pool/liboqs
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1092832 from home:msmeissn:branches:devel:libraries:c_c++

Browse Source 
- updated to 0.8.0
  This release features many algorithm updates, including removal
  of algorithms and variants no longer proceeding through NIST
  standardization and updates to newer versions.  See the detailed list
  of algorithm updates below.
  Key encapsulation mechanisms:
  - BIKE: updated to Round 4 version.
  - Kyber: 90s variants were removed.
  - NTRU Prime: All variants were removed, except for sntrup761.
  - Saber: removed.
  Digital signature schemes
  - Dilithium; AES variants were removed.
  - Falcon: updated to the 2023-02-07 version.
  - Picnic: removed.
  - Rainbow: removed.
  - SPHINCS+: updated to version 3.1; SPHINCS+-Haraka variants were removed; SPHINCS+-SHA256 and SPHINCS+-SHAKE variants were renamed
  Other changes
  - Add Cryptographic Bill of Materials (CBOM)
  - Improve building on ARM platforms
  - Improve performance when using OpenSSL 3 for symmetric cryptography
  - Increment shared object library version
  - New configure-time options for algorithm selections
  - pkgconfig file now available
- removed 0001-Add-support-for-powerpc64.-1160.patch: upstream
- 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch: upstream
- liboqs is now liboqs.so.3.

OBS-URL: https://build.opensuse.org/request/show/1092832
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/liboqs?expand=0&rev=11
This commit is contained in:
Marcus Meissner 2023-06-13 11:10:59 +00:00 committed by Git OBS Bridge
parent 5a8ee88768
commit 3e203d806a
9 changed files with 80 additions and 468 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
0.7.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c8a1ffcfd4facc90916557c0efae9a28c46e803b088d0cb32ee7b0b010555d3a
size 8001754

3
0.8.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:542e2d6cd4d3013bc4f97843cb1e9521b1b8d8ea72a55c9f5f040857486b0157
size 2986821

