From 4672375eafb9331d9aab45f16c7d480b48806c58 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 25 Oct 2024 16:30:07 +0300 Subject: [PATCH] import liboqs-0.11.0-2.el10 --- .gitignore | 1 + .liboqs.metadata | 1 + SOURCES/liboqs-0.10.0-std-stricter.patch | 14 +++ SOURCES/liboqs-0.11.0-acvp_patch.patch | 43 +++++++ SPECS/liboqs.spec | 149 +++++++++++++++++++++++ 5 files changed, 208 insertions(+) create mode 100644 .gitignore create mode 100644 .liboqs.metadata create mode 100644 SOURCES/liboqs-0.10.0-std-stricter.patch create mode 100644 SOURCES/liboqs-0.11.0-acvp_patch.patch create mode 100644 SPECS/liboqs.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e5db735 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/0.11.0.tar.gz diff --git a/.liboqs.metadata b/.liboqs.metadata new file mode 100644 index 0000000..19684b3 --- /dev/null +++ b/.liboqs.metadata @@ -0,0 +1 @@ +19185a624087dc09a0164674cf3a7487898e2b5a SOURCES/0.11.0.tar.gz diff --git a/SOURCES/liboqs-0.10.0-std-stricter.patch b/SOURCES/liboqs-0.10.0-std-stricter.patch new file mode 100644 index 0000000..e35745a --- /dev/null +++ b/SOURCES/liboqs-0.10.0-std-stricter.patch @@ -0,0 +1,14 @@ +diff -up liboqs-0.10.0/.CMake/alg_support.cmake.xxx liboqs-0.10.0/.CMake/alg_support.cmake +--- liboqs-0.10.0/.CMake/alg_support.cmake.xxx 2024-05-06 05:52:52.668502602 -0400 ++++ liboqs-0.10.0/.CMake/alg_support.cmake 2024-05-06 05:57:03.715008552 -0400 +@@ -182,6 +182,10 @@ elseif (${OQS_ALGS_ENABLED} STREQUAL "ST + ##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_LIST_STANDARDIZED_ALGS_START + filter_algs("KEM_ml_kem_512;KEM_ml_kem_768;KEM_ml_kem_1024;SIG_ml_dsa_44;SIG_ml_dsa_65;SIG_ml_dsa_87;SIG_falcon_512;SIG_falcon_1024;SIG_falcon_padded_512;SIG_falcon_padded_1024;SIG_sphincs_sha2_128f_simple;SIG_sphincs_sha2_128s_simple;SIG_sphincs_sha2_192f_simple;SIG_sphincs_sha2_192s_simple;SIG_sphincs_sha2_256f_simple;SIG_sphincs_sha2_256s_simple;SIG_sphincs_shake_128f_simple;SIG_sphincs_shake_128s_simple;SIG_sphincs_shake_192f_simple;SIG_sphincs_shake_192s_simple;SIG_sphincs_shake_256f_simple;SIG_sphincs_shake_256s_simple") + ##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_LIST_STANDARDIZED_ALGS_END ++elseif (${OQS_ALGS_ENABLED} STREQUAL "NIST_2024") ++##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_LIST_STANDARDIZED_ALGS_START ++ filter_algs("KEM_ml_kem_768;KEM_ml_kem_1024;SIG_ml_dsa_44;SIG_ml_dsa_65;SIG_ml_dsa_87;SIG_sphincs_sha2_128f_simple;SIG_sphincs_sha2_128s_simple;SIG_sphincs_sha2_192f_simple;SIG_sphincs_sha2_192s_simple;SIG_sphincs_sha2_256f_simple;SIG_sphincs_sha2_256s_simple;SIG_sphincs_shake_128f_simple;SIG_sphincs_shake_128s_simple;SIG_sphincs_shake_192f_simple;SIG_sphincs_shake_192s_simple;SIG_sphincs_shake_256f_simple;SIG_sphincs_shake_256s_simple") ++##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_LIST_STANDARDIZED_ALGS_END + elseif(${OQS_ALGS_ENABLED} STREQUAL "NIST_R4") + filter_algs("KEM_classic_mceliece_348864;KEM_classic_mceliece_348864f;KEM_classic_mceliece_460896;KEM_classic_mceliece_460896f;KEM_classic_mceliece_6688128;KEM_classic_mceliece_6688128f;KEM_classic_mceliece_6960119;KEM_classic_mceliece_6960119f;KEM_classic_mceliece_8192128;KEM_classic_mceliece_8192128f;KEM_hqc_128;KEM_hqc_192;KEM_hqc_256;KEM_bike_l1;KEM_bike_l3;KEM_bike_l5") + elseif(${OQS_ALGS_ENABLED} STREQUAL "NIST_SIG_ONRAMP") diff --git a/SOURCES/liboqs-0.11.0-acvp_patch.patch b/SOURCES/liboqs-0.11.0-acvp_patch.patch new file mode 100644 index 0000000..65afed3 --- /dev/null +++ b/SOURCES/liboqs-0.11.0-acvp_patch.patch @@ -0,0 +1,43 @@ +diff --git a/tests/test_acvp_vectors.py b/tests/test_acvp_vectors.py +index 4eee4b810..ddd64003c 100644 +--- a/tests/test_acvp_vectors.py ++++ b/tests/test_acvp_vectors.py +@@ -36,9 +36,10 @@ def test_acvp_vec_kem_keygen(kem_name): + z = testCase["z"] + pk = testCase["ek"] + sk = testCase["dk"] +- ++ ++ build_dir = helpers.get_current_build_dir_name() + helpers.run_subprocess( +- ['build/tests/vectors_kem', kem_name, "keyGen", d+z, pk, sk] ++ [f'{build_dir}/tests/vectors_kem', kem_name, "keyGen", d+z, pk, sk] + ) + + assert(variantFound == True) +@@ -66,9 +67,10 @@ def test_acvp_vec_kem_encdec_aft(kem_name): + #expected results + k = testCase["k"] + c = testCase["c"] +- ++ ++ build_dir = helpers.get_current_build_dir_name() + helpers.run_subprocess( +- ['build/tests/vectors_kem', kem_name, "encDecAFT", m, pk, k, c] ++ [f'{build_dir}/tests/vectors_kem', kem_name, "encDecAFT", m, pk, k, c] + ) + + assert(variantFound == True) +@@ -94,9 +96,10 @@ def test_acvp_vec_kem_encdec_val(kem_name): + c = testCase["c"] + #expected results + k = testCase["k"] +- ++ ++ build_dir = helpers.get_current_build_dir_name() + helpers.run_subprocess( +- ['build/tests/vectors_kem', kem_name, "encDecVAL", sk, k, c] ++ [f'{build_dir}/tests/vectors_kem', kem_name, "encDecVAL", sk, k, c] + ) + + assert(variantFound == True) diff --git a/SPECS/liboqs.spec b/SPECS/liboqs.spec new file mode 100644 index 0000000..d655e25 --- /dev/null +++ b/SPECS/liboqs.spec @@ -0,0 +1,149 @@ +%global oqs_version 0.11.0 +Name: liboqs +Version: %{oqs_version} +Release: 2%{?dist} +Summary: liboqs is an open source C library for quantum-safe cryptographic algorithms. + +#liboqs uses MIT license by itself but includes several files licensed under different terms. +#src/common/crypto/sha3/xkcp_low/.../KeccakP-1600-AVX2.s : BSD-like CRYPTOGAMS license +#src/common/rand/rand_nist.c: See file +#see https://github.com/open-quantum-safe/liboqs/blob/main/README.md#license for more details +License: MIT AND Apache-2.0 AND BSD-3-Clause AND (BSD-3-Clause OR GPL-1.0-or-later) AND CC0-1.0 AND Unlicense +URL: https://github.com/open-quantum-safe/liboqs.git +Source: https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{oqs_version}.tar.gz +Patch1: liboqs-0.11.0-acvp_patch.patch +Patch2: liboqs-0.10.0-std-stricter.patch + +BuildRequires: ninja-build +BuildRequires: cmake +BuildRequires: gcc +BuildRequires: openssl-devel +BuildRequires: python3-pytest +%if %{undefined rhel} +BuildRequires: python3-pytest-xdist +%endif +BuildRequires: unzip +BuildRequires: xsltproc +#BuildRequires: doxygen +BuildRequires: graphviz +BuildRequires: python3-yaml +BuildRequires: valgrind + +%description +liboqs provides: + - a collection of open source implementations of quantum-safe key encapsulation mechanism (KEM) and digital signature algorithms; the full list can be found below + - a common API for these algorithms + - a test harness and benchmarking routines +liboqs is part of the Open Quantum Safe (OQS) project led by Douglas Stebila and Michele Mosca, which aims to develop and integrate into applications quantum-safe cryptography to facilitate deployment and testing in real world contexts. In particular, OQS provides prototype integrations of liboqs into TLS and SSH, through OpenSSL and OpenSSH. + +%package devel +Summary: Development libraries for liboqs +Requires: liboqs%{?