libsodium: update to latest 1.0.18-stable

3 years ago · 00dbba748a
parent cd1d94711b
commit 00dbba748a
11 changed files with 167 additions and 91 deletions
--- a/release/src-rt-6.x.4708/router/libsodium/LICENSE
+++ b/release/src-rt-6.x.4708/router/libsodium/LICENSE
@ -1,7 +1,7 @@
 /*
 * ISC License
 *
- * Copyright (c) 2013-2022
+ * Copyright (c) 2013-2023
 * Frank Denis <j at pureftpd dot org>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
--- a/release/src-rt-6.x.4708/router/libsodium/build.zig
+++ b/release/src-rt-6.x.4708/router/libsodium/build.zig
@ -16,13 +16,17 @@ pub fn build(b: *std.build.Builder) !void {
    const enable_benchmarks = b.option(bool, "enable_benchmarks", "Whether tests should be benchmarks.") orelse false;
    const benchmarks_iterations = b.option(u32, "iterations", "Number of iterations for benchmarks.") orelse 200;

+    const shared = b.addSharedLibrary(
+        if (target.isWindows()) "sodium_shared" else "sodium",
+        null,
+        .unversioned,
+    );
    const static = b.addStaticLibrary("sodium", null);
-    const shared = b.addSharedLibrary("sodium", null, .unversioned);
-    static.strip = true;
    shared.strip = true;
+    static.strip = true;

-    const libs_ = [_]*LibExeObjStep{ static, shared };
-    const libs = if (target.getOsTag() == .wasi) libs_[0..1] else libs_[0..];
+    const libs_ = [_]*LibExeObjStep{ shared, static };
+    const libs = if (target.getOsTag() == .wasi) libs_[1..] else libs_[0..];

    const prebuilt_version_file_path = "builds/msvc/version.h";
    const version_file_path = "include/sodium/version.h";
--- a/release/src-rt-6.x.4708/router/libsodium/builds/msvc/properties/DebugLIB.props
+++ b/release/src-rt-6.x.4708/router/libsodium/builds/msvc/properties/DebugLIB.props
@ -12,10 +12,10 @@
  
  <ItemDefinitionGroup>
    <ClCompile>
-      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
      <LinkIncremental>true</LinkIncremental>
    </ClCompile>
  </ItemDefinitionGroup>

-</Project>
+</Project>
--- a/release/src-rt-6.x.4708/router/libsodium/builds/msvc/properties/Release.props
+++ b/release/src-rt-6.x.4708/router/libsodium/builds/msvc/properties/Release.props
@ -14,7 +14,7 @@
  <ItemDefinitionGroup>
    <ClCompile>
      <AdditionalOptions>/Oy- %(AdditionalOptions)</AdditionalOptions>
-      <!--<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>-->
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
      <FunctionLevelLinking>true</FunctionLevelLinking>
      <IntrinsicFunctions>true</IntrinsicFunctions>
      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
@ -38,4 +38,4 @@
    </ClCompile>
  </ItemDefinitionGroup>

-</Project>
+</Project>
--- a/release/src-rt-6.x.4708/router/libsodium/dist-build/apple-xcframework.sh
+++ b/release/src-rt-6.x.4708/router/libsodium/dist-build/apple-xcframework.sh
@ -36,6 +36,12 @@ echo "Warnings related to headers being present but not usable are due to functi
 echo "that didn't exist in the specified minimum iOS version level."
 echo "They can be safely ignored."
 echo
+echo "Define the LIBSODIUM_FULL_BUILD environment variable to build the full"
+echo "library (including all deprecated/undocumented/low-level functions)."
+echo
+echo "Define the LIBSODIUM_SKIP_SIMULATORS environment variable to skip building"
+echo "the simulators libraries (iOS, watchOS, tvOS simulators)."
+echo

 if [ -z "$LIBSODIUM_FULL_BUILD" ]; then
  export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal"
@ -286,23 +292,29 @@ build_catalyst() {
 }

 mkdir -p "${PREFIX}/tmp"
+
 echo "Building for macOS..."
 build_macos >"$LOG_FILE" 2>&1 || exit 1
 echo "Building for iOS..."
 build_ios >"$LOG_FILE" 2>&1 || exit 1
-echo "Building for the iOS simulator..."
-build_ios_simulator >"$LOG_FILE" 2>&1 || exit 1
 echo "Building for watchOS..."
 build_watchos >"$LOG_FILE" 2>&1 || exit 1
-echo "Building for the watchOS simulator..."
-build_watchos_simulator >"$LOG_FILE" 2>&1 || exit 1
 echo "Building for tvOS..."
 build_tvos >"$LOG_FILE" 2>&1 || exit 1
-echo "Building for the tvOS simulator..."
-build_tvos_simulator >"$LOG_FILE" 2>&1 || exit 1
 echo "Building for Catalyst..."
 build_catalyst >"$LOG_FILE" 2>&1 || exit 1

