if (defined(ohos_lite)) { + sources = deviceauth_ipc_files + sources += permission_adapter_files + sources += [ "${frameworks_path}/src/ipc_sdk.c" ] ++ sources += [ "${os_adapter_path}/impl/src/hc_log.c" ] ++ sources += [ "${os_adapter_path}/impl/src/linux/hc_types.c" ] ++ sources += [ "${os_adapter_path}/impl/src/hc_mutex.c" ] ++ sources += [ "${common_lib_path}/impl/src/json_utils.c" ] ++ sources += [ "${common_lib_path}/impl/src/string_util.c" ] ++ sources += [ "${common_lib_path}/impl/src/clib_types.c" ] + + defines = [ + "__LINUX__", +@@ -250,9 +262,10 @@ if (defined(ohos_lite)) { + } + + deps = [ +- "${deps_adapter_path}:${hal_module_name}", + "//third_party/cJSON:cjson_static", + "//utils/native/base:utils", ++ "//third_party/bounds_checking_function:libsec_shared", ++ "//third_party/cJSON:cjson_static", + ] + + external_deps = [ +diff --git a/services/device_auth.c b/services/device_auth.c +index e09dce4..16f6200 100644 +--- a/services/device_auth.c ++++ b/services/device_auth.c +@@ -14,6 +14,7 @@ + */ + + #include "device_auth.h" ++#include "ipc_service.h" + + #include "alg_loader.h" + #include "callback_manager.h" +@@ -241,6 +242,11 @@ DEVICE_AUTH_API_PUBLIC int InitDeviceAuthService(void) + DestroyGmAndGa(); + return res; + } ++ res = DeviceAuthIpcInit(); ++ if (res != HC_SUCCESS) { ++ DestroyGmAndGa(); ++ return res; ++ } + SetInitStatus(); + LOGI("[End]: [Service]: Init device auth service successfully!"); + return HC_SUCCESS; +-- +2.25.1 + diff --git a/security-device-auth-0003-simplify-dependency-on-third-party-packages.patch b/security-device-auth-0003-simplify-dependency-on-third-party-packages.patch new file mode 100644 index 0000000..38e943e --- /dev/null +++ b/security-device-auth-0003-simplify-dependency-on-third-party-packages.patch @@ -0,0 +1,79 @@ +From 382ff16702df5f06b96a76abd2b542ab00650487 Mon Sep 17 00:00:00 2001 +From: "beiling.xie" <xiekunxun@huawei.com> +Date: Thu, 10 Nov 2022 14:34:05 +0800 +Subject: [PATCH] simplify dependency on third-party packages + +Signed-off-by: beiling.xie <xiekunxun@huawei.com> +--- + deps_adapter/BUILD.gn | 4 ++-- + services/BUILD.gn | 23 +++++++++-------------- + 2 files changed, 11 insertions(+), 16 deletions(-) + +diff --git a/deps_adapter/BUILD.gn b/deps_adapter/BUILD.gn +index 906b8ca..722d974 100644 +--- a/deps_adapter/BUILD.gn ++++ b/deps_adapter/BUILD.gn +@@ -120,10 +120,10 @@ if (defined(ohos_lite)) { + "//base/security/huks/interfaces/innerkits/huks_standard/main:libhukssdk", + "//depend:syspara", + "//third_party/cJSON:cjson_static", +- "//third_party/openssl:libcrypto_static", + "//utils/native/base:utils", + "//third_party/bounds_checking_function:libsec_shared", + ] +- external_deps = [ "hiviewdfx_hilog_native:libhilog" ] ++ deps += [ "//depend:libhilog" ] ++ libs = [ "crypto" ] + } + } +diff --git a/services/BUILD.gn b/services/BUILD.gn +index ce6e24b..0c37820 100644 +--- a/services/BUILD.gn ++++ b/services/BUILD.gn +@@ -167,9 +167,9 @@ if (defined(ohos_lite)) { + "//foundation/communication/dsoftbus/sdk:softbus_client" + ] + +- external_deps = [ +- "hiviewdfx_hilog_native:libhilog", +- "ipc:ipc_core", ++ deps += [ ++ "//depend:libhilog", ++ "//depend/ipc:ipc_core", + ] + if (support_jsapi) { + external_deps += [ "os_account_standard:os_account_innerkits" ] +@@ -217,12 +217,9 @@ if (defined(ohos_lite)) { + "//utils/native/base:utils", + ] + +- external_deps = [ +- "access_token:libaccesstoken_sdk", +- "hiviewdfx_hilog_native:libhilog", +- "ipc:ipc_core", +- "safwk:system_ability_fwk", +- "samgr_standard:samgr_proxy", ++ deps += [ ++ "//depend:libhilog", ++ "//depend/ipc:ipc_core", + ] + } + +@@ -268,11 +265,9 @@ if (defined(ohos_lite)) { + "//third_party/cJSON:cjson_static", + ] + +- external_deps = [ +- "access_token:libaccesstoken_sdk", +- "hiviewdfx_hilog_native:libhilog", +- "ipc:ipc_core", +- "samgr_standard:samgr_proxy", ++ deps += [ ++ "//depend:libhilog", ++ "//depend/ipc:ipc_core", + ] + } + } +-- +2.25.1 + diff --git a/security-huks-0001-support-huks-for-openeuler.patch b/security-huks-0001-support-huks-for-openeuler.patch new file mode 100644 index 0000000..ebeb757 --- /dev/null +++ b/security-huks-0001-support-huks-for-openeuler.patch @@ -0,0 +1,236 @@ +From c7fe7e1422af2a0b4fdbd7e514f8b8c6054170e8 Mon Sep 17 00:00:00 2001 +From: "beiling.xie" <xiekunxunn@huawei.com> +Date: Tue, 19 Jul 2022 21:01:41 +0800 +Subject: [PATCH] support huks for openeuler + +Signed-off-by: beiling.xie <xiekunxun@huawei.com> +--- + frameworks/huks_standard/main/BUILD.gn | 1 + + .../huks_standard/main/core/src/hks_verifier.c | 10 ++++++---- + .../crypto_engine/openssl/src/hks_openssl_kdf.c | 4 +++- + .../huks_standard/main/os_dependency/BUILD.gn | 15 ++++++++++----- + .../main/os_dependency/log/hks_log.c | 14 +++++++------- + interfaces/innerkits/huks_standard/main/BUILD.gn | 1 + + .../huks_service/main/os_dependency/BUILD.gn | 2 +- + .../huks_service/main/os_dependency/idl/BUILD.gn | 6 +++--- + utils/file_operator/hks_file_operator.c | 6 +++--- + 9 files changed, 35 insertions(+), 24 deletions(-) + +diff --git a/frameworks/huks_standard/main/BUILD.gn