s2n-tls: disable unsupported feature (post-quantum cryptography) on mips64

[ghost]

S2N_NO_PQ is not supported on mips64. This patch disables it on that platform. This is needed because s2n-tls is used by aws, which is used by nix, which is used by nixpkgs. This patch is needed in order to complete the bootstrap.

Motivation for this change

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • mips64el-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.05 Release Notes (or backporting 21.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[ghost]

Latest push rebases and adds a commit message, no other changes.

[ghost]

Rebased. #161158 has been merged, so this is usable now.

[ghost]

Ping...

[ghost]

@SuperSandro2000, would you mind taking a look at this?

This package is needed in order for nixpkgs to be used to build nix itself -- I think of this as the "second half" of the bootstrapping process.

This commit disables an extremely-experimental feature (post-quantum cryptographic algorithms) when building on a platform that nixpkgs does not yet support; the risk of causing regressions is tiny or zero.

Like most cryptographic codes, the implementation of this feature uses lots of architecture-specific code to make things go faster (or to make them go slower, but execute in constant time). It would not surprise me if they hadn't gotten around to writing mips64 versions of these routines.

This flag is recommended by the s2n-tls codebase itself, which says "S2N_NO_PQ Disables all Post Quantum Crypto code. You likely want this for older compilers or uncommon platforms."

I tried S2N_NO_PQ_ASM but that did not work. Even with S2N_NO_PQ_ASM the build complains:

/build/source/pq-crypto/sike_r3/sikep434r3.h:53:6: error: #error -- "Unsupported ARCHITECTURE"
   53 |     #error -- "Unsupported ARCHITECTURE"

I suspect that maintainers are not jumping at the chance to merge this PR because they aren't experts on post-quantum cryptography. I'm not either. But I don't think it's necessary to be one in order to merge this -- the source code specifically recommends -DS2N_NO_PQ=ON as a way to get around build problems on "uncommon platforms" like mips64.

If time-travelers from the future use their quantum computer to break all of nixpkgs' cryptography, you can blame me.