oqs-provider/oqs-provider.spec

#
# spec file for package oqs-provider
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


Name:           oqs-provider
Version:        0.6.1
Release:        0
Summary:        Quantum-safe crypto provider for OpenSSL
License:        MIT
Group:          Productivity/Security
URL:            https://github.com/open-quantum-safe/oqs-provider/
Source:         https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/%{version}.tar.gz#/%name-%version.tar.gz
# currently would need libtestutil.a from openssl-3, so basically a copy of openssl-3 to test.
Patch1:         oqs-provider-disable-test.patch
BuildRequires:  cmake
BuildRequires:  libopenssl-3-devel
BuildRequires:  pkgconfig(liboqs)

%description
This is a plugin/shared library making available quantum-safe cryptography
(QSC) to OpenSSL 3.x installations via the Provider API.

Sample call:

openssl-3 ciphers -provider oqsprovider

%prep
%autosetup

%build
mkdir build
export RPM_OPT_FLAGS="%optflags -std=gnu11"
cd build
cmake -DBUILD_SHARED_LIBS=ON ..
%cmake_build

%install
install -d %buildroot/%{_libdir}/ossl-modules/

install -m 755 -c build/lib/oqsprovider.so %buildroot/%{_libdir}/ossl-modules/

%files
%license LICENSE.txt
%dir /%{_libdir}/ossl-modules
/%{_libdir}/ossl-modules/oqsprovider.so

%changelog
Accepting request 1035875 from home:msmeissn openquantum safe openssl 3 provider plugin OBS-URL: https://build.opensuse.org/request/show/1035875 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=1 2022-11-15 16:21:09 +01:00			`#`
			`# spec file for package oqs-provider`
			`#`
Accepting request 1179956 from home:msmeissn:branches:devel:libraries:c_c++ - updated to 0.6.0 - First availability of standardized PQ algorithms, e.g., ML-KEM, ML-DSA - Support for Composite PQ operations - Alignment with PQ algorithm implementations as provided by liboqs 0.10.0, most notably updating HQC and Falcon. - Implementation of security code review recommendations - Support for more hybrid operations as fully documented here. - Support for extraction of classical and hybrid key material - updated to 0.5.3 - only tracking parallel liboqs security update - updated to 0.5.2 - Algorithm updates as documented in the liboqs 0.9.0 release notes - Standard coding style - Enhanced memory leak protection - Added community cooperation documentation - (optional) KEM algorithm en-/decoder feature OBS-URL: https://build.opensuse.org/request/show/1179956 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=8 2024-06-11 11:01:53 +02:00			`# Copyright (c) 2024 SUSE LLC`
Accepting request 1035875 from home:msmeissn openquantum safe openssl 3 provider plugin OBS-URL: https://build.opensuse.org/request/show/1035875 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=1 2022-11-15 16:21:09 +01:00			`#`
			`# All modifications and additions to the file contributed by third parties`
			`# remain the property of their copyright owners, unless otherwise agreed`
			`# upon. The license for this file, and modifications and additions to the`
			`# file, is the same license as for the pristine package itself (unless the`
			`# license for the pristine package is not an Open Source License, in which`
			`# case the license is the MIT License). An "Open Source License" is a`
			`# license that conforms to the Open Source Definition (Version 1.9)`
			`# published by the Open Source Initiative.`