+if [ -z "$LIBSODIUM_SKIP_SIMULATORS" ]; then
+  echo "Building for the iOS simulator..."
+  build_ios_simulator >"$LOG_FILE" 2>&1 || exit 1
+  echo "Building for the watchOS simulator..."
+  build_watchos_simulator >"$LOG_FILE" 2>&1 || exit 1
+  echo "Building for the tvOS simulator..."
+  build_tvos_simulator >"$LOG_FILE" 2>&1 || exit 1
+  else
+  echo "[Skipping the simulators]"
+fi
+
 echo "Adding the Clibsodium module map for Swift..."

 find "$PREFIX" -name "include" -type d -print | while read -r f; do
@ -338,25 +350,6 @@ for ext in a dylib; do
    -output "$PREFIX/ios/lib/libsodium.${ext}"
 done

-echo "Bundling iOS simulators..."
-
-mkdir -p "${PREFIX}/ios-simulators/lib"
-cp -a "${IOS_SIMULATOR_X86_64_PREFIX}/include" "${PREFIX}/ios-simulators/"
-for ext in a dylib; do
-  if [ "$APPLE_SILICON_SUPPORTED" = "true" ]; then
-    lipo -create \
-      "${IOS_SIMULATOR_ARM64_PREFIX}/lib/libsodium.${ext}" \
-      "${IOS_SIMULATOR_I386_PREFIX}/lib/libsodium.${ext}" \
-      "${IOS_SIMULATOR_X86_64_PREFIX}/lib/libsodium.${ext}" \
-      -output "${PREFIX}/ios-simulators/lib/libsodium.${ext}" || exit 1
-  else
-    lipo -create \
-      "${IOS_SIMULATOR_I386_PREFIX}/lib/libsodium.${ext}" \
-      "${IOS_SIMULATOR_X86_64_PREFIX}/lib/libsodium.${ext}" \
-      -output "${PREFIX}/ios-simulators/lib/libsodium.${ext}" || exit 1
-  fi
-done
-
 echo "Bundling watchOS targets..."

 mkdir -p "${PREFIX}/watchos/lib"
@ -369,25 +362,6 @@ for ext in a dylib; do
    -output "${PREFIX}/watchos/lib/libsodium.${ext}"
 done

-echo "Bundling watchOS simulators..."
-
-mkdir -p "${PREFIX}/watchos-simulators/lib"
-cp -a "${WATCHOS_SIMULATOR_X86_64_PREFIX}/include" "${PREFIX}/watchos-simulators/"
-for ext in a dylib; do
-  if [ "$APPLE_SILICON_SUPPORTED" = "true" ]; then
-    lipo -create \
-      "${WATCHOS_SIMULATOR_ARM64_PREFIX}/lib/libsodium.${ext}" \
-      "${WATCHOS_SIMULATOR_I386_PREFIX}/lib/libsodium.${ext}" \
-      "${WATCHOS_SIMULATOR_X86_64_PREFIX}/lib/libsodium.${ext}" \
-      -output "${PREFIX}/watchos-simulators/lib/libsodium.${ext}"
-  else
-    lipo -create \
-      "${WATCHOS_SIMULATOR_I386_PREFIX}/lib/libsodium.${ext}" \
-      "${WATCHOS_SIMULATOR_X86_64_PREFIX}/lib/libsodium.${ext}" \
-      -output "${PREFIX}/watchos-simulators/lib/libsodium.${ext}"
-  fi
-done
-
 echo "Bundling tvOS targets..."

 mkdir -p "${PREFIX}/tvos/lib"
@ -398,23 +372,6 @@ for ext in a dylib; do
    -output "$PREFIX/tvos/lib/libsodium.${ext}"
 done

-echo "Bundling tvOS simulators..."
-
-mkdir -p "${PREFIX}/tvos-simulators/lib"
-cp -a "${TVOS_SIMULATOR_X86_64_PREFIX}/include" "${PREFIX}/tvos-simulators/"
-for ext in a dylib; do
-  if [ "$APPLE_SILICON_SUPPORTED" = "true" ]; then
-    lipo -create \
-      "${TVOS_SIMULATOR_ARM64_PREFIX}/lib/libsodium.${ext}" \
-      "${TVOS_SIMULATOR_X86_64_PREFIX}/lib/libsodium.${ext}" \
-      -output "${PREFIX}/tvos-simulators/lib/libsodium.${ext}" || exit 1
-  else
-    lipo -create \
-      "${TVOS_SIMULATOR_X86_64_PREFIX}/lib/libsodium.${ext}" \
-      -output "${PREFIX}/tvos-simulators/lib/libsodium.${ext}" || exit 1
-  fi
-done
-
 echo "Bundling Catalyst targets..."

