diff --git a/0.7.1.tar.gz b/0.7.1.tar.gz deleted file mode 100644 index 4abd2ea..0000000 --- a/0.7.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c8a1ffcfd4facc90916557c0efae9a28c46e803b088d0cb32ee7b0b010555d3a -size 8001754 diff --git a/0.8.0.tar.gz b/0.8.0.tar.gz new file mode 100644 index 0000000..4b35e17 --- /dev/null +++ b/0.8.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:542e2d6cd4d3013bc4f97843cb1e9521b1b8d8ea72a55c9f5f040857486b0157 +size 2986821 diff --git a/0001-Add-support-for-powerpc64.-1160.patch b/0001-Add-support-for-powerpc64.-1160.patch deleted file mode 100644 index d93a6d2..0000000 --- a/0001-Add-support-for-powerpc64.-1160.patch +++ /dev/null @@ -1,152 +0,0 @@ -From eb2f38c44ed15e058bc7ab217ba614b32f012090 Mon Sep 17 00:00:00 2001 -From: pkubaj -Date: Fri, 24 Dec 2021 00:03:25 +0100 -Subject: [PATCH 1/2] Add support for powerpc64. (#1160) - -This is 64-bit POWER big-endian. Since s390x (64-bit big-endian) and ppc64le -(64-bit POWER) are already supported, this shouldn't be an issue. ---- - .CMake/alg_support.cmake | 4 ++-- - CMakeLists.txt | 7 +++++++ - src/kem/sike/CMakeLists.txt | 3 +++ - src/kem/sike/external/P434/P434_internal.h | 2 +- - src/kem/sike/external/P503/P503_internal.h | 2 +- - src/kem/sike/external/P610/P610_internal.h | 2 +- - src/kem/sike/external/P751/P751_internal.h | 2 +- - src/kem/sike/external/config.h | 7 +++++++ - 8 files changed, 23 insertions(+), 6 deletions(-) - -diff --git a/.CMake/alg_support.cmake b/.CMake/alg_support.cmake -index 0de57e8..bb9ebea 100644 ---- a/.CMake/alg_support.cmake -+++ b/.CMake/alg_support.cmake -@@ -27,8 +27,8 @@ if(OQS_DIST_X86_64_BUILD OR OQS_USE_AVX2_INSTRUCTIONS) - endif() - endif() - --# BIKE is not supported on Windows, 32-bit ARM and S390X (big endian) --cmake_dependent_option(OQS_ENABLE_KEM_BIKE "Enable BIKE algorithm family" ON "NOT WIN32; NOT ARCH_ARM32v7; NOT ARCH_X86; NOT ARCH_S390X" OFF) -+# BIKE is not supported on Windows, 32-bit ARM, S390X (big endian) and PPC64 (big endian) -+cmake_dependent_option(OQS_ENABLE_KEM_BIKE "Enable BIKE algorithm family" ON "NOT WIN32; NOT ARCH_ARM32v7; NOT ARCH_X86; NOT ARCH_S390X; NOT ARCH_PPC64" OFF) - cmake_dependent_option(OQS_ENABLE_KEM_bike_l1 "" ON "OQS_ENABLE_KEM_BIKE" OFF) - cmake_dependent_option(OQS_ENABLE_KEM_bike_l3 "" ON "OQS_ENABLE_KEM_BIKE" OFF) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 140cfb8..416da83 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -59,6 +59,13 @@ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64le|powerpc64le") - if(${OQS_DIST_BUILD}) - set(OQS_DIST_PPC64LE_BUILD ON) - endif() -+elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc64|powerpc64)") -+ message(WARNING "There is currently no CI for: " ${CMAKE_SYSTEM_PROCESSOR}) -+ set(ARCH "ppc64") -+ set(ARCH_PPC64 ON) -+ if(${OQS_DIST_BUILD}) -+ set(OQS_DIST_PPC64_BUILD ON) -+ endif() - elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "s390x") - set(ARCH "s390x") - set(ARCH_S390X ON) -diff --git a/src/kem/sike/CMakeLists.txt b/src/kem/sike/CMakeLists.txt -index c260ce1..0f4714b 100644 ---- a/src/kem/sike/CMakeLists.txt -+++ b/src/kem/sike/CMakeLists.txt -@@ -8,6 +8,7 @@ if( - ARCH_ARM32v7 OR - ARCH_ARM64v8 OR - ARCH_PPC64LE OR -+ ARCH_PPC64 OR - ARCH_S390X) - AND - # check that one SIDH/SIKE alg is enabled -@@ -137,6 +138,8 @@ if( - target_compile_definitions(sike PRIVATE USE_SIKEP751_ASM) - endif() - endif() -+ elseif(ARCH_PPC64) -+ target_compile_definitions(sike PRIVATE _GENERIC_ _PPC64_) - elseif(ARCH_PPC64LE) - target_compile_definitions(sike PRIVATE _GENERIC_ _PPC64LE_) - elseif(ARCH_S390X) -diff --git a/src/kem/sike/external/P434/P434_internal.h b/src/kem/sike/external/P434/P434_internal.h -index 6c7f66c..168ac9f 100644 ---- a/src/kem/sike/external/P434/P434_internal.h -+++ b/src/kem/sike/external/P434/P434_internal.h -@@ -9,7 +9,7 @@ - - #include "../config.h" - --#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE) -+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE) - #define NWORDS_FIELD 7 // Number of words of a 434-bit field element - #define p434_ZERO_WORDS 3 // Number of "0" digits in the least significant part of p434 + 1 - #elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM) -diff --git a/src/kem/sike/external/P503/P503_internal.h b/src/kem/sike/external/P503/P503_internal.h -index 3a9bb32..3c72a4b 100644 ---- a/src/kem/sike/external/P503/P503_internal.h -+++ b/src/kem/sike/external/P503/P503_internal.h -@@ -9,7 +9,7 @@ - - #include "../config.h" - --#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE) -+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE) - #define NWORDS_FIELD 8 // Number of words of a 503-bit field element - #define p503_ZERO_WORDS 3 // Number of "0" digits in the least significant part of p503 + 1 - #elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM) -diff --git a/src/kem/sike/external/P610/P610_internal.h b/src/kem/sike/external/P610/P610_internal.h -index 8a6a08f..7d6f60d 100644 ---- a/src/kem/sike/external/P610/P610_internal.h -+++ b/src/kem/sike/external/P610/P610_internal.h -@@ -9,7 +9,7 @@ - - #include "../config.h" - --#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE) -+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE) - #define NWORDS_FIELD 10 // Number of words of a 610-bit field element - #define p610_ZERO_WORDS 4 // Number of "0" digits in the least significant part of p610 + 1 - #elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM) -diff --git a/src/kem/sike/external/P751/P751_internal.h b/src/kem/sike/external/P751/P751_internal.h -index 1f9f231..0b17da1 100644 ---- a/src/kem/sike/external/P751/P751_internal.h -+++ b/src/kem/sike/external/P751/P751_internal.h -@@ -9,7 +9,7 @@ - - #include "../config.h" - --#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE) -+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE) - #define NWORDS_FIELD 12 // Number of words of a 751-bit field element - #define p751_ZERO_WORDS 5 // Number of "0" digits in the least significant part of p751 + 1 - #elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM) -diff --git a/src/kem/sike/external/config.h b/src/kem/sike/external/config.h -index 1a915d3..46cd312 100644 ---- a/src/kem/sike/external/config.h -+++ b/src/kem/sike/external/config.h -@@ -32,6 +32,7 @@ - #define TARGET_ARM 4 - #define TARGET_ARM64 5 - #define TARGET_PPC64LE 6 -+#define TARGET_PPC64 7 - - #if defined(_AMD64_) - #define TARGET TARGET_AMD64 -@@ -63,6 +64,12 @@ typedef uint16_t hdigit_t; // Unsigned 16-bit digit - #define LOG2RADIX 6 - typedef uint64_t digit_t; // Unsigned 64-bit digit - typedef uint32_t hdigit_t; // Unsigned 32-bit digit -+#elif defined(_PPC64_) -+#define TARGET TARGET_PPC64 -+#define RADIX 64 -+#define LOG2RADIX 6 -+typedef uint64_t digit_t; // Unsigned 64-bit digit -+typedef uint32_t hdigit_t; // Unsigned 32-bit digit - #elif defined(_PPC64LE_) - #define TARGET TARGET_PPC64LE - #define RADIX 64 --- -2.36.1 - diff --git a/0002-Mark-stack-non-executable-when-compiling-with-clang-.patch b/0002-Mark-stack-non-executable-when-compiling-with-clang-.patch deleted file mode 100644 index 7404f23..0000000 --- a/0002-Mark-stack-non-executable-when-compiling-with-clang-.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 9f72562d661a0fd1b5773966fb199a8faea144c1 Mon Sep 17 00:00:00 2001 -From: Douglas Stebila -Date: Sun, 9 Jan 2022 11:30:10 -0500 -Subject: [PATCH 2/2] Mark stack non-executable when compiling with clang or - gcc (#1161) - -* Mark stack non-executable when compiling with clang or gcc - -Fixes #1159 - -* Change noexecstack option on gcc - -* Use gcc noexecstack only on non-Darwin - -* Check for non-executable stack in shared object builds on Linux ---- - .CMake/compiler_opts.cmake | 4 ++++ - tests/{test_namespace.py => test_binary.py} | 16 ++++++++++++++++ - 2 files changed, 20 insertions(+) - rename tests/{test_namespace.py => test_binary.py} (74%) - -diff --git a/.CMake/compiler_opts.cmake b/.CMake/compiler_opts.cmake -index 9dd5b32..72c741a 100644 ---- a/.CMake/compiler_opts.cmake -+++ b/.CMake/compiler_opts.cmake -@@ -67,6 +67,7 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang") - add_compile_options(-Wextra) - add_compile_options(-Wpedantic) - add_compile_options(-Wno-unused-command-line-argument) -+ set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack") - - if(NOT ${OQS_BUILD_ONLY_LIB}) - set(THREADS_PREFER_PTHREAD_FLAG ON) -@@ -117,6 +118,9 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU") - add_compile_options(-Wformat=2) - add_compile_options(-Wfloat-equal) - add_compile_options(-Wwrite-strings) -+ if (NOT CMAKE_SYSTEM_NAME STREQUAL "Darwin") -+ set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack") -+ endif() - - if(NOT ${OQS_BUILD_ONLY_LIB}) - set(THREADS_PREFER_PTHREAD_FLAG ON) -diff --git a/tests/test_namespace.py b/tests/test_binary.py -similarity index 74% -rename from tests/test_namespace.py -rename to tests/test_binary.py -index 9a3fb9e..d212f41 100644 ---- a/tests/test_namespace.py -+++ b/tests/test_binary.py -@@ -1,6 +1,7 @@ - # SPDX-License-Identifier: MIT - - import helpers -+import os - import pytest - import sys - import glob -@@ -51,6 +52,21 @@ def test_namespace(): - - assert(len(non_namespaced) == 0) - -+@helpers.filtered_test -+@pytest.mark.skipif(not(sys.platform.startswith("linux")), reason="Only supported on Linux") -+@pytest.mark.skipif(not(os.path.exists(helpers.get_current_build_dir_name()+'/lib/liboqs.so')), reason="Only supported on builds with a shared library") -+def test_non_executable_stack(): -+ liboqs = helpers.get_current_build_dir_name()+'/lib/liboqs.so' -+ out = helpers.run_subprocess( -+ ['readelf', '--wide', '--segments', liboqs] -+ ) -+ lines = out.strip().split("\n") -+ for line in lines: -+ if "GNU_STACK" in line: -+ chunks = line.strip().split() -+ flags = chunks[6] -+ assert(flags == 'RW') -+ - if __name__ == "__main__": - import sys - pytest.main(sys.argv) --- -2.36.1 - diff --git a/baselibs.conf b/baselibs.conf index 870a69c..435cdf5 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,2 +1,2 @@ -liboqs0 +liboqs3 liboqs-devel diff --git a/liboqs-fix-build.patch b/liboqs-fix-build.patch index aaa1e53..1d96bb2 100644 --- a/liboqs-fix-build.patch +++ b/liboqs-fix-build.patch @@ -1,7 +1,7 @@ -Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.h +Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h =================================================================== ---- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.h -+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.h +--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h ++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h @@ -30,12 +30,13 @@ #endif @@ -19,52 +19,10 @@ Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.h +int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]); #endif -Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h +Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h =================================================================== ---- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h -+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h -@@ -30,12 +30,13 @@ - #endif - - #define crypto_kem_keypair KYBER_NAMESPACE(keypair) --int crypto_kem_keypair(uint8_t *pk, uint8_t *sk); -+int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]); -+ - - #define crypto_kem_enc KYBER_NAMESPACE(enc) --int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); -+int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]); - - #define crypto_kem_dec KYBER_NAMESPACE(dec) --int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); -+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]); - - #endif -Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.h -=================================================================== ---- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.h -+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.h -@@ -30,12 +30,13 @@ - #endif - - #define crypto_kem_keypair KYBER_NAMESPACE(keypair) --int crypto_kem_keypair(uint8_t *pk, uint8_t *sk); -+int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]); -+ - - #define crypto_kem_enc KYBER_NAMESPACE(enc) --int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); -+int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]); - - #define crypto_kem_dec KYBER_NAMESPACE(dec) --int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); -+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]); - - #endif -Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h -=================================================================== ---- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h -+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h +--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h ++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h @@ -30,12 +30,15 @@ #endif @@ -84,10 +42,10 @@ Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h + #endif -Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.h +Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h =================================================================== ---- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.h -+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.h +--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h ++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h @@ -30,12 +30,14 @@ #endif @@ -106,32 +64,10 @@ Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.h +int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]); #endif -Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h +Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c =================================================================== ---- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h -+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h -@@ -30,12 +30,14 @@ - #endif - - #define crypto_kem_keypair KYBER_NAMESPACE(keypair) --int crypto_kem_keypair(uint8_t *pk, uint8_t *sk); -+int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]); -+ - - #define crypto_kem_enc KYBER_NAMESPACE(enc) --int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); -+int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]); -+ - - #define crypto_kem_dec KYBER_NAMESPACE(dec) --int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); -+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]); - - #endif -Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c -=================================================================== ---- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c -+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c +--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c ++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c @@ -20,8 +20,7 @@ * * Returns 0 (success) @@ -164,10 +100,10 @@ Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c { size_t i; int fail; -Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c +Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c =================================================================== ---- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c -+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c +--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c ++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c @@ -20,8 +20,7 @@ * * Returns 0 (success) @@ -200,118 +136,10 @@ Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c { size_t i; int fail; -Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c +Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c =================================================================== ---- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c -+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c -@@ -20,8 +20,7 @@ - * - * Returns 0 (success) - **************************************************/ --int crypto_kem_keypair(uint8_t *pk, -- uint8_t *sk) -+int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]) - { - size_t i; - indcpa_keypair(pk, sk); -@@ -48,9 +47,7 @@ int crypto_kem_keypair(uint8_t *pk, - * - * Returns 0 (success) - **************************************************/ --int crypto_kem_enc(uint8_t *ct, -- uint8_t *ss, -- const uint8_t *pk) -+int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]) - { - uint8_t buf[2*KYBER_SYMBYTES]; - /* Will contain key, coins */ -@@ -91,9 +88,7 @@ int crypto_kem_enc(uint8_t *ct, - * - * On failure, ss will contain a pseudo-random value. - **************************************************/ --int crypto_kem_dec(uint8_t *ss, -- const uint8_t *ct, -- const uint8_t *sk) -+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]) - { - size_t i; - int fail; -Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.c -=================================================================== ---- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.c -+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.c -@@ -20,8 +20,7 @@ - * - * Returns 0 (success) - **************************************************/ --int crypto_kem_keypair(uint8_t *pk, -- uint8_t *sk) -+int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]) - { - size_t i; - indcpa_keypair(pk, sk); -@@ -48,9 +47,7 @@ int crypto_kem_keypair(uint8_t *pk, - * - * Returns 0 (success) - **************************************************/ --int crypto_kem_enc(uint8_t *ct, -- uint8_t *ss, -- const uint8_t *pk) -+int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]) - { - uint8_t buf[2*KYBER_SYMBYTES]; - /* Will contain key, coins */ -@@ -91,9 +88,7 @@ int crypto_kem_enc(uint8_t *ct, - * - * On failure, ss will contain a pseudo-random value. - **************************************************/ --int crypto_kem_dec(uint8_t *ss, -- const uint8_t *ct, -- const uint8_t *sk) -+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]) - { - size_t i; - int fail; -Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.c -=================================================================== ---- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.c -+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.c -@@ -20,8 +20,7 @@ - * - * Returns 0 (success) - **************************************************/ --int crypto_kem_keypair(uint8_t *pk, -- uint8_t *sk) -+int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]) - { - size_t i; - indcpa_keypair(pk, sk); -@@ -48,9 +47,7 @@ int crypto_kem_keypair(uint8_t *pk, - * - * Returns 0 (success) - **************************************************/ --int crypto_kem_enc(uint8_t *ct, -- uint8_t *ss, -- const uint8_t *pk) -+int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]) - { - uint8_t buf[2*KYBER_SYMBYTES]; - /* Will contain key, coins */ -@@ -91,9 +88,7 @@ int crypto_kem_enc(uint8_t *ct, - * - * On failure, ss will contain a pseudo-random value. - **************************************************/ --int crypto_kem_dec(uint8_t *ss, -- const uint8_t *ct, -- const uint8_t *sk) -+int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]) - { - size_t i; - int fail; -Index: liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.c -=================================================================== ---- liboqs-0.7.1.orig/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.c -+++ liboqs-0.7.1/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.c +--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c ++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c @@ -20,8 +20,7 @@ * * Returns 0 (success) diff --git a/liboqs-fix-prototypemismatch.patch b/liboqs-fix-prototypemismatch.patch index f803459..df3ef56 100644 --- a/liboqs-fix-prototypemismatch.patch +++ b/liboqs-fix-prototypemismatch.patch @@ -1,7 +1,7 @@ -Index: liboqs-0.7.1/src/kem/frodokem/kem_frodokem.h +Index: liboqs-0.8.0/src/kem/frodokem/kem_frodokem.h =================================================================== ---- liboqs-0.7.1.orig/src/kem/frodokem/kem_frodokem.h -+++ liboqs-0.7.1/src/kem/frodokem/kem_frodokem.h +--- liboqs-0.8.0.orig/src/kem/frodokem/kem_frodokem.h ++++ liboqs-0.8.0/src/kem/frodokem/kem_frodokem.h @@ -11,9 +11,9 @@ #define OQS_KEM_frodokem_640_aes_length_ciphertext 9720 #define OQS_KEM_frodokem_640_aes_length_shared_secret 16 @@ -15,23 +15,3 @@ Index: liboqs-0.7.1/src/kem/frodokem/kem_frodokem.h #endif #ifdef OQS_ENABLE_KEM_frodokem_640_shake -Index: liboqs-0.7.1/.CMake/compiler_opts.cmake -=================================================================== ---- liboqs-0.7.1.orig/.CMake/compiler_opts.cmake -+++ liboqs-0.7.1/.CMake/compiler_opts.cmake -@@ -62,7 +62,6 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang|GN - endif() - - if(CMAKE_C_COMPILER_ID MATCHES "Clang") -- add_compile_options(-Werror) - add_compile_options(-Wall) - add_compile_options(-Wextra) - add_compile_options(-Wpedantic) -@@ -109,7 +108,6 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang") - endif() - - elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU") -- add_compile_options(-Werror) - add_compile_options(-Wall) - add_compile_options(-Wextra) - add_compile_options(-Wpedantic) diff --git a/liboqs.changes b/liboqs.changes index 9d41828..bcb608e 100644 --- a/liboqs.changes +++ b/liboqs.