Sync from SUSE:SLFO:Main liboqs revision 9d053785ca7b3cbb4bd64311889228cc

liboqs-fix-prototypemismatch.patch

@@ -1,15 +1,17 @@
-Index: liboqs-0.8.0/src/kem/frodokem/kem_frodokem.h
+Index: liboqs-0.13.0/src/kem/frodokem/kem_frodokem.h
 ===================================================================
---- liboqs-0.8.0.orig/src/kem/frodokem/kem_frodokem.h
-+++ liboqs-0.8.0/src/kem/frodokem/kem_frodokem.h
-@@ -11,9 +11,9 @@
- #define OQS_KEM_frodokem_640_aes_length_ciphertext 9720
+--- liboqs-0.13.0.orig/src/kem/frodokem/kem_frodokem.h
++++ liboqs-0.13.0/src/kem/frodokem/kem_frodokem.h
+@@ -12,10 +12,10 @@
  #define OQS_KEM_frodokem_640_aes_length_shared_secret 16
+ #define OQS_KEM_frodokem_640_aes_length_keypair_seed 0
  OQS_KEM *OQS_KEM_frodokem_640_aes_new(void);
 -OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair(uint8_t *public_key, uint8_t *secret_key);
+-OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *seed);
 -OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
 -OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key);
 +OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair(unsigned char *public_key, unsigned char *secret_key);
++OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair_derand(unsigned char *public_key, unsigned char *secret_key, const unsigned char *seed);
 +OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_encaps(unsigned char *ciphertext, unsigned char *shared_secret, const unsigned char *public_key);
 +OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_decaps(unsigned char *shared_secret, const unsigned char *ciphertext, const unsigned char *secret_key);
  #endif

liboqs.changes

@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Mon May 12 09:30:45 UTC 2025 - Marcus Meissner <meissner@suse.com>
+
+- add -DOQS_ENABLE_KEM_HQC=ON even due to security issues, as otherwise
+  we dropped binary compatibility with postquantumcryptoengine (bsc#1242701)
+
+-------------------------------------------------------------------
+Sun May 11 16:10:22 UTC 2025 - Bernhard Wiedemann <bwiedemann@suse.com>
+
+- Add reproducible.patch to not embed the buildhost's kernel version (boo#1101107)
+
+-------------------------------------------------------------------
+Thu Apr 17 16:03:16 UTC 2025 - Marcus Meissner <meissner@suse.com>
+
+- Updated to 0.13.0:
+  - Key encapsulation mechanisms                                                                                                                                                             
+    - New API: Added a deterministic key generation and API for KEMs (only ML-KEM supported at the moment).
+    - ML-KEM: Changed the default ML-KEM implementation to [PQCP's mlkem-native](https://github.com/pq-code-package/mlkem-native). There are three variants: Portable C, AVX2, and AArch64. Large +parts of these implementations are formally verified: all of the C code is verified for memory and type safety using [CBMC](https://github.com/diffblue/cbmc) and the functional correctness +of the core AArch64 assembly routines is verified using [HOL-Light](https://github.com/jrh13/hol-light).
+    - ML-KEM: Added support for the ML-KEM implementation from [Nvidia cuPQC](https://developer.nvidia.com/cupqc), a GPU accelerated cryptography library.
+    - ML-KEM: Implementation from mlkem-native upstream updated to add Pair-wise Consistency Test (PCT) and Intel CET support.
+    - ML-KEM: Improved testing of ML-KEM keys.
+    - HQC: Disabled HQC by default until [a new security flaw](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/Wiu4ZQo3fP8) is fixed.
+
+  - Digital signature schemes
+    - ML-DSA: Improved testing for ML-DSA.
+    - CROSS: Updated to NIST Additional Signatures Round 2 version.
+    - MAYO: Updated to NIST Additional Signatures Round 2 version.
+    - UOV: Added support for UOV algorithm from NIST Additional Signatures Round 2.
+
 -------------------------------------------------------------------
 Tue Dec 10 07:51:25 UTC 2024 - Marcus Meissner <meissner@suse.com>
 

liboqs.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package liboqs
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           liboqs
-Version:        0.12.0
+Version:        0.13.0
 Release:        0
 Summary:        C library for quantum-resistant cryptographic algorithms
 License:        MIT
@@ -27,6 +27,7 @@ Source:         https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{
 Source1:        baselibs.conf
 Patch0:         liboqs-fix-build.patch
 Patch1:         liboqs-fix-prototypemismatch.patch
+Patch2:         reproducible.patch
 BuildRequires:  cmake
 BuildRequires:  doxygen
 BuildRequires:  libopenssl-devel
@@ -60,7 +61,7 @@ export RPM_OPT_FLAGS="%{optflags} -std=gnu11"
 
 # 20220702: The %%cmake macro can't be used because a 'CMakeLists.txt' folder
 # exists
-cmake -S . -B build -DBUILD_SHARED_LIBS:BOOL=ON -DOQS_DIST_BUILD:BOOL=ON
+cmake -S . -B build -DBUILD_SHARED_LIBS:BOOL=ON -DOQS_DIST_BUILD:BOOL=ON -DOQS_ENABLE_KEM_HQC=ON
 
 pushd build
 %cmake_build

reproducible.patch

@@ -0,0 +1,13 @@
+Index: liboqs-0.13.0/CMakeLists.txt
+===================================================================
+--- liboqs-0.13.0.orig/CMakeLists.txt
++++ liboqs-0.13.0/CMakeLists.txt
+@@ -46,7 +46,7 @@ set(OQS_VERSION_MINOR 13)
+ set(OQS_VERSION_PATCH 0)
+ set(OQS_VERSION_PRE_RELEASE "")
+ set(OQS_VERSION_TEXT "${OQS_VERSION_MAJOR}.${OQS_VERSION_MINOR}.${OQS_VERSION_PATCH}${OQS_VERSION_PRE_RELEASE}")
+-set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}")
++set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-Linux-6.14.0-OBS")
+ set(OQS_MINIMAL_GCC_VERSION "7.1.0")
+ set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
+