 mkdir -p "${PREFIX}/catalyst/lib"
@ -435,15 +392,78 @@ for ext in a dylib; do
  fi
 done

+if [ -z "$LIBSODIUM_SKIP_SIMULATORS" ]; then
+  echo "Bundling iOS simulators..."
+
+  mkdir -p "${PREFIX}/ios-simulators/lib"
+  cp -a "${IOS_SIMULATOR_X86_64_PREFIX}/include" "${PREFIX}/ios-simulators/"
+  for ext in a dylib; do
+    if [ "$APPLE_SILICON_SUPPORTED" = "true" ]; then
+      lipo -create \
+        "${IOS_SIMULATOR_ARM64_PREFIX}/lib/libsodium.${ext}" \
+        "${IOS_SIMULATOR_I386_PREFIX}/lib/libsodium.${ext}" \
+        "${IOS_SIMULATOR_X86_64_PREFIX}/lib/libsodium.${ext}" \
+        -output "${PREFIX}/ios-simulators/lib/libsodium.${ext}" || exit 1
+    else
+      lipo -create \
+        "${IOS_SIMULATOR_I386_PREFIX}/lib/libsodium.${ext}" \
+        "${IOS_SIMULATOR_X86_64_PREFIX}/lib/libsodium.${ext}" \
+        -output "${PREFIX}/ios-simulators/lib/libsodium.${ext}" || exit 1
+    fi
+  done
+
+  echo "Bundling watchOS simulators..."
+
+  mkdir -p "${PREFIX}/watchos-simulators/lib"
+  cp -a "${WATCHOS_SIMULATOR_X86_64_PREFIX}/include" "${PREFIX}/watchos-simulators/"
+  for ext in a dylib; do
+    if [ "$APPLE_SILICON_SUPPORTED" = "true" ]; then
+      lipo -create \
+        "${WATCHOS_SIMULATOR_ARM64_PREFIX}/lib/libsodium.${ext}" \
+        "${WATCHOS_SIMULATOR_I386_PREFIX}/lib/libsodium.${ext}" \
+        "${WATCHOS_SIMULATOR_X86_64_PREFIX}/lib/libsodium.${ext}" \
+        -output "${PREFIX}/watchos-simulators/lib/libsodium.${ext}"
+    else
+      lipo -create \
+        "${WATCHOS_SIMULATOR_I386_PREFIX}/lib/libsodium.${ext}" \
+        "${WATCHOS_SIMULATOR_X86_64_PREFIX}/lib/libsodium.${ext}" \
+        -output "${PREFIX}/watchos-simulators/lib/libsodium.${ext}"
+    fi
+  done
+
+  echo "Bundling tvOS simulators..."
+
+  mkdir -p "${PREFIX}/tvos-simulators/lib"
+  cp -a "${TVOS_SIMULATOR_X86_64_PREFIX}/include" "${PREFIX}/tvos-simulators/"
+  for ext in a dylib; do
+    if [ "$APPLE_SILICON_SUPPORTED" = "true" ]; then
+      lipo -create \
+        "${TVOS_SIMULATOR_ARM64_PREFIX}/lib/libsodium.${ext}" \
+        "${TVOS_SIMULATOR_X86_64_PREFIX}/lib/libsodium.${ext}" \
+        -output "${PREFIX}/tvos-simulators/lib/libsodium.${ext}" || exit 1
+    else
+      lipo -create \
+        "${TVOS_SIMULATOR_X86_64_PREFIX}/lib/libsodium.${ext}" \
+        -output "${PREFIX}/tvos-simulators/lib/libsodium.${ext}" || exit 1
+    fi
+  done
+fi
+
 echo "Creating Clibsodium.xcframework..."

 rm -rf "${PREFIX}/Clibsodium.xcframework"