b/frameworks/huks_standard/main/BUILD.gn +index 83d7750..cd899cd 100755 +--- a/frameworks/huks_standard/main/BUILD.gn ++++ b/frameworks/huks_standard/main/BUILD.gn +@@ -20,6 +20,7 @@ group("huks_standard_frameworks") { + "//base/security/huks/frameworks/huks_standard/main/core:libhuks_core_standard_static", + "//base/security/huks/frameworks/huks_standard/main/crypto_engine:libhuks_crypto_engine_standard_static", + "//base/security/huks/frameworks/huks_standard/main/os_dependency:libhuks_os_dependency_standard_static", ++ "//base/security/huks/services/huks_standard/huks_service/main/os_dependency:libhuks_service_os_dependency_standard_static", + ] + } + } +diff --git a/frameworks/huks_standard/main/core/src/hks_verifier.c b/frameworks/huks_standard/main/core/src/hks_verifier.c +index 149137d..a65f27e 100755 +--- a/frameworks/huks_standard/main/core/src/hks_verifier.c ++++ b/frameworks/huks_standard/main/core/src/hks_verifier.c +@@ -250,8 +250,9 @@ static int32_t ExtractTlvLength(const uint8_t *in, uint32_t inLen, uint32_t *hea + uint8_t *buf = (uint8_t *)in;
+ uint32_t length = 0; /* length of the payload */
+
+- uint32_t tmp;
+- HKS_ASN1_DECODE_BYTE(buf, tmp); /* get type */
++// uint32_t tmp;
++// HKS_ASN1_DECODE_BYTE(buf, tmp); /* get type */
++ buf++;
+ if (buf[0] < ASN_1_MIN_VAL_1_EXTRA_LEN_BYTE) {
+ /* Current byte tells the length */
+ HKS_ASN1_DECODE_BYTE(buf, length);
+@@ -301,8 +302,9 @@ static int32_t ExtractTlvData(const uint8_t *in, uint32_t inLen, uint8_t *out, u + uint8_t *buf = (uint8_t *)in;
+ uint32_t length = 0; /* length of the payload */
+
+- uint32_t tmp;
+- HKS_ASN1_DECODE_BYTE(buf, tmp); /* get type */
++// uint32_t tmp;
++// HKS_ASN1_DECODE_BYTE(buf, tmp); /* get type */
++ buf++;
+ if (buf[0] < ASN_1_MIN_VAL_1_EXTRA_LEN_BYTE) {
+ /* Current byte tells the length */
+ HKS_ASN1_DECODE_BYTE(buf, length);
+diff --git a/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_kdf.c b/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_kdf.c +index 258b206..5db3e4d 100755 +--- a/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_kdf.c ++++ b/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_kdf.c +@@ -57,6 +57,7 @@ int32_t HksOpensslHkdf(const struct HksBlob *mainKey, const struct HksKeySpec *d + EVP_PKEY_CTX *pctx;
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+ int32_t ret = HKS_FAILURE;
++
+ do {
+ if (EVP_PKEY_derive_init(pctx) <= 0) {
+ HksLogOpensslError();
+@@ -78,7 +79,8 @@ int32_t HksOpensslHkdf(const struct HksBlob *mainKey, const struct HksKeySpec *d + HksLogOpensslError();
+ break;
+ }
+- if (EVP_PKEY_derive(pctx, derivedKey->data, (size_t *)&derivedKey->size) <= 0) {
++ size_t new = derivedKey->size;
++ if (EVP_PKEY_derive(pctx, derivedKey->data, &new) <= 0) {
+ HksLogOpensslError();
+ break;
+ }
+diff --git a/frameworks/huks_standard/main/os_dependency/BUILD.gn b/frameworks/huks_standard/main/os_dependency/BUILD.gn +index 7d03e55..6da94a5 100755 +--- a/frameworks/huks_standard/main/os_dependency/BUILD.gn ++++ b/frameworks/huks_standard/main/os_dependency/BUILD.gn +@@ -26,6 +26,8 @@ ohos_static_library("libhuks_os_dependency_standard_static") { + public_configs = [ ":huks_config" ] + include_dirs = [ + "log", ++ "sysinfo/include", ++ "../../../../services/huks_standard/huks_service/main/core/include/", + "//utils/native/base/include", + "//utils/system/safwk/native/include", + ] +@@ -35,17 +37,20 @@ ohos_static_library("libhuks_os_dependency_standard_static") { + "_HUKS_LOG_ENABLE_", + ] + sources = [ +- "./ipc/src/hks_client_service_ipc.c", +- "./ipc/src/hks_ipc_check.c", +- "./ipc/src/hks_ipc_serialization.c", +- "./ipc/src/hks_ipc_slice.c", +- "./ipc/src/hks_request.cpp", ++# "./ipc/src/hks_client_service_ipc.c", ++# "./ipc/src/hks_ipc_check.c", ++# "./ipc/src/hks_ipc_serialization.c", ++# "./ipc/src/hks_ipc_slice.c", ++# "./ipc/src/hks_request.cpp", ++ "./ipc/src/hks_client_service_passthrough.c", ++ "./sysinfo/src/hks_get_process_info_passthrough.c", + "./log/hks_log.c", + "./posix/hks_mem.c", + ] + deps = [ + "//base/security/huks/frameworks/huks_standard/main/common:libhuks_common_standard_static", + "//utils/native/base:utils", ++ "//third_party/bounds_checking_function:libsec_shared", + ] + external_deps = [ + "hiviewdfx_hilog_native:libhilog", +diff --git a/frameworks/huks_standard/main/os_dependency/log/hks_log.c b/frameworks/huks_standard/main/os_dependency/log/hks_log.c +index ef7d264..5beadab 100755 +--- a/frameworks/huks_standard/main/os_dependency/log/hks_log.c ++++ b/frameworks/huks_standard/main/os_dependency/log/hks_log.c +@@ -22,8 +22,8 @@ +
+ #undef LOG_DOMAIN
+ #undef LOG_TAG
+-static const unsigned int LOG_DOMAIN = 0xD002F01;
+-static const char* LOG_TAG = "HUKS";
++//static const unsigned int LOG_DOMAIN = 0xD002F01;
++//static const char* LOG_TAG = "HUKS";
+
+ #define MAX_LOG_BUFF_LEN 512
+
+@@ -48,16 +48,16 @@ void HksLog(uint32_t logLevel, const char *funcName, uint32_t lineNo, const char +
+ switch (logLevel) {
+ case HKS_LOG_LEVEL_I:
+- HILOG_INFO(LOG_CORE, "%{public}s[%{public}u]: %{public}s\n", funcName, lineNo, buf);