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Thu Jun 8 07:14:12 UTC 2023 - Marcus Meissner + +- updated to 0.8.0 + This release features many algorithm updates, including removal + of algorithms and variants no longer proceeding through NIST + standardization and updates to newer versions. See the detailed list + of algorithm updates below. + + Key encapsulation mechanisms: + + - BIKE: updated to Round 4 version. + - Kyber: 90s variants were removed. + - NTRU Prime: All variants were removed, except for sntrup761. + - Saber: removed. + + Digital signature schemes + + - Dilithium; AES variants were removed. + - Falcon: updated to the 2023-02-07 version. + - Picnic: removed. + - Rainbow: removed. + - SPHINCS+: updated to version 3.1; SPHINCS+-Haraka variants were removed; SPHINCS+-SHA256 and SPHINCS+-SHAKE variants were renamed + + Other changes + + - Add Cryptographic Bill of Materials (CBOM) + - Improve building on ARM platforms + - Improve performance when using OpenSSL 3 for symmetric cryptography + - Increment shared object library version + - New configure-time options for algorithm selections + - pkgconfig file now available + +- removed 0001-Add-support-for-powerpc64.-1160.patch: upstream +- 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch: upstream + +- liboqs is now liboqs.so.3. + ------------------------------------------------------------------- Wed Mar 29 06:38:25 UTC 2023 - Marcus Meissner diff --git a/liboqs.spec b/liboqs.spec index 2ae1e99..b94de3c 100644 --- a/liboqs.spec +++ b/liboqs.spec @@ -17,7 +17,7 @@ Name: liboqs -Version: 0.7.1 +Version: 0.8.0 Release: 0 Summary: C library for quantum-resistant cryptographic algorithms License: MIT @@ -26,10 +26,7 @@ URL: https://github.com/open-quantum-safe/liboqs/ Source: https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{version}.tar.gz Source1: baselibs.conf Patch0: liboqs-fix-build.patch -# PATCH-FIX-UPSTREAM -Patch1: 0001-Add-support-for-powerpc64.-1160.patch -Patch2: 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch -Patch3: liboqs-fix-prototypemismatch.patch +Patch1: liboqs-fix-prototypemismatch.patch BuildRequires: cmake BuildRequires: doxygen BuildRequires: libopenssl-devel @@ -38,18 +35,18 @@ BuildRequires: libopenssl-devel liboqs is a C library for quantum-resistant cryptographic algorithms. See the bundled README.md for particular limitations on intended use. -%package -n liboqs0 +%package -n liboqs3 Summary: C library for quantum-resistant cryptographic algorithms Group: System/Libraries -%description -n liboqs0 +%description -n liboqs3 liboqs is a C library for quantum-resistant cryptographic algorithms. See the bundled README.md for particular limitations on intended use. %package devel Summary: Headers for liboqs, a library for quantum-resistant cryptography Group: Development/Languages/C and C++ -Requires: liboqs0 = %{version} +Requires: liboqs3 = %{version} %description devel liboqs is a C library for quantum-resistant cryptographic algorithms. @@ -75,18 +72,19 @@ popd # need to find out what cmake option is needed mv %{buildroot}%{_prefix}/local/* %{buildroot}%{_prefix} -if [ "%{_lib}" != "lib" ]; then - mv %{buildroot}%{_prefix}/lib %{buildroot}%{_libdir} -fi +#if [ "%{_lib}" != "lib" ]; then + # mv %{buildroot}%{_prefix}/lib %{buildroot}%{_libdir} +#fi rmdir %{buildroot}%{_prefix}/local/ -%post -n liboqs0 -p /sbin/ldconfig -%postun -n liboqs0 -p /sbin/ldconfig +%post -n liboqs3 -p /sbin/ldconfig +%postun -n liboqs3 -p /sbin/ldconfig -%files -n liboqs0 +%files -n liboqs3 %license LICENSE.txt -%{_libdir}/liboqs.so.0* +%{_libdir}/liboqs.so.0.8.0 +%{_libdir}/liboqs.so.3 %doc README.md %files devel @@ -94,9 +92,12 @@ rmdir %{buildroot}%{_prefix}/local/ %dir %{_includedir}/oqs %{_includedir}/oqs/* %{_libdir}/liboqs.so +%{_libdir}/pkgconfig/liboqs.pc %dir %{_libdir}/cmake/ %dir %{_libdir}/cmake/liboqs/ -%{_libdir}/cmake/liboqs/liboqsConfig-noconfig.cmake +%{_libdir}/cmake/liboqs/liboqsTargets-noconfig.cmake +%{_libdir}/cmake/liboqs/liboqsTargets.cmake %{_libdir}/cmake/liboqs/liboqsConfig.cmake +%{_libdir}/cmake/liboqs/liboqsConfigVersion.cmake %changelog