 XCFRAMEWORK_ARGS=""
-for f in macos ios ios-simulators watchos watchos-simulators tvos tvos-simulators catalyst; do
+for f in macos ios watchos tvos catalyst; do
  XCFRAMEWORK_ARGS="${XCFRAMEWORK_ARGS} -library ${PREFIX}/${f}/lib/libsodium.a"
  XCFRAMEWORK_ARGS="${XCFRAMEWORK_ARGS} -headers ${PREFIX}/${f}/include"
 done
+if [ -z "$LIBSODIUM_SKIP_SIMULATORS" ]; then
+  for f in ios-simulators watchos-simulators tvos-simulators; do
+    XCFRAMEWORK_ARGS="${XCFRAMEWORK_ARGS} -library ${PREFIX}/${f}/lib/libsodium.a"
+    XCFRAMEWORK_ARGS="${XCFRAMEWORK_ARGS} -headers ${PREFIX}/${f}/include"
+  done
+fi
 xcodebuild -create-xcframework \
  ${XCFRAMEWORK_ARGS} \
  -output "${PREFIX}/Clibsodium.xcframework" >/dev/null
--- a/release/src-rt-6.x.4708/router/libsodium/dist-build/wasm32-wasi.sh
+++ b/release/src-rt-6.x.4708/router/libsodium/dist-build/wasm32-wasi.sh
@ -16,7 +16,7 @@ make distclean >/dev/null

 if [ "x$1" = "x--bench" ]; then
  export BENCHMARKS=1
-  export CPPFLAGS="-DBENCHMARKS -DITERATIONS=100"
+  export CPPFLAGS="-DBENCHMARKS -DITERATIONS=200"
 else
  export CPPFLAGS="-DED25519_NONDETERMINISTIC=1"
 fi
--- a/release/src-rt-6.x.4708/router/libsodium/src/libsodium/sodium/utils.c
+++ b/release/src-rt-6.x.4708/router/libsodium/src/libsodium/sodium/utils.c
@ -616,7 +616,7 @@ _sodium_malloc(const size_t size)
    memcpy(unprotected_ptr + unprotected_size, canary, sizeof canary);
 # endif
    _mprotect_noaccess(unprotected_ptr + unprotected_size, page_size);
-    sodium_mlock(unprotected_ptr, unprotected_size);
+    (void) sodium_mlock(unprotected_ptr, unprotected_size); /* not a hard error in the context of sodium_malloc() */
    canary_ptr =
        unprotected_ptr + _page_round(size_with_canary) - size_with_canary;
    user_ptr = canary_ptr + sizeof canary;
@ -686,7 +686,7 @@ sodium_free(void *ptr)
        _out_of_bounds();
    }
 # endif
-    sodium_munlock(unprotected_ptr, unprotected_size);
+    (void) sodium_munlock(unprotected_ptr, unprotected_size);
    _free_aligned(base_ptr, total_size);
 }
 #endif /* HAVE_ALIGNED_MALLOC */
--- a/release/src-rt-6.x.4708/router/libsodium/test/default/pwhash_argon2i.c
+++ b/release/src-rt-6.x.4708/router/libsodium/test/default/pwhash_argon2i.c
@ -290,10 +290,24 @@ str_tests(void)
        -1) {
        printf("pwhash_str() with a small opslimit should have failed\n");
    }
-    if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
-                                         "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
-                                         "password", 0x100000000ULL) != -1) {
-        printf("pwhash_str_verify(invalid(0)) failure\n");
+    {
+        const char *str_in_ = "$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
+            "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ";
+        char       *str_in = (char *) sodium_malloc(strlen(str_in_) + 1U);
+
+        const char *password_in_ = "password";
+        char       *password_in = (char *) sodium_malloc(strlen(password_in_) + 1U);
+
+        memcpy(str_in, str_in_, strlen(str_in_) + 1U);
+        memcpy(password_in, password_in_, strlen(password_in_) + 1U);
+
+        if (crypto_pwhash_argon2i_str_verify(str_in, password_in,
+                                             0x100000000ULL) != -1) {
+            printf("pwhash_str_verify(invalid(0)) failure\n");
+        }
+
+        sodium_free(password_in);
+        sodium_free(str_in);
    }
    if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
                                 "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
--- a/release/src-rt-6.x.4708/router/libsodium/test/default/pwhash_argon2id.c
+++ b/release/src-rt-6.x.4708/router/libsodium/test/default/pwhash_argon2id.c
@ -304,10 +304,24 @@ str_tests(void)
    if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 0, MEMLIMIT) != -1) {
        printf("pwhash_argon2id_str() with a null opslimit should have failed\n");
    }
-    if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1c29tZXNhbHQ"
-                                 "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
-                                 "password", 0x100000000ULL) != -1) {
-        printf("pwhash_str_verify(invalid(0)) failure\n");
+    {
+        const char *str_in_ ="$argon2id$m=65536,t=2,p=1c29tZXNhbHQ"
+            "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ";
+        char       *str_in = (char *) sodium_malloc(strlen(str_in_) + 1U);
+
+        const char *password_in_ = "password";
+        char       *password_in = (char *) sodium_malloc(strlen(password_in_) + 1U);
+
+        memcpy(str_in, str_in_, strlen(str_in_) + 1U);
+        memcpy(password_in, password_in_, strlen(password_in_) + 1U);
+
+        if (crypto_pwhash_argon2i_str_verify(str_in, password_in,
+                                             0x100000000ULL) != -1) {
+            printf("pwhash_str_verify(invalid(0)) failure\n");
+        }
+
+        sodium_free(password_in);
+        sodium_free(str_in);
    }
    if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1c29tZXNhbHQ"
                                 "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
--- a/release/src-rt-6.x.4708/router/libsodium/test/default/sodium_core.c
+++ b/release/src-rt-6.x.4708/router/libsodium/test/default/sodium_core.c
@ -31,11 +31,11 @@ main(void)
    (void) sodium_runtime_has_rdrand();