++ HILOG_INFO(LOG_CORE, "%s[%u]: %s\n", funcName, lineNo, buf);
+ break;
+ case HKS_LOG_LEVEL_E:
+- HILOG_ERROR(LOG_CORE, "%{public}s[%{public}u]: %{public}s\n", funcName, lineNo, buf);
++ HILOG_ERROR(LOG_CORE, "%s[%u]: %s\n", funcName, lineNo, buf);
+ break;
+ case HKS_LOG_LEVEL_W:
+- HILOG_WARN(LOG_CORE, "%{public}s[%{public}u]: %{public}s\n", funcName, lineNo, buf);
++ HILOG_WARN(LOG_CORE, "%s[%u]: %s\n", funcName, lineNo, buf);
+ break;
+ case HKS_LOG_LEVEL_D:
+- HILOG_DEBUG(LOG_CORE, "%{public}s[%{public}u]: %{private}s\n", funcName, lineNo, buf);
++ HILOG_DEBUG(LOG_CORE, "%s[%u]: %s\n", funcName, lineNo, buf);
+ break;
+ default:
+ HKS_FREE_PTR(buf);
+@@ -65,4 +65,4 @@ void HksLog(uint32_t logLevel, const char *funcName, uint32_t lineNo, const char + }
+
+ HKS_FREE_PTR(buf);
+-} +\ No newline at end of file ++}
+diff --git a/interfaces/innerkits/huks_standard/main/BUILD.gn b/interfaces/innerkits/huks_standard/main/BUILD.gn +index 1ca1e02..88e620d 100755 +--- a/interfaces/innerkits/huks_standard/main/BUILD.gn ++++ b/interfaces/innerkits/huks_standard/main/BUILD.gn +@@ -41,6 +41,7 @@ if (os_level == "standard") { + deps = [ + "//base/security/huks/frameworks/huks_standard/main:huks_standard_frameworks", + "//base/security/huks/utils/crypto_adapter:libhuks_utils_client_service_adapter_static", ++ "//base/security/huks/services/huks_standard/huks_engine/main/core:huks_engine_core_standard", + ] + } + } +diff --git a/services/huks_standard/huks_service/main/os_dependency/BUILD.gn b/services/huks_standard/huks_service/main/os_dependency/BUILD.gn +index 931d20c..01078b7 100755 +--- a/services/huks_standard/huks_service/main/os_dependency/BUILD.gn ++++ b/services/huks_standard/huks_service/main/os_dependency/BUILD.gn +@@ -34,7 +34,7 @@ ohos_static_library("libhuks_service_os_dependency_standard_static") { + ] + sources = [ + "posix/hks_rwlock.c", +- "sa/hks_sa.cpp", ++# "sa/hks_sa.cpp", + ] + deps = [ + "//base/security/huks/frameworks/huks_standard/main/common:libhuks_common_standard_static", +diff --git a/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn b/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn +index e86a491..3ffcfa1 100755 +--- a/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn ++++ b/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn +@@ -32,9 +32,9 @@ ohos_static_library("libhuks_service_idl_standard_static") { + "_HUKS_LOG_ENABLE_", + ] + sources = [ +- "ipc/hks_ipc_serialization.c", +- "ipc/hks_ipc_service.c", +- "ipc/hks_response.cpp", ++# "ipc/hks_ipc_serialization.c", ++# "ipc/hks_ipc_service.c", ++# "ipc/hks_response.cpp", + "passthrough/huks_access.c", + "passthrough/huks_core_dynamic_hal.c", + ] +diff --git a/utils/file_operator/hks_file_operator.c b/utils/file_operator/hks_file_operator.c +index 5543c38..5c2e704 100755 +--- a/utils/file_operator/hks_file_operator.c ++++ b/utils/file_operator/hks_file_operator.c +@@ -93,7 +93,7 @@ static uint32_t FileRead(const char *fileName, uint32_t offset, uint8_t *buf, ui + }
+
+ char filePath[PATH_MAX + 1] = {0};
+- (void)realpath(fileName, filePath);
++ char *path __attribute__((unused)) = realpath(fileName, filePath);
+ if (strstr(filePath, "../") != NULL) {
+ HKS_LOG_E("invalid filePath, path %s", filePath);
+ return 0;
+@@ -137,7 +137,7 @@ static int32_t FileWrite(const char *fileName, uint32_t offset, const uint8_t *b + if (memcpy_s(filePath, sizeof(filePath) - 1, fileName, strlen(fileName)) != EOK) {
+ return HKS_ERROR_BAD_STATE;
+ }
+- (void)realpath(fileName, filePath);
++ char *path __attribute__((unused)) = realpath(fileName, filePath);
+ if (strstr(filePath, "../") != NULL) {
+ HKS_LOG_E("invalid filePath, path %s", filePath);
+ return HKS_ERROR_INVALID_KEY_FILE;
+@@ -519,4 +519,4 @@ uint32_t HksFileSize(const char *path, const char *fileName) + int32_t HksGetFileName(const char *path, const char *fileName, char *fullFileName, uint32_t fullFileNameLen)
+ {
+ return GetFileName(path, fileName, fullFileName, fullFileNameLen);
+-} +\ No newline at end of file ++}
+-- +2.25.1 + diff --git a/security-huks-0002-simplify-dependency-on-third-party-packages.patch b/security-huks-0002-simplify-dependency-on-third-party-packages.patch new file mode 100644 index 0000000..38753e1 --- /dev/null +++ b/security-huks-0002-simplify-dependency-on-third-party-packages.patch @@ -0,0 +1,114 @@ +From bda2efdae0c4df2c2d64796dd3469bc53f53604f Mon Sep 17 00:00:00 2001 +From: "beiling.xie" <xiekunxun@huawei.com> +Date: Thu, 10 Nov 2022 14:37:25 +0800 +Subject: [PATCH] simplify dependency on third-party packages + +Signed-off-by: beiling.xie <xiekunxun@huawei.com> +--- + frameworks/huks_standard/main/core/BUILD.gn | 3 ++- + .../huks_standard/main/crypto_engine/openssl/BUILD.gn | 4 +++- + frameworks/huks_standard/main/os_dependency/BUILD.gn | 7 +++---- + .../huks_service/main/os_dependency/BUILD.gn | 8 +++----- + .../huks_service/main/os_dependency/idl/BUILD.gn | 2 +- + utils/crypto_adapter/BUILD.gn | 3 ++- + 6 files changed, 14 insertions(+), 13 deletions(-) + +diff --git a/frameworks/huks_standard/main/core/BUILD.gn