152
0001-Add-support-for-powerpc64.-1160.patch
View File

@ -1,152 +0,0 @@
From eb2f38c44ed15e058bc7ab217ba614b32f012090 Mon Sep 17 00:00:00 2001
From: pkubaj <pkubaj@FreeBSD.org>
Date: Fri, 24 Dec 2021 00:03:25 +0100
Subject: [PATCH 1/2] Add support for powerpc64. (#1160)
This is 64-bit POWER big-endian. Since s390x (64-bit big-endian) and ppc64le
(64-bit POWER) are already supported, this shouldn't be an issue.
---
.CMake/alg_support.cmake | 4 ++--
CMakeLists.txt | 7 +++++++
src/kem/sike/CMakeLists.txt | 3 +++
src/kem/sike/external/P434/P434_internal.h | 2 +-
src/kem/sike/external/P503/P503_internal.h | 2 +-
src/kem/sike/external/P610/P610_internal.h | 2 +-
src/kem/sike/external/P751/P751_internal.h | 2 +-
src/kem/sike/external/config.h | 7 +++++++
8 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/.CMake/alg_support.cmake b/.CMake/alg_support.cmake
index 0de57e8..bb9ebea 100644
--- a/.CMake/alg_support.cmake
+++ b/.CMake/alg_support.cmake
@@ -27,8 +27,8 @@ if(OQS_DIST_X86_64_BUILD OR OQS_USE_AVX2_INSTRUCTIONS)
endif()
endif()
-# BIKE is not supported on Windows, 32-bit ARM and S390X (big endian)
-cmake_dependent_option(OQS_ENABLE_KEM_BIKE "Enable BIKE algorithm family" ON "NOT WIN32; NOT ARCH_ARM32v7; NOT ARCH_X86; NOT ARCH_S390X" OFF)
+# BIKE is not supported on Windows, 32-bit ARM, S390X (big endian) and PPC64 (big endian)
+cmake_dependent_option(OQS_ENABLE_KEM_BIKE "Enable BIKE algorithm family" ON "NOT WIN32; NOT ARCH_ARM32v7; NOT ARCH_X86; NOT ARCH_S390X; NOT ARCH_PPC64" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_bike_l1 "" ON "OQS_ENABLE_KEM_BIKE" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_bike_l3 "" ON "OQS_ENABLE_KEM_BIKE" OFF)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 140cfb8..416da83 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -59,6 +59,13 @@ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64le|powerpc64le")
if(${OQS_DIST_BUILD})
set(OQS_DIST_PPC64LE_BUILD ON)
endif()
+elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc64|powerpc64)")
+ message(WARNING "There is currently no CI for: " ${CMAKE_SYSTEM_PROCESSOR})
+ set(ARCH "ppc64")
+ set(ARCH_PPC64 ON)
+ if(${OQS_DIST_BUILD})
+ set(OQS_DIST_PPC64_BUILD ON)
+ endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "s390x")
set(ARCH "s390x")
set(ARCH_S390X ON)
diff --git a/src/kem/sike/CMakeLists.txt b/src/kem/sike/CMakeLists.txt
index c260ce1..0f4714b 100644
--- a/src/kem/sike/CMakeLists.txt
+++ b/src/kem/sike/CMakeLists.txt
@@ -8,6 +8,7 @@ if(
ARCH_ARM32v7 OR
ARCH_ARM64v8 OR
ARCH_PPC64LE OR
+ ARCH_PPC64 OR
ARCH_S390X)
AND
# check that one SIDH/SIKE alg is enabled
@@ -137,6 +138,8 @@ if(
target_compile_definitions(sike PRIVATE USE_SIKEP751_ASM)
endif()
endif()
+ elseif(ARCH_PPC64)
+ target_compile_definitions(sike PRIVATE _GENERIC_ _PPC64_)
elseif(ARCH_PPC64LE)
target_compile_definitions(sike PRIVATE _GENERIC_ _PPC64LE_)
elseif(ARCH_S390X)
diff --git a/src/kem/sike/external/P434/P434_internal.h b/src/kem/sike/external/P434/P434_internal.h
index 6c7f66c..168ac9f 100644
--- a/src/kem/sike/external/P434/P434_internal.h
+++ b/src/kem/sike/external/P434/P434_internal.h
@@ -9,7 +9,7 @@
#include "../config.h"
-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE)
+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
#define NWORDS_FIELD 7 // Number of words of a 434-bit field element
#define p434_ZERO_WORDS 3 // Number of "0" digits in the least significant part of p434 + 1
#elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
diff --git a/src/kem/sike/external/P503/P503_internal.h b/src/kem/sike/external/P503/P503_internal.h
index 3a9bb32..3c72a4b 100644
--- a/src/kem/sike/external/P503/P503_internal.h
+++ b/src/kem/sike/external/P503/P503_internal.h
@@ -9,7 +9,7 @@
#include "../config.h"
-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE)
+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
#define NWORDS_FIELD 8 // Number of words of a 503-bit field element
#define p503_ZERO_WORDS 3 // Number of "0" digits in the least significant part of p503 + 1
#elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
diff --git a/src/kem/sike/external/P610/P610_internal.h b/src/kem/sike/external/P610/P610_internal.h
index 8a6a08f..7d6f60d 100644
--- a/src/kem/sike/external/P610/P610_internal.h
+++ b/src/kem/sike/external/P610/P610_internal.h
@@ -9,7 +9,7 @@
#include "../config.h"
-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE)
+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
#define NWORDS_FIELD 10 // Number of words of a 610-bit field element
#define p610_ZERO_WORDS 4 // Number of "0" digits in the least significant part of p610 + 1
#elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
diff --git a/src/kem/sike/external/P751/P751_internal.h b/src/kem/sike/external/P751/P751_internal.h
index 1f9f231..0b17da1 100644
--- a/src/kem/sike/external/P751/P751_internal.h
+++ b/src/kem/sike/external/P751/P751_internal.h
@@ -9,7 +9,7 @@
#include "../config.h"
-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE)
+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
#define NWORDS_FIELD 12 // Number of words of a 751-bit field element
#define p751_ZERO_WORDS 5 // Number of "0" digits in the least significant part of p751 + 1
#elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
diff --git a/src/kem/sike/external/config.h b/src/kem/sike/external/config.h
index 1a915d3..46cd312 100644
--- a/src/kem/sike/external/config.h
+++ b/src/kem/sike/external/config.h
@@ -32,6 +32,7 @@
#define TARGET_ARM 4
#define TARGET_ARM64 5
#define TARGET_PPC64LE 6
+#define TARGET_PPC64 7
#if defined(_AMD64_)
#define TARGET TARGET_AMD64
@@ -63,6 +64,12 @@ typedef uint16_t hdigit_t; // Unsigned 16-bit digit
#define LOG2RADIX 6
typedef uint64_t digit_t; // Unsigned 64-bit digit
typedef uint32_t hdigit_t; // Unsigned 32-bit digit
+#elif defined(_PPC64_)
+#define TARGET TARGET_PPC64
+#define RADIX 64
+#define LOG2RADIX 6
+typedef uint64_t digit_t; // Unsigned 64-bit digit
+typedef uint32_t hdigit_t; // Unsigned 32-bit digit
#elif defined(_PPC64LE_)
#define TARGET TARGET_PPC64LE
#define RADIX 64
--
2.36.1

