From e686daaa7ea75a4a9106dfd89775a48f554bdb4174a6166a2238f553ae8a6155 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Fri, 3 May 2024 17:34:48 +0200
Subject: [PATCH] Sync from SUSE:SLFO:Main oqs-provider revision
 822f08e74559f164136bd881147556be

---
 .gitattributes                  | 23 ++++++++++++
 oqs-provider-0.5.0.tar.gz       |  3 ++
 oqs-provider-disable-test.patch | 12 ++++++
 oqs-provider.changes            | 66 +++++++++++++++++++++++++++++++++
 oqs-provider.spec               | 61 ++++++++++++++++++++++++++++++
 5 files changed, 165 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 oqs-provider-0.5.0.tar.gz
 create mode 100644 oqs-provider-disable-test.patch
 create mode 100644 oqs-provider.changes
 create mode 100644 oqs-provider.spec

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/oqs-provider-0.5.0.tar.gz b/oqs-provider-0.5.0.tar.gz
new file mode 100644
index 0000000..91af362
--- /dev/null
+++ b/oqs-provider-0.5.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8b954eac7109084600825ab6f3a1dd861c5de043d2b6e4563ffc68406c2b20a5
+size 112050
diff --git a/oqs-provider-disable-test.patch b/oqs-provider-disable-test.patch
new file mode 100644
index 0000000..b757b49
--- /dev/null
+++ b/oqs-provider-disable-test.patch
@@ -0,0 +1,12 @@
+Index: oqs-provider-0.3.0/CMakeLists.txt
+===================================================================
+--- oqs-provider-0.3.0.orig/CMakeLists.txt
++++ oqs-provider-0.3.0/CMakeLists.txt
+@@ -22,5 +22,5 @@ include_directories(${liboqs_INCLUDE_DIR
+ add_subdirectory(oqsprov)
+ 
+ # Testing
+-enable_testing()
+-add_subdirectory(test)
++#enable_testing()
++#add_subdirectory(test)
diff --git a/oqs-provider.changes b/oqs-provider.changes
new file mode 100644
index 0000000..a1a1fd4
--- /dev/null
+++ b/oqs-provider.changes
@@ -0,0 +1,66 @@
+-------------------------------------------------------------------
+Tue Jun 13 09:19:27 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.5.0:
+
+  - oqs-provider now also enables use of QSC algorithms during TLS1.3
+    handshake. The required OpenSSL code updates are contained in
+    openssl/openssl#19312.
+
+  * Algorithm updates
+
+    All algorithms no longer supported in the NIST PQC competition
+    and not under consideration for standardization by ISO have been
+    removed. All remaining algorithms with the exception of McEliece
+    have been lifted to their final round 3 variants as documented in
+    liboqs. Most notably, algorithm names for Sphincs+ have been changed
+    to the naming chosen by its authors.
+
+  * Functional updates
+
+  - Enablement of oqs-provider as a (first) dynamically fetchable OpenSSL3 TLS1.3 signature provider.
+  - OSX support
+  - Full support for CA functionality
+  - Algorithms can now be selected by their respective bit strength using the property string "oqsprovider.security_bits"
+  - Documentation of (O)IDs used by the different PQC algorithms used and supported in current and past releases of oqs-openssl and oqs-provider
+  - Graceful handling (by way of functional degradation) of the feature sets contained in different OpenSSL releases; all oqsprovider capabilities are only available when using a version > than OpenSSL3.1.
+  - A bug regarding handling of hybrid algorithms has been fixed as well as some memory leaks.
+
+  * Misc updates
+
+  - Dynamic code point and OID changes via environment variables. See ALGORITHMS.md.
+  - Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See ALGORITHMS.md.
+
+- oqs-provider-shared-liboqs.patch: removed, not needed anymore
+
+- updated to 0.4.0:
+
+  * Security considerations
+
+  - This release removes Rainbow level 1 and all variants of SIDH and
+    SIKE due to cryptanalytic breaks of those algorithms. Users are advised
+    to move away from use of those algorithms immediately.
+
+  * Algorithm updates
+
+  - Removal of SIKE/SIDH and Rainbow level I due to cryptographic breaks
+
+  * Functional updates
+
+  - Addition of quantum-safe CMS operations via the OpenSSL interface
+  - Addition of quantum-safe dgst operations via the OpenSSL interface
+
+  * Misc updates
+
+  - Additional testing
+  - Integration with and of OpenSSL test harness
+
+-------------------------------------------------------------------
+Tue Nov 15 17:04:53 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update descriptions
+
+-------------------------------------------------------------------
+Mon Nov 14 15:43:52 UTC 2022 - Marcus Meissner <meissner@suse.com>
+
+- initial import of openssl-3 plugin for liboqs
diff --git a/oqs-provider.spec b/oqs-provider.spec
new file mode 100644
index 0000000..20b5da8
--- /dev/null
+++ b/oqs-provider.spec
@@ -0,0 +1,61 @@
+#
+# spec file for package oqs-provider
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           oqs-provider
+Version:        0.5.0
+Release:        0
+Summary:        Quantum-safe crypto provider for OpenSSL
+License:        MIT
+Group:          Productivity/Security
+URL:            https://github.com/open-quantum-safe/oqs-provider/
+Source:         https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/%{version}.tar.gz#/%name-%version.tar.gz
+# currently would need libtestutil.a from openssl-3, so basically a copy of openssl-3 to test.
+Patch1:         oqs-provider-disable-test.patch
+BuildRequires:  cmake
+BuildRequires:  libopenssl-3-devel
+BuildRequires:  pkgconfig(liboqs)
+
+%description
+This is a plugin/shared library making available quantum-safe cryptography
+(QSC) to OpenSSL 3.x installations via the Provider API.
+
+Sample call:
+
+openssl-3 ciphers -provider oqsprovider
+
+%prep
+%autosetup
+
+%build
+mkdir build
+export RPM_OPT_FLAGS="%optflags -std=gnu11"
+cd build
+cmake -DBUILD_SHARED_LIBS=ON ..
+%cmake_build
+
+%install
+install -d %buildroot/%{_libdir}/ossl-modules/
+
+install -m 755 -c build/lib/oqsprovider.so %buildroot/%{_libdir}/ossl-modules/
+
+%files
+%license LICENSE.txt
+%dir /%{_libdir}/ossl-modules
+/%{_libdir}/ossl-modules/oqsprovider.so
+
+%changelog