b/frameworks/huks_standard/main/core/BUILD.gn +index b601eda..6ac01d4 100755 +--- a/frameworks/huks_standard/main/core/BUILD.gn ++++ b/frameworks/huks_standard/main/core/BUILD.gn +@@ -40,7 +40,8 @@ ohos_static_library("libhuks_core_standard_static") { + ] + deps = [ + "//base/security/huks/frameworks/huks_standard/main/common:libhuks_common_standard_static", +- "//third_party/openssl:libcrypto_static", + ] ++ ++ libs = [ "crypto" ] + complete_static_lib = true + } +diff --git a/frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn b/frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn +index ab4d1a2..f02b701 100755 +--- a/frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn ++++ b/frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn +@@ -51,8 +51,10 @@ ohos_static_library("libhuks_openssl_standard_static") { + + deps = [ + "//base/security/huks/frameworks/huks_standard/main/common:libhuks_common_standard_static", +- "//third_party/openssl:libcrypto_static", + ] ++ ++ libs = [ "crypto" ] ++ + cflags = [ + "-DHILOG_ENABLE", + "-Wall", +diff --git a/frameworks/huks_standard/main/os_dependency/BUILD.gn b/frameworks/huks_standard/main/os_dependency/BUILD.gn +index 6da94a5..bfe2941 100755 +--- a/frameworks/huks_standard/main/os_dependency/BUILD.gn ++++ b/frameworks/huks_standard/main/os_dependency/BUILD.gn +@@ -52,10 +52,9 @@ ohos_static_library("libhuks_os_dependency_standard_static") { + "//utils/native/base:utils", + "//third_party/bounds_checking_function:libsec_shared", + ] +- external_deps = [ +- "hiviewdfx_hilog_native:libhilog", +- "ipc:ipc_core", +- "samgr_standard:samgr_proxy", ++ deps += [ ++ "//depend:libhilog", ++ "//depend/ipc:ipc_core", + ] + cflags_cc = [ + "-DHILOG_ENABLE", +diff --git a/services/huks_standard/huks_service/main/os_dependency/BUILD.gn b/services/huks_standard/huks_service/main/os_dependency/BUILD.gn +index 01078b7..dfa2c4f 100755 +--- a/services/huks_standard/huks_service/main/os_dependency/BUILD.gn ++++ b/services/huks_standard/huks_service/main/os_dependency/BUILD.gn +@@ -43,11 +43,9 @@ ohos_static_library("libhuks_service_os_dependency_standard_static") { + ] + public_deps = [ "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/idl:libhuks_service_idl_standard_static" ] + +- external_deps = [ +- "hiviewdfx_hilog_native:libhilog", +- "ipc:ipc_core", +- "safwk:system_ability_fwk", +- "samgr_standard:samgr_proxy", ++ deps += [ ++ "//depend:libhilog", ++ "//depend/ipc:ipc_core", + ] + if (support_jsapi) { + sources += [ "sa/hks_event_observer.cpp" ] +diff --git a/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn b/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn +index 3ffcfa1..0650b2c 100755 +--- a/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn ++++ b/services/huks_standard/huks_service/main/os_dependency/idl/BUILD.gn +@@ -43,7 +43,7 @@ ohos_static_library("libhuks_service_idl_standard_static") { + "//base/security/huks/services/huks_standard/huks_service/main/core:libhuks_service_core_standard_static", + "//utils/native/base:utils", + ] +- external_deps = [ "ipc:ipc_core" ] ++ deps += [ "//depend/ipc:ipc_core" ] + if (support_jsapi) { + external_deps += [ + "access_token:libaccesstoken_sdk", +diff --git a/utils/crypto_adapter/BUILD.gn b/utils/crypto_adapter/BUILD.gn +index 0ca8f61..7d28eea 100755 +--- a/utils/crypto_adapter/BUILD.gn ++++ b/utils/crypto_adapter/BUILD.gn +@@ -39,9 +39,10 @@ ohos_static_library("libhuks_utils_client_service_adapter_static") { + deps = [ + "//base/security/huks/frameworks/huks_standard/main/common:libhuks_common_standard_static", + "//base/security/huks/frameworks/huks_standard/main/os_dependency:libhuks_os_dependency_standard_static", +- "//third_party/openssl:libcrypto_static", + "//utils/native/base:utils", + ] + ++ libs = [ "crypto" ] ++ + complete_static_lib = true + } +-- +2.25.1 + diff --git a/security-huks-0003-fix-discarded-qualifiers-error.patch b/security-huks-0003-fix-discarded-qualifiers-error.patch new file mode 100644 index 0000000..6d20679 --- /dev/null +++ b/security-huks-0003-fix-discarded-qualifiers-error.patch @@ -0,0 +1,53 @@ +From 05495d8cad3752f5bf357dfd878a1090fd2b191b Mon Sep 17 00:00:00 2001 +From: liheavy <lihaiwei8@huawei.com> +Date: Wed, 8 Feb 2023 17:42:40 +0800 +Subject: [PATCH] fix discarded-qualifiers-error + +diff -Nur a/utils/crypto_adapter/hks_client_service_adapter.c b/utils/crypto_adapter/hks_client_service_adapter.c +--- a/utils/crypto_adapter/hks_client_service_adapter.c 2022-07-28 15:16:34.000000000 +0800 ++++ b/utils/crypto_adapter/hks_client_service_adapter.c 2023-02-09 10:28:07.858448659 +0800 +@@ -447,7 +447,7 @@ + #ifdef HKS_SUPPORT_RSA_C
+ static int32_t X509PublicKeyToRsa(EVP_PKEY *pkey, struct HksBlob *rsaPublicKey)
+ {
+- RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ const RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ if (rsa == NULL) {
+ HKS_LOG_E("EVP_PKEY_get1_RSA error %s", ERR_reason_error_string(ERR_get_error()));
+ return HKS_ERROR_NULL_POINTER;
+@@ -488,7 +488,7 @@ + #endif
+
+ #ifdef HKS_SUPPORT_ECC_C