83
0002-Mark-stack-non-executable-when-compiling-with-clang-.patch
View File

@ -1,83 +0,0 @@
From 9f72562d661a0fd1b5773966fb199a8faea144c1 Mon Sep 17 00:00:00 2001
From: Douglas Stebila <dstebila@users.noreply.github.com>
Date: Sun, 9 Jan 2022 11:30:10 -0500
Subject: [PATCH 2/2] Mark stack non-executable when compiling with clang or
gcc (#1161)
* Mark stack non-executable when compiling with clang or gcc
Fixes #1159
* Change noexecstack option on gcc
* Use gcc noexecstack only on non-Darwin
* Check for non-executable stack in shared object builds on Linux
---
.CMake/compiler_opts.cmake | 4 ++++
tests/{test_namespace.py => test_binary.py} | 16 ++++++++++++++++
2 files changed, 20 insertions(+)
rename tests/{test_namespace.py => test_binary.py} (74%)
diff --git a/.CMake/compiler_opts.cmake b/.CMake/compiler_opts.cmake
index 9dd5b32..72c741a 100644
--- a/.CMake/compiler_opts.cmake
+++ b/.CMake/compiler_opts.cmake
@@ -67,6 +67,7 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang")
add_compile_options(-Wextra)
add_compile_options(-Wpedantic)
add_compile_options(-Wno-unused-command-line-argument)
+ set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
if(NOT ${OQS_BUILD_ONLY_LIB})
set(THREADS_PREFER_PTHREAD_FLAG ON)
@@ -117,6 +118,9 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
add_compile_options(-Wformat=2)
add_compile_options(-Wfloat-equal)
add_compile_options(-Wwrite-strings)
+ if (NOT CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+ set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
+ endif()
if(NOT ${OQS_BUILD_ONLY_LIB})
set(THREADS_PREFER_PTHREAD_FLAG ON)
diff --git a/tests/test_namespace.py b/tests/test_binary.py
similarity index 74%
rename from tests/test_namespace.py
rename to tests/test_binary.py
index 9a3fb9e..d212f41 100644
--- a/tests/test_namespace.py
+++ b/tests/test_binary.py
@@ -1,6 +1,7 @@
# SPDX-License-Identifier: MIT
import helpers
+import os
import pytest
import sys
import glob
@@ -51,6 +52,21 @@ def test_namespace():
assert(len(non_namespaced) == 0)
+@helpers.filtered_test
+@pytest.mark.skipif(not(sys.platform.startswith("linux")), reason="Only supported on Linux")
+@pytest.mark.skipif(not(os.path.exists(helpers.get_current_build_dir_name()+'/lib/liboqs.so')), reason="Only supported on builds with a shared library")
+def test_non_executable_stack():
+ liboqs = helpers.get_current_build_dir_name()+'/lib/liboqs.so'
+ out = helpers.run_subprocess(
+ ['readelf', '--wide', '--segments', liboqs]
+ )
+ lines = out.strip().split("\n")
+ for line in lines:
+ if "GNU_STACK" in line:
+ chunks = line.strip().split()
+ flags = chunks[6]
+ assert(flags == 'RW')
+
if __name__ == "__main__":
import sys
pytest.main(sys.argv)
--
2.36.1