_isa} = %{version}-%{release} + +%description devel +Header and Library files for doing development with liboqs. + +%prep +%setup -T -b 0 -q -n liboqs-%{oqs_version} +%autopatch -p1 +#hobble +rm -rf src/kem/bike +rm -rf src/kem/bike/additional_r4 +rm -rf src/kem/classic_mceliece +rm -rf src/kem/frodokem +rm -rf src/kem/hqc +rm -rf src/kem/ntruprime +# code_conventions is for upstream CI, requires astyle +# pytest-xdist is not available in RHEL due to dependencies +sed -e '/COMMAND.*pytest/s|$| --ignore tests/test_code_conventions.py|' \ +%if %{defined rhel} + -e 's/--numprocesses=auto//' \ +%endif + -i tests/CMakeLists.txt + +%build +%cmake -GNinja -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_AES_INSTRUCTIONS=OFF -DOQS_DIST_BUILD=ON -DOQS_ALGS_ENABLED=NIST_2024 -DOQS_USE_SHA3_OPENSSL=ON -DOQS_DLOPEN_OPENSSL=ON -DCMAKE_BUILD_TYPE=Debug -LAH .. +%cmake_build +#ninja gen_docs + +%check +cd "%{_vpath_builddir}" +ninja run_tests + +%install +%cmake_install +for i in liboqsTargets.cmake liboqsTargets-debug.cmake +do + cp $RPM_BUILD_ROOT/%{_libdir}/cmake/liboqs/$i /tmp/$i + sed -e "s;$RPM_BUILD_ROOT;;g" /tmp/$i > $RPM_BUILD_ROOT/%{_libdir}/cmake/liboqs/$i + rm /tmp/$i +done + +%files +%license LICENSE.txt +%{_libdir}/liboqs.so.%{oqs_version} +%{_libdir}/liboqs.so.6 + +%files devel +%{_libdir}/liboqs.so +%dir %{_includedir}/oqs +%{_includedir}/oqs/* +%dir %{_libdir}/cmake/liboqs +%{_libdir}/cmake/liboqs/liboqsTargets.cmake +%{_libdir}/cmake/liboqs/liboqsTargets-debug.cmake +%{_libdir}/cmake/liboqs/liboqsConfig.cmake +%{_libdir}/cmake/liboqs/liboqsConfigVersion.cmake +%{_libdir}/pkgconfig/liboqs.pc +#%dir %%{_datadir}/doc/oqs +#%doc %%{_datadir}/doc/oqs/html/* +#%doc %%{_datadir}/doc/oqs/xml/* + +%changelog +* Fri Oct 04 2024 Dmitry Belyavskiy - 0.11.0-2 +- Removing Falcon from supported algorithms + Related: RHEL-56152 + +* Mon Sep 30 2024 Dmitry Belyavskiy - 0.11.0-1 +- Update to 0.11.0 version + Resolves: RHEL-56152 + +* Mon Jul 08 2024 Dmitry Belyavskiy - 0.10.1-1 +- Rebase to 0.10.1 version (CVE-2024-36405) + Resolves: RHEL-40699 +- Use dlopen for OpenSSL algos implementation + Resolves: RHEL-46598 +- Correct license naming + Resolves: RHEL-45265 + +* Mon Jun 24 2024 Troy Dawson - 0.9.2-2 +- Bump release for June 2024 mass rebuild + +* Thu Feb 01 2024 Dmitry Belyavskiy - 0.9.2-1 +- Update to 0.9.2 version + +* Thu Jan 25 2024 Fedora Release Engineering - 0.9.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 0.9.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Oct 30 2023 Yaakov Selkowitz - 0.9.0-2 +- Skip code style tests + +* Fri Oct 27 2023 Dmitry Belyavskiy - 0.9.0-1 +- Switch to 0.9.0 version + Resolves: rhbz#2241615 + +* Wed Oct 04 2023 Stephen Gallagher - 0.8.0-4 +- Bump release to rebuild for ELN issue +- https://github.com/fedora-eln/eln/issues/125 + +* Wed Jul 26 2023 Dmitry Belyavskiy - 0.8.0-3 +- The exception we get covers avx2 implementation, no need to remove it + +* Thu Jul 20 2023 Fedora Release Engineering - 0.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Mon Feb 13 2023 Dmitry Belyavskiy - 0.8.0-1 +- Initial build of liboqs for Fedora +