+-static int32_t EcKeyToPublicKey(EC_KEY *ecKey, struct HksBlob *eccPublicKey)
++static int32_t EcKeyToPublicKey(const EC_KEY *ecKey, struct HksBlob *eccPublicKey)
+ {
+ BIGNUM *x = BN_new();
+ BIGNUM *y = BN_new();
+@@ -546,7 +546,7 @@ +
+ static int32_t X509PublicKeyToEcc(EVP_PKEY *pkey, struct HksBlob *eccPublicKey)
+ {
+- EC_KEY *ecKey = EVP_PKEY_get0_EC_KEY(pkey);
++ const EC_KEY *ecKey = EVP_PKEY_get0_EC_KEY(pkey);
+ if (ecKey == NULL) {
+ HKS_LOG_E("EVP_PKEY_get1_EC_KEY error %s", ERR_reason_error_string(ERR_get_error()));
+ return HKS_ERROR_NULL_POINTER;
+@@ -559,7 +559,7 @@ + #ifdef HKS_SUPPORT_DSA_C
+ static int32_t X509PublicKeyToDsa(EVP_PKEY *pkey, struct HksBlob *dsaPublicKey)
+ {
+- DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ const DSA *dsa = EVP_PKEY_get0_DSA(pkey);
+ if (dsa == NULL) {
+ HKS_LOG_E("EVP_PKEY_get1_DSA error %s", ERR_reason_error_string(ERR_get_error()));
+ return HKS_ERROR_NULL_POINTER;
+@@ -615,7 +615,7 @@ + #ifdef HKS_SUPPORT_DH_C
+ static int32_t X509PublicKeyToDh(EVP_PKEY *pkey, struct HksBlob *dhPublicKey)
+ {
+- DH *dh = EVP_PKEY_get0_DH(pkey);
++ const DH *dh = EVP_PKEY_get0_DH(pkey);
+ if (dh == NULL) {
+ HKS_LOG_E("EVP_PKEY_get0_DH error %s", ERR_reason_error_string(ERR_get_error()));
+ return HKS_ERROR_NULL_POINTER;
@@ -0,0 +1,8 @@ +29376a26959497d4524ac05369e055de build-OpenHarmony-v3.0.2-LTS.tar.gz +83c0d7402084001c405aea05948d8416 commonlibrary_c_utils-OpenHarmony-v3.1.2-Release.tar.gz +1c66700897a0aef789f4d3cf0247b0ff dsoftbus_standard-v3.1.2.2-release.tar.gz +e9b6fe59eef786bd3e9c27966a84a1c8 embedded-ipc-v1.0.1-release.tar.gz +da1bae36c7c9e03bc279a1d2127fa828 security_device_auth-OpenHarmony-v3.1.2-Release.tar.gz +35e2e21a4ed1908fb182269dac10ac68 security_huks-OpenHarmony-v3.1.2-Release.tar.gz +31fc45233bbbd3b920519fe6a0b3c478 third_party_libcoap-OpenHarmony-v3.1.2-Release.tar.gz +781377321e35f8b4c5c22fd19172bbe6 third_party_mbedtls-OpenHarmony-v3.1.2-Release.tar.gz diff --git a/third-party-cjson-0001-adapter-cjson-in-openEuler-for-softbus.patch b/third-party-cjson-0001-adapter-cjson-in-openEuler-for-softbus.patch new file mode 100644 index 0000000..5e5e975 --- /dev/null +++ b/third-party-cjson-0001-adapter-cjson-in-openEuler-for-softbus.patch @@ -0,0 +1,46 @@ +From 6c9dc0807972a3183d9348b654e46bc0126c27e6 Mon Sep 17 00:00:00 2001 +From: "beiling.xie" <xiekunxun@huawei.com> +Date: Thu, 10 Nov 2022 11:04:23 +0800 +Subject: [PATCH] adapter cjson in openEuler for softbus + +Signed-off-by: beiling.xie <xiekunxun@huawei.com> +--- + BUILD.gn | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + create mode 100755 BUILD.gn + +diff --git a/BUILD.gn b/BUILD.gn +new file mode 100755 +index 0000000..e704680 +--- /dev/null ++++ b/BUILD.gn +@@ -0,0 +1,26 @@ ++#Copyright (c) 2019-2021 Huawei Device Co., Ltd. ++#Licensed under the Apache License, Version 2.0 (the "License"); ++#you may not use this file except in compliance with the License. ++#You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++#Unless required by applicable law or agreed to in writing, software ++#distributed under the License is distributed on an "AS IS" BASIS, ++#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++#See the License for the specific language governing permissions and ++#limitations under the License. ++ ++import("//build/ohos.gni") ++import("//build/config/sysroot.gni") ++config("cJSON_config") { ++ include_dirs = [ "${sysroot}/usr/include/cjson" ] ++ libs = [ "cjson" ] ++} ++ohos_static_library("cjson_static") { ++ public_configs = [ ":cJSON_config" ] ++} ++ohos_shared_library("cjson") { ++ public_configs = [ ":cJSON_config" ] ++ subsystem_name = "hiviewdfx" ++} +-- +2.25.1 + diff --git a/third-party-mbedtls-0001-Adaptation-for-dsoftbus.patch b/third-party-mbedtls-0001-Adaptation-for-dsoftbus.patch new file mode 100644 index 0000000..afe75d4 --- /dev/null +++ b/third-party-mbedtls-0001-Adaptation-for-dsoftbus.patch @@ -0,0 +1,17 @@ +--- a/BUILD.gn ++++ b/BUILD.gn +@@ -117,12 +117,13 @@ if (defined(ohos_lite)) { + ohos_shared_library("mbedtls_shared") { + public_configs = [ ":mbedtls_config" ] + output_name = "mbedtls" +- subsystem_name = "common" ++ subsystem_name = "communication" + part_name = "dsoftbus_standard" + sources = MBEDTLS_SOURCES + } + + group("mbedtls") { ++ public_configs = [ ":mbedtls_config" ] + public_deps = [ ":mbedtls_shared" ] + } + } diff --git a/third-party-mbedtls-0002-fix-CVE-2021-43666.patch b/third-party-mbedtls-0002-fix-CVE-2021-43666.patch new file mode 100644 index 0000000..4a2cb68 --- /dev/null +++ b/third-party-mbedtls-0002-fix-CVE-2021-43666.patch @@ -0,0 +1,409 @@ +From: maoyufeng <maoyufeng3@huawei.com> +Date: Mon, 23 May 2022 14:57:48 +0800 +Subject: [PATCH] Fix issue CVE-2021-43666 + +Signed-off-by: maoyufeng <maoyufeng3@huawei.com> +--- + ChangeLog.d/fix-pkcs12-null-password.txt | 5 ++ + include/mbedtls/pkcs12.h | 34 ++++++---- + library/pkcs12.c | 82 ++++++++++++++++++------ + tests/CMakeLists.txt | 1 + + tests/scripts/all.sh | 30 +++++++++ + tests/suites/test_suite_pkcs12.data | 35 ++++++++++ + tests/suites/test_suite_pkcs12.function | 68 ++++++++++++++++++++ + 7 files changed, 223 insertions(+), 32 deletions(-) + create mode 100644 ChangeLog.d/fix-pkcs12-null-password.txt + mode change 100755 => 100644 library/pkcs12.c + create mode 100644 tests/suites/test_suite_pkcs12.data + create mode 100644 tests/suites/test_suite_pkcs12.function + +diff --git a/ChangeLog.d/fix-pkcs12-null-password.txt b/ChangeLog.d/fix-pkcs12-null-password.txt +new file mode 100644 +index 0000000000000000000000000000000000000000..a6ce140fdc3479cfac671542692ab646f7c8b5f3 +--- /dev/null ++++ b/ChangeLog.d/fix-pkcs12-null-password.txt +@@ -0,0 +1,5 @@ ++Bugfix