2
baselibs.conf
View File

@ -1,2 +1,2 @@
liboqs0
liboqs3
liboqs-devel

208
liboqs-fix-build.patch
View File

@ -1,7 +1,7 @@
Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.h
Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h
===================================================================
--- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.h
+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.h
--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h
+++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h
@@ -30,12 +30,13 @@
#endif
@ -19,52 +19,10 @@ Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.h
+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]);
#endif
Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h
Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h
===================================================================
--- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h
+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h
@@ -30,12 +30,13 @@
#endif
#define crypto_kem_keypair KYBER_NAMESPACE(keypair)
-int crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
+int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]);
+
#define crypto_kem_enc KYBER_NAMESPACE(enc)
-int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]);
#define crypto_kem_dec KYBER_NAMESPACE(dec)
-int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]);
#endif
Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.h
===================================================================
--- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.h
+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.h
@@ -30,12 +30,13 @@
#endif
#define crypto_kem_keypair KYBER_NAMESPACE(keypair)
-int crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
+int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]);
+
#define crypto_kem_enc KYBER_NAMESPACE(enc)
-int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]);
#define crypto_kem_dec KYBER_NAMESPACE(dec)
-int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]);
#endif
Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h
===================================================================
--- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h
+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h
--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h
+++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h
@@ -30,12 +30,15 @@
#endif
@ -84,10 +42,10 @@ Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h
+
#endif
Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.h
Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h
===================================================================
--- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.h
+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.h
--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h
+++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h
@@ -30,12 +30,14 @@
#endif
@ -106,32 +64,10 @@ Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.h
+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]);
#endif
Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h
Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c
===================================================================
--- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h
+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h
@@ -30,12 +30,14 @@
#endif
#define crypto_kem_keypair KYBER_NAMESPACE(keypair)
-int crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
+int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]);
+
#define crypto_kem_enc KYBER_NAMESPACE(enc)
-int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]);
+
#define crypto_kem_dec KYBER_NAMESPACE(dec)
-int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]);
#endif
Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c
===================================================================
--- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c
+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c
--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c
+++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c
@@ -20,8 +20,7 @@
*
* Returns 0 (success)
@ -164,10 +100,10 @@ Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c
{
size_t i;
int fail;
Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c
Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c
===================================================================
--- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c
+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c
--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c
+++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c
@@ -20,8 +20,7 @@
*
* Returns 0 (success)
@ -200,118 +136,10 @@ Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c
{
size_t i;
int fail;
Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c
Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c
===================================================================
--- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c
+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c
@@ -20,8 +20,7 @@
*
* Returns 0 (success)
**************************************************/
-int crypto_kem_keypair(uint8_t *pk,
- uint8_t *sk)
+int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES])
{
size_t i;
indcpa_keypair(pk, sk);
@@ -48,9 +47,7 @@ int crypto_kem_keypair(uint8_t *pk,
*
* Returns 0 (success)
**************************************************/
-int crypto_kem_enc(uint8_t *ct,
- uint8_t *ss,
- const uint8_t *pk)
+int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES])
{
uint8_t buf[2*KYBER_SYMBYTES];
/* Will contain key, coins */
@@ -91,9 +88,7 @@ int crypto_kem_enc(uint8_t *ct,
*
* On failure, ss will contain a pseudo-random value.
**************************************************/
-int crypto_kem_dec(uint8_t *ss,
- const uint8_t *ct,
- const uint8_t *sk)
+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES])
{
size_t i;
int fail;
Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.c
===================================================================
--- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.c
+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.c
@@ -20,8 +20,7 @@
*
* Returns 0 (success)
**************************************************/
-int crypto_kem_keypair(uint8_t *pk,
- uint8_t *sk)
+int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES])
{
size_t i;
indcpa_keypair(pk, sk);
@@ -48,9 +47,7 @@ int crypto_kem_keypair(uint8_t *pk,
*
* Returns 0 (success)
**************************************************/
-int crypto_kem_enc(uint8_t *ct,
- uint8_t *ss,
- const uint8_t *pk)
+int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES])
{
uint8_t buf[2*KYBER_SYMBYTES];
/* Will contain key, coins */
@@ -91,9 +88,7 @@ int crypto_kem_enc(uint8_t *ct,
*
* On failure, ss will contain a pseudo-random value.
**************************************************/
-int crypto_kem_dec(uint8_t *ss,
- const uint8_t *ct,
- const uint8_t *sk)
+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES])
{
size_t i;
int fail;
Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.c
===================================================================
--- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.c
+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.c
@@ -20,8 +20,7 @@
*
* Returns 0 (success)
**************************************************/
-int crypto_kem_keypair(uint8_t *pk,
- uint8_t *sk)
+int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES])
{
size_t i;
indcpa_keypair(pk, sk);
@@ -48,9 +47,7 @@ int crypto_kem_keypair(uint8_t *pk,
*
* Returns 0 (success)
**************************************************/
-int crypto_kem_enc(uint8_t *ct,
- uint8_t *ss,
- const uint8_t *pk)
+int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES])
{
uint8_t buf[2*KYBER_SYMBYTES];
/* Will contain key, coins */
@@ -91,9 +88,7 @@ int crypto_kem_enc(uint8_t *ct,
*
* On failure, ss will contain a pseudo-random value.
**************************************************/
-int crypto_kem_dec(uint8_t *ss,
- const uint8_t *ct,
- const uint8_t *sk)
+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES])
{
size_t i;
int fail;
Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.c
===================================================================
--- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.c
+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.c
--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c
+++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c
@@ -20,8 +20,7 @@
*
* Returns 0 (success)

