Unverified Commit 0ef295ba authored by 7c6f434c's avatar 7c6f434c Committed by GitHub
Browse files

botan: 3.6.1 -> 3.8.1 (#404895)

parents e3343883 2b4f6265

pkgs/by-name/es/esdm/package.nix

+4 −7
Original line number Diff line number Diff line
@@ -23,13 +23,13 @@ 
  drngChaCha20 ? false, # set the default drng callback

  ais2031 ? false, # set the seeding strategy to be compliant with AIS 20/31

  sp80090c ? false, # set compliance with NIST SP800-90C

  cryptoBackend ? "botan", # set backend for hash and drbg operations

  cryptoBackend ? "builtin", # set backend for hash and drbg operations

  linuxDevFiles ? true, # enable linux /dev/random and /dev/urandom support

  linuxGetRandom ? true, # enable linux getrandom support

  hashSha512 ? false, # set the conditioning hash: SHA2-512

  hashSha3_512 ? true, # set the conditioning hash: SHA3-512

  openSSLRandProvider ? true, # build ESDM provider for OpenSSL 3.x

  botanRng ? true, # build ESDM class for Botan 3.x

  openSSLRandProvider ? false, # build ESDM provider for OpenSSL 3.x

  botanRng ? false, # build ESDM class for Botan 3.x



  # client-related options (handle with care, consult source code and meson options)

  # leave as is if in doubt
@@ -56,10 +56,7 @@ 


assert drngHashDrbg != drngChaCha20;

assert hashSha512 != hashSha3_512;

assert

  cryptoBackend == "openssl"

  || cryptoBackend == "botan"

  || cryptoBackend == "builtin" "Unsupported ESDM crypto backend";

assert cryptoBackend == "openssl" || cryptoBackend == "botan" || cryptoBackend == "builtin";



stdenv.mkDerivation rec {

  pname = "esdm";

pkgs/development/libraries/botan/default.nix

+36 −3
Original line number Diff line number Diff line
@@ -7,9 +7,23 @@ 
  bzip2,

  zlib,

  jitterentropy,

  darwin,

  esdm,

  tpm2-tss,

  static ? stdenv.hostPlatform.isStatic, # generates static libraries *only*



  # build ESDM RNG plugin

  with_esdm ? false,

  # useful, but have to disable tests for now, as /dev/tpmrm0 is not accessible

  with_tpm2 ? false,

  # only allow BSI approved algorithms, FFI and SHAKE for XMSS

  with_bsi_policy ? false,

  # only allow NIST approved algorithms

  with_fips140_policy ? false,

}:



assert (!with_bsi_policy && !with_fips140_policy) || (with_bsi_policy != with_fips140_policy);



let

  common =

    {
@@ -50,9 +64,14 @@ let 
          bzip2

          zlib

        ]



        ++ lib.optionals (stdenv.hostPlatform.isLinux && with_tpm2) [

          tpm2-tss

        ]

        ++ lib.optionals (lib.versionAtLeast version "3.6.0") [

          jitterentropy

        ]

        ++ lib.optionals (lib.versionAtLeast version "3.7.0" && with_esdm) [

          esdm

        ];



      buildTargets =
@@ -77,8 +96,22 @@ let 
        ++ lib.optionals stdenv.cc.isClang [

          "--cc=clang"

        ]

        ++ lib.optionals (stdenv.hostPlatform.isLinux && with_tpm2) [

          "--with-tpm2"

        ]

        ++ lib.optionals (lib.versionAtLeast version "3.6.0") [

          "--enable-modules=jitter_rng"

        ]

        ++ lib.optionals (lib.versionAtLeast version "3.7.0" && with_esdm) [

          "--enable-modules=esdm_rng"

        ]

        ++ lib.optionals (lib.versionAtLeast version "3.8.0" && with_bsi_policy) [

          "--module-policy=bsi"

          "--enable-module=ffi"

          "--enable-module=shake"

        ]

        ++ lib.optionals (lib.versionAtLeast version "3.8.0" && with_fips140_policy) [

          "--module-policy=fips140"

        ];



      configurePhase = ''
@@ -115,8 +148,8 @@ let 
in

{

  botan3 = common {

    version = "3.6.1";

    hash = "sha256-fLhXXYjSMsdxdHadf54ku0REQWBYWYbuvWbnScuakIk=";

    version = "3.8.1";

    hash = "sha256-sDloHUuGGi9YU3Rti6gG9VPiOGntctie2/o8Pb+hfmg=";

  };



  botan2 = common {