++ * Fix a potential invalid pointer dereference and infinite loop bugs in
++ pkcs12 functions when the password is empty. Fix the documentation to
++ better describe the inputs to these functions and their possible values.
++ Fixes #5136. +\ No newline at end of file +diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h +index 9cbcb1730559bb7d3a22a378467b9f6aa1b1c3fa..9e11e24a8d07b9e377fd49d9206fd300330bcdbf 100755 +--- a/include/mbedtls/pkcs12.h ++++ b/include/mbedtls/pkcs12.h +@@ -83,8 +83,9 @@ extern "C" { + * \brief PKCS12 Password Based function (encryption / decryption) + * for pbeWithSHAAnd128BitRC4 + * +- * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure +- * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT ++ * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure ++ * \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or ++ * #MBEDTLS_PKCS12_PBE_DECRYPT + * \param pwd the password used (may be NULL if no password is used) + * \param pwdlen length of the password (may be 0) + * \param input the input data +@@ -105,8 +106,9 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, + * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure + * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT + * \param cipher_type the cipher used +- * \param md_type the mbedtls_md used +- * \param pwd the password used (may be NULL if no password is used) ++ * \param md_type the mbedtls_md used ++ * \param pwd Latin1-encoded password used. This may only be \c NULL when ++ * \p pwdlen is 0. No null terminator should be used. + * \param pwdlen length of the password (may be 0) + * \param input the input data + * \param len data length +@@ -127,18 +129,24 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, + * to produce pseudo-random bits for a particular "purpose". + * + * Depending on the given id, this function can produce an +- * encryption/decryption key, an nitialization vector or an ++ * encryption/decryption key, an initialization vector or an + * integrity key. + * + * \param data buffer to store the derived data in +- * \param datalen length to fill +- * \param pwd password to use (may be NULL if no password is used) +- * \param pwdlen length of the password (may be 0) +- * \param salt salt buffer to use +- * \param saltlen length of the salt +- * \param mbedtls_md mbedtls_md type to use during the derivation +- * \param id id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY, +- * MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY) ++ * \param datalen length of buffer to fill ++ * \param pwd The password to use. For compliance with PKCS#12 §B.1, this ++ * should be a BMPString, i.e. a Unicode string where each ++ * character is encoded as 2 bytes in big-endian order, with ++ * no byte order mark and with a null terminator (i.e. the ++ * last two bytes should be 0x00 0x00). ++ * \param pwdlen length of the password (may be 0). ++ * \param salt Salt buffer to use This may only be \c NULL when ++ * \p saltlen is 0. ++ * \param saltlen length of the salt (may be zero) ++ * \param mbedtls_md mbedtls_md type to use during the derivation ++ * \param id id that describes the purpose (can be ++ * #MBEDTLS_PKCS12_DERIVE_KEY, #MBEDTLS_PKCS12_DERIVE_IV or ++ * #MBEDTLS_PKCS12_DERIVE_MAC_KEY) + * \param iterations number of iterations + * + * \return 0 if successful, or a MD, BIGNUM type error. +diff --git a/library/pkcs12.c b/library/pkcs12.c +old mode 100755 +new mode 100644 +index 3d23d5e354923cd01d69a479fcf572d80af540a6..05ade49e93b3d2cb8e03f7915f0ead4b79e919c4 +--- a/library/pkcs12.c ++++ b/library/pkcs12.c +@@ -209,6 +209,9 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, + mbedtls_cipher_context_t cipher_ctx; + size_t olen = 0; + ++ if( pwd == NULL && pwdlen != 0 ) ++ return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); ++ + cipher_info = mbedtls_cipher_info_from_type( cipher_type ); + if( cipher_info == NULL ) + return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); +@@ -261,12 +264,23 @@ static void pkcs12_fill_buffer( unsigned char *data, size_t data_len, + unsigned char *p = data; + size_t use_len; + +- while( data_len > 0 ) ++ if( filler != NULL && fill_len != 0 ) + { +- use_len = ( data_len > fill_len ) ? fill_len : data_len; +- memcpy( p, filler, use_len ); +- p += use_len; +- data_len -= use_len; ++ while( data_len > 0 ) ++ { ++ use_len = ( data_len > fill_len ) ? fill_len : data_len; ++ memcpy( p, filler, use_len ); ++ p += use_len; ++ data_len -= use_len; ++ } ++ } ++ else ++ { ++ /* If either of the above are not true then clearly there is nothing ++ * that this function can do. The function should *not* be called ++ * under either of those circumstances, as you could end up with an ++ * incorrect output but for safety's sake, leaving the check in as ++ * otherwise we could end up with memory corruption.