26
liboqs-fix-prototypemismatch.patch
View File

@ -1,7 +1,7 @@
Index: liboqs-0.7.1/src/kem/frodokem/kem_frodokem.h
Index: liboqs-0.8.0/src/kem/frodokem/kem_frodokem.h
===================================================================
--- liboqs-0.7.1.orig/src/kem/frodokem/kem_frodokem.h
+++ liboqs-0.7.1/src/kem/frodokem/kem_frodokem.h
--- liboqs-0.8.0.orig/src/kem/frodokem/kem_frodokem.h
+++ liboqs-0.8.0/src/kem/frodokem/kem_frodokem.h
@@ -11,9 +11,9 @@
#define OQS_KEM_frodokem_640_aes_length_ciphertext 9720
#define OQS_KEM_frodokem_640_aes_length_shared_secret 16
@ -15,23 +15,3 @@ Index: liboqs-0.7.1/src/kem/frodokem/kem_frodokem.h
#endif
#ifdef OQS_ENABLE_KEM_frodokem_640_shake
Index: liboqs-0.7.1/.CMake/compiler_opts.cmake
===================================================================
--- liboqs-0.7.1.orig/.CMake/compiler_opts.cmake
+++ liboqs-0.7.1/.CMake/compiler_opts.cmake
@@ -62,7 +62,6 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang|GN
endif()
if(CMAKE_C_COMPILER_ID MATCHES "Clang")
- add_compile_options(-Werror)
add_compile_options(-Wall)
add_compile_options(-Wextra)
add_compile_options(-Wpedantic)
@@ -109,7 +108,6 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang")
endif()
elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
- add_compile_options(-Werror)
add_compile_options(-Wall)
add_compile_options(-Wextra)
add_compile_options(-Wpedantic)