    sodium_set_misuse_handler(misuse_handler);
-#ifndef __EMSCRIPTEN__
+#if defined(__EMSCRIPTEN__) || defined(__wasm__) || defined(BENCHMARKS)
+    printf("misuse_handler()\n");
+#else
    sodium_misuse();
    printf("Misuse handler returned\n");
-#else
-    printf("misuse_handler()\n");
 #endif

    return 0;
--- a/release/src-rt-6.x.4708/router/libsodium/test/default/wasi-test-wrapper.sh
+++ b/release/src-rt-6.x.4708/router/libsodium/test/default/wasi-test-wrapper.sh
@ -34,18 +34,37 @@ if [ -z "$WASI_RUNTIME" ] || [ "$WASI_RUNTIME" = "wavm" ]; then
  fi
 fi

+if [ -z "$WASI_RUNTIME" ] || [ "$WASI_RUNTIME" = "bun" ]; then
+  if echo | bun help >/dev/null 2>&1; then
+    {
+      echo "import fs from 'fs'; import { init, WASI } from '@wasmer/wasi';"
+      echo "await init();"
+      echo "const wasi = new WASI({args: process.argv, env: process.env, preopens: {'.':'/'}});"
+      echo "await (async function() {"
+      echo "  const wasm = await WebAssembly.compile(fs.readFileSync('${1}'));"
+      echo "  await wasi.instantiate(wasm, {});"
+      echo "  wasi.start();"
+      echo "  console.log(wasi.getStdoutString());"
+      echo "})().catch(e => { console.error(e); process.exit(1); });"
+    } >"${1}.mjs"
+    bun run "${1}.mjs" 2>/tmp/err &&
+      rm -f "${1}.mjs" && exit 0
+  fi
+fi
+
 if [ -z "$WASI_RUNTIME" ] || [ "$WASI_RUNTIME" = "node" ]; then
  if echo | node --experimental-wasi-unstable-preview1 >/dev/null 2>&1; then
    {
      echo "import fs from 'fs'; import { WASI } from 'wasi';"
      echo "const wasi = new WASI({args: process.argv, env: process.env, preopens: {'.':'.'}});"
      echo "const importObject = { wasi_snapshot_preview1: wasi.wasiImport };"
-      echo "const wasm = await WebAssembly.compile(fs.readFileSync('${1}'));"
-      echo "const instance = await WebAssembly.instantiate(wasm, importObject);"
-      echo "wasi.start(instance);"
+      echo "await (async function() {"
+      echo "  const wasm = await WebAssembly.compile(fs.readFileSync('${1}'));"
+      echo "  const instance = await WebAssembly.instantiate(wasm, importObject);"
+      echo "  wasi.start(instance);"
+      echo "})().catch(e => { console.error(e); process.exit(1); });"
    } >"${1}.mjs"
-    cat "${1}.mjs" >/tmp/a
-    node --experimental-wasi-unstable-preview1 "${1}.mjs" 2>/tmp/err &&
+    node --experimental-wasm-bigint --experimental-wasi-unstable-preview1 "${1}.mjs" 2>/tmp/err &&
      rm -f "${1}.mjs" && exit 0
  fi
 fi
@ -58,7 +77,12 @@ fi

 if [ -z "$WASI_RUNTIME" ] || [ "$WASI_RUNTIME" = "iwasm" ]; then
  if iwasm | grep -qi wasi >/dev/null 2>&1; then
-    iwasm "$1" && exit 0
+    if wamrc --version; then
+      wamrc -o "${1}.o" "$1" >/dev/null &&
+        iwasm --dir=. "${1}.o" && exit 0
+    else
+      iwasm --dir=. "$1" && exit 0
+    fi
  fi
 fi