*/ + } + } + +@@ -283,6 +297,8 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, + unsigned char hash_output[MBEDTLS_MD_MAX_SIZE]; + unsigned char *p; + unsigned char c; ++ int use_password = 0; ++ int use_salt = 0; + + size_t hlen, use_len, v, i; + +@@ -293,6 +309,15 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, + if( datalen > 128 || pwdlen > 64 || saltlen > 64 ) + return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); + ++ if( pwd == NULL && pwdlen != 0 ) ++ return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); ++ ++ if( salt == NULL && saltlen != 0 ) ++ return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); ++ ++ use_password = ( pwd && pwdlen != 0 ); ++ use_salt = ( salt && saltlen != 0 ); ++ + md_info = mbedtls_md_info_from_type( md_type ); + if( md_info == NULL ) + return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); +@@ -310,8 +335,15 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, + + memset( diversifier, (unsigned char) id, v ); + +- pkcs12_fill_buffer( salt_block, v, salt, saltlen ); +- pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen ); ++ if( use_salt != 0 ) ++ { ++ pkcs12_fill_buffer( salt_block, v, salt, saltlen ); ++ } ++ ++ if( use_password != 0 ) ++ { ++ pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen ); ++ } + + p = data; + while( datalen > 0 ) +@@ -323,11 +355,17 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, + if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 ) + goto exit; + +- if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 ) +- goto exit; ++ if( use_salt != 0 ) ++ { ++ if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v )) != 0 ) ++ goto exit; ++ } + +- if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 ) +- goto exit; ++ if( use_password != 0) ++ { ++ if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v )) != 0 ) ++ goto exit; ++ } + + if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 ) + goto exit; +@@ -355,22 +393,28 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, + if( ++hash_block[i - 1] != 0 ) + break; + +- // salt_block += B +- c = 0; +- for( i = v; i > 0; i-- ) ++ if( use_salt != 0 ) + { +- j = salt_block[i - 1] + hash_block[i - 1] + c; ++ // salt_block += B ++ c = 0; ++ for( i = v; i > 0; i-- ) ++ { ++ j = salt_block[i - 1] + hash_block[i - 1] + c; + c = (unsigned char) (j >> 8); + salt_block[i - 1] = j & 0xFF; ++ } + } + +- // pwd_block += B +- c = 0; +- for( i = v; i > 0; i-- ) ++ if( use_password != 0 ) + { +- j = pwd_block[i - 1] + hash_block[i - 1] + c; ++ // pwd_block += B ++ c = 0; ++ for( i = v; i > 0; i-- ) ++ { ++ j = pwd_block[i - 1] + hash_block[i - 1] + c; + c = (unsigned char) (j >> 8); + pwd_block[i - 1] = j & 0xFF; ++ } + } + } + +diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt +index a8e7523e504bc5cff9925648dd1b3bd7fb55f0cf..c5d484f924328bde2d2525b6f89e125974c3b770 100644 +--- a/tests/CMakeLists.txt ++++ b/tests/CMakeLists.txt +@@ -120,6 +120,7 @@ add_test_suite(pem) + add_test_suite(pkcs1_v15) + add_test_suite(pkcs1_v21) + add_test_suite(pkcs5) ++add_test_suite(pkcs12) + add_test_suite(pk) + add_test_suite(pkparse) + add_test_suite(pkwrite) +diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh +index 1a4de44b665f8df822adbd83bece912119bca98f..00222f379e808d8662967fdf200e18739cbabe61 100755 +--- a/tests/scripts/all.sh ++++ b/tests/scripts/all.sh +@@ -1683,6 +1683,36 @@ component_test_valgrind () { + fi + } + ++support_test_cmake_out_of_source () { ++ distrib_id="" ++ distrib_ver="" ++ distrib_ver_minor="" ++ distrib_ver_major="" ++ ++ # Attempt to parse lsb-release to find out distribution and version. If not ++ # found this should fail safe (test is supported). ++ if [[ -f /etc/lsb-release ]]; then ++ ++ while read -r lsb_line; do ++ case "$lsb_line" in ++ "DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};; ++ "DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};; ++ esac ++ done < /etc/lsb-release ++ ++ distrib_ver_major="${distrib_ver%%.*}" ++ distrib_ver="${distrib_ver#*.}" ++ distrib_ver_minor="${distrib_ver%%.*}" ++ fi ++ ++ # Running the out of source CMake test on Ubuntu 16.04 using more than one ++ # processor (as the CI does) can create a race condition whereby the build ++ # fails to see a generated file, despite that file actually having been ++ # generated. This problem appears to go away with 18.04 or newer, so make ++ # the out of source tests unsupported on Ubuntu 16.04. ++ [ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ] ++} ++ + component_test_cmake_out_of_source () { + msg "build: cmake 'out-of-source' build" + MBEDTLS_ROOT_DIR="$PWD" +diff --git a/tests/suites/test_suite_pkcs12.data b/tests/suites/test_suite_pkcs12.data +new file mode 100644 +index 0000000000000000000000000000000000000000..bda7d9921caad35c1835e0093df8a9644d4bd9cb +--- /dev/null ++++ b/tests/suites/test_suite_pkcs12.data +@@ -0,0 +1,35 @@ ++PKCS#12 derive key : MD5: Zero length password and hash