38
liboqs.changes
View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Thu Jun 8 07:14:12 UTC 2023 - Marcus Meissner <meissner@suse.com>
- updated to 0.8.0
This release features many algorithm updates, including removal
of algorithms and variants no longer proceeding through NIST
standardization and updates to newer versions. See the detailed list
of algorithm updates below.
Key encapsulation mechanisms:
- BIKE: updated to Round 4 version.
- Kyber: 90s variants were removed.
- NTRU Prime: All variants were removed, except for sntrup761.
- Saber: removed.
Digital signature schemes
- Dilithium; AES variants were removed.
- Falcon: updated to the 2023-02-07 version.
- Picnic: removed.
- Rainbow: removed.
- SPHINCS+: updated to version 3.1; SPHINCS+-Haraka variants were removed; SPHINCS+-SHA256 and SPHINCS+-SHAKE variants were renamed
Other changes
- Add Cryptographic Bill of Materials (CBOM)
- Improve building on ARM platforms
- Improve performance when using OpenSSL 3 for symmetric cryptography
- Increment shared object library version
- New configure-time options for algorithm selections
- pkgconfig file now available
- removed 0001-Add-support-for-powerpc64.-1160.patch: upstream
- 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch: upstream
- liboqs is now liboqs.so.3.
-------------------------------------------------------------------
Wed Mar 29 06:38:25 UTC 2023 - Marcus Meissner <meissner@suse.com>

33
liboqs.spec
View File

@ -17,7 +17,7 @@
Name: liboqs
Version: 0.7.1
Version: 0.8.0
Release: 0
Summary: C library for quantum-resistant cryptographic algorithms
License: MIT
@ -26,10 +26,7 @@ URL: https://github.com/open-quantum-safe/liboqs/
Source: https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{version}.tar.gz
Source1: baselibs.conf
Patch0: liboqs-fix-build.patch
# PATCH-FIX-UPSTREAM
Patch1: 0001-Add-support-for-powerpc64.-1160.patch
Patch2: 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch
Patch3: liboqs-fix-prototypemismatch.patch
Patch1: liboqs-fix-prototypemismatch.patch
BuildRequires: cmake
BuildRequires: doxygen
BuildRequires: libopenssl-devel
@ -38,18 +35,18 @@ BuildRequires: libopenssl-devel
liboqs is a C library for quantum-resistant cryptographic algorithms.
See the bundled README.md for particular limitations on intended use.
%package -n liboqs0
%package -n liboqs3
Summary: C library for quantum-resistant cryptographic algorithms
Group: System/Libraries
%description -n liboqs0
%description -n liboqs3
liboqs is a C library for quantum-resistant cryptographic algorithms.
See the bundled README.md for particular limitations on intended use.
%package devel
Summary: Headers for liboqs, a library for quantum-resistant cryptography
Group: Development/Languages/C and C++
Requires: liboqs0 = %{version}
Requires: liboqs3 = %{version}
%description devel
liboqs is a C library for quantum-resistant cryptographic algorithms.
@ -75,18 +72,19 @@ popd
# need to find out what cmake option is needed
mv %{buildroot}%{_prefix}/local/* %{buildroot}%{_prefix}
if [ "%{_lib}" != "lib" ]; then
mv %{buildroot}%{_prefix}/lib %{buildroot}%{_libdir}
fi
#if [ "%{_lib}" != "lib" ]; then
# mv %{buildroot}%{_prefix}/lib %{buildroot}%{_libdir}
#fi
rmdir %{buildroot}%{_prefix}/local/
%post -n liboqs0 -p /sbin/ldconfig
%postun -n liboqs0 -p /sbin/ldconfig
%post -n liboqs3 -p /sbin/ldconfig
%postun -n liboqs3 -p /sbin/ldconfig
%files -n liboqs0
%files -n liboqs3
%license LICENSE.txt
%{_libdir}/liboqs.so.0*
%{_libdir}/liboqs.so.0.8.0
%{_libdir}/liboqs.so.3
%doc README.md
%files devel
@ -94,9 +92,12 @@ rmdir %{buildroot}%{_prefix}/local/
%dir %{_includedir}/oqs
%{_includedir}/oqs/*
%{_libdir}/liboqs.so
%{_libdir}/pkgconfig/liboqs.pc
%dir %{_libdir}/cmake/
%dir %{_libdir}/cmake/liboqs/
%{_libdir}/cmake/liboqs/liboqsConfig-noconfig.cmake
%{_libdir}/cmake/liboqs/liboqsTargets-noconfig.cmake
%{_libdir}/cmake/liboqs/liboqsTargets.cmake
%{_libdir}/cmake/liboqs/liboqsConfig.cmake
%{_libdir}/cmake/liboqs/liboqsConfigVersion.cmake
%changelog