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_GIVEN_INPUT:"":USE_GIVEN_INPUT:3:"6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b":0
++
++PKCS#12 derive key: MD5: NULL password and hash
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_NULL_INPUT:"":USE_NULL_INPUT:3:"6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b":0
++
++PKCS#12 derive key: MD5: Zero length password
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_GIVEN_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"832d8502114fcccfd3de0c2b2863b1c45fb92a8db2ed1e704727b324adc267bdd66ae4918a81fa2d1ba15febfb9e6c4e":0
++
++PKCS#12 derive key: MD5: NULL password
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_NULL_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"832d8502114fcccfd3de0c2b2863b1c45fb92a8db2ed1e704727b324adc267bdd66ae4918a81fa2d1ba15febfb9e6c4e":0
++
++PKCS#12 derive key: MD5: Invalid length NULL password
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_NULL_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"":MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
++
++PKCS#12 derive key: MD5: Zero length salt
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"":USE_GIVEN_INPUT:3:"832d8502114fcccfd3de0c2b2863b1c45fb92a8db2ed1e704727b324adc267bdd66ae4918a81fa2d1ba15febfb9e6c4e":0
++
++PKCS#12 derive key: MD5: NULL salt
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"":USE_NULL_INPUT:3:"832d8502114fcccfd3de0c2b2863b1c45fb92a8db2ed1e704727b324adc267bdd66ae4918a81fa2d1ba15febfb9e6c4e":0
++
++PKCS#12 derive key: MD5: Invalid length NULL salt
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"0123456789abcdef":USE_NULL_INPUT:3:"":MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
++
++PKCS#12 derive key: MD5: Valid password and salt
++depends_on:MBEDTLS_MD5_C
++pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"46559deeee036836ab1b633ec620178d4c70eacf42f72a2ad7360c812efa09ca3d7567b489a109050345c2dc6a262995":0
+diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function +new file mode 100644 +index 0000000000000000000000000000000000000000..56b896c8253b5d9734d27b0bd7cd315b3cbc7ee7 +--- /dev/null ++++ b/tests/suites/test_suite_pkcs12.function +@@ -0,0 +1,68 @@ ++/* BEGIN_HEADER */
++#include "mbedtls/pkcs12.h"
++
++typedef enum
++{
++ USE_NULL_INPUT = 0,
++ USE_GIVEN_INPUT = 1,
++} input_usage_method_t;
++
++/* END_HEADER */
++
++/* BEGIN_DEPENDENCIES
++ * depends_on:MBEDTLS_PKCS12_C
++ * END_DEPENDENCIES
++ */
++
++/* BEGIN_CASE */
++void pkcs12_derive_key( int md_type, int key_size_arg,
++ data_t *password_arg, int password_usage,
++ data_t *salt_arg, int salt_usage,
++ int iterations,
++ data_t* expected_output, int expected_status )
++
++{
++ int ret = 0;
++ unsigned char *output_data = NULL;
++
++ unsigned char *password = NULL;
++ size_t password_len = 0;
++ unsigned char *salt = NULL;
++ size_t salt_len = 0;
++ size_t key_size = key_size_arg;
++
++ if( password_usage == USE_GIVEN_INPUT )
++ password = password_arg->x;
++
++ password_len = password_arg->len;
++
++ if( salt_usage == USE_GIVEN_INPUT )
++ salt = salt_arg->x;
++
++ salt_len = salt_arg->len;
++
++ ASSERT_ALLOC( output_data, key_size );
++
++ ret = mbedtls_pkcs12_derivation( output_data,
++ key_size,
++ password,
++ password_len,
++ salt,
++ salt_len,
++ md_type,
++ MBEDTLS_PKCS12_DERIVE_KEY,
++ iterations );
++
++ TEST_EQUAL( ret, expected_status );
++
++ if( expected_status == 0 )
++ {
++ ASSERT_COMPARE( expected_output->x, expected_output->len,
++ output_data, key_size );
++ }
++
++exit:
++ mbedtls_free( output_data );
++
++}
++/* END_CASE */ +\ No newline at end of file diff --git a/third-party-mbedtls-0002-fix-CVE-2021-45451.patch b/third-party-mbedtls-0002-fix-CVE-2021-45451.patch new file mode 100644 index 0000000..ce1251d --- /dev/null +++ b/third-party-mbedtls-0002-fix-CVE-2021-45451.patch @@ -0,0 +1,24 @@ +From: =?UTF-8?q?=E6=AF=9B=E5=AE=87=E9=94=8B?= <maoyufeng3@huawei.com> +Date: Mon, 18 Jul 2022 02:20:45 +0000 +Subject: [PATCH] [session] fix a session copy bug fix a possible double + reference on 'ticket' when peer_cert/peer_cert_digest calloc failed. + Cherry-pick from + https://github.com/Mbed-TLS/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc + +Signed-off-by: maoyufeng <maoyufeng3@huawei.com> + +diff --git a/library/ssl_tls.c b/library/ssl_tls.c +index 3c1e9175981c4c0d175af94914e4c8ebb4558fc9..962d6254353e92b8422842362f603228850184b7 100755 +--- a/library/ssl_tls.c ++++ b/library/ssl_tls.c +@@ -301,6 +301,10 @@ static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session + mbedtls_ssl_session_free( dst ); + memcpy( dst, src, sizeof( mbedtls_ssl_session ) ); + ++#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) ++ dst->ticket = NULL; ++#endif ++ + #if defined(MBEDTLS_X509_CRT_PARSE_C) + if( src->peer_cert != NULL ) + { |