			`# Please submit bugfixes or comments via https://bugs.opensuse.org/`
			`#`


			`Name: oqs-provider`
- updated to 0.6.1 - CVE-2024-37305: Fixed buffer overflow in deserialization of hybrid keys and signatures (bsc#1226468) OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=10 2024-06-18 15:08:14 +02:00			`Version: 0.6.1`
Accepting request 1035875 from home:msmeissn openquantum safe openssl 3 provider plugin OBS-URL: https://build.opensuse.org/request/show/1035875 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=1 2022-11-15 16:21:09 +01:00			`Release: 0`
Accepting request 1035902 from home:jengelh:branches:devel:libraries:c_c++ - Update descriptions OBS-URL: https://build.opensuse.org/request/show/1035902 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=2 2022-11-16 09:27:15 +01:00			`Summary: Quantum-safe crypto provider for OpenSSL`
Accepting request 1035875 from home:msmeissn openquantum safe openssl 3 provider plugin OBS-URL: https://build.opensuse.org/request/show/1035875 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=1 2022-11-15 16:21:09 +01:00			`License: MIT`
			`Group: Productivity/Security`
			`URL: https://github.com/open-quantum-safe/oqs-provider/`
			`Source: https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/%{version}.tar.gz#/%name-%version.tar.gz`
			`# currently would need libtestutil.a from openssl-3, so basically a copy of openssl-3 to test.`
Accepting request 1092833 from home:msmeissn:branches:devel:libraries:c_c++ - updated to 0.5.0: - oqs-provider now also enables use of QSC algorithms during TLS1.3 handshake. The required OpenSSL code updates are contained in openssl/openssl#19312. * Algorithm updates All algorithms no longer supported in the NIST PQC competition and not under consideration for standardization by ISO have been removed. All remaining algorithms with the exception of McEliece have been lifted to their final round 3 variants as documented in liboqs. Most notably, algorithm names for Sphincs+ have been changed to the naming chosen by its authors. * Functional updates - Enablement of oqs-provider as a (first) dynamically fetchable OpenSSL3 TLS1.3 signature provider. - OSX support - Full support for CA functionality - Algorithms can now be selected by their respective bit strength using the property string "oqsprovider.security_bits" - Documentation of (O)IDs used by the different PQC algorithms used and supported in current and past releases of oqs-openssl and oqs-provider - Graceful handling (by way of functional degradation) of the feature sets contained in different OpenSSL releases; all oqsprovider capabilities are only available when using a version > than OpenSSL3.1. - A bug regarding handling of hybrid algorithms has been fixed as well as some memory leaks. * Misc updates - Dynamic code point and OID changes via environment variables. See ALGORITHMS.md. - Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See ALGORITHMS.md. - oqs-provider-shared-liboqs.patch: removed, not needed anymore - updated to 0.4.0: * Security considerations - This release removes Rainbow level 1 and all variants of SIDH and SIKE due to cryptanalytic breaks of those algorithms. Users are advised to move away from use of those algorithms immediately. * Algorithm updates - Removal of SIKE/SIDH and Rainbow level I due to cryptographic breaks OBS-URL: https://build.opensuse.org/request/show/1092833 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=4 2023-06-13 13:11:09 +02:00			`Patch1: oqs-provider-disable-test.patch`
Accepting request 1035875 from home:msmeissn openquantum safe openssl 3 provider plugin OBS-URL: https://build.opensuse.org/request/show/1035875 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=1 2022-11-15 16:21:09 +01:00			`BuildRequires: cmake`
			`BuildRequires: libopenssl-3-devel`
Accepting request 1092833 from home:msmeissn:branches:devel:libraries:c_c++ - updated to 0.5.0: - oqs-provider now also enables use of QSC algorithms during TLS1.3 handshake. The required OpenSSL code updates are contained in openssl/openssl#19312. * Algorithm updates All algorithms no longer supported in the NIST PQC competition and not under consideration for standardization by ISO have been removed. All remaining algorithms with the exception of McEliece have been lifted to their final round 3 variants as documented in liboqs. Most notably, algorithm names for Sphincs+ have been changed to the naming chosen by its authors. * Functional updates - Enablement of oqs-provider as a (first) dynamically fetchable OpenSSL3 TLS1.3 signature provider. - OSX support - Full support for CA functionality - Algorithms can now be selected by their respective bit strength using the property string "oqsprovider.security_bits" - Documentation of (O)IDs used by the different PQC algorithms used and supported in current and past releases of oqs-openssl and oqs-provider - Graceful handling (by way of functional degradation) of the feature sets contained in different OpenSSL releases; all oqsprovider capabilities are only available when using a version > than OpenSSL3.1. - A bug regarding handling of hybrid algorithms has been fixed as well as some memory leaks. * Misc updates - Dynamic code point and OID changes via environment variables. See ALGORITHMS.md. - Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See ALGORITHMS.md. - oqs-provider-shared-liboqs.patch: removed, not needed anymore - updated to 0.4.0: * Security considerations - This release removes Rainbow level 1 and all variants of SIDH and SIKE due to cryptanalytic breaks of those algorithms. Users are advised to move away from use of those algorithms immediately. * Algorithm updates - Removal of SIKE/SIDH and Rainbow level I due to cryptographic breaks OBS-URL: https://build.opensuse.org/request/show/1092833 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=4 2023-06-13 13:11:09 +02:00			`BuildRequires: pkgconfig(liboqs)`
Accepting request 1035875 from home:msmeissn openquantum safe openssl 3 provider plugin OBS-URL: https://build.opensuse.org/request/show/1035875 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=1 2022-11-15 16:21:09 +01:00
			`%description`
Accepting request 1035902 from home:jengelh:branches:devel:libraries:c_c++ - Update descriptions OBS-URL: https://build.opensuse.org/request/show/1035902 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=2 2022-11-16 09:27:15 +01:00			`This is a plugin/shared library making available quantum-safe cryptography`
			`(QSC) to OpenSSL 3.x installations via the Provider API.`
Accepting request 1035875 from home:msmeissn openquantum safe openssl 3 provider plugin OBS-URL: https://build.opensuse.org/request/show/1035875 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=1 2022-11-15 16:21:09 +01:00
			`Sample call:`

			`openssl-3 ciphers -provider oqsprovider`

			`%prep`
			`%autosetup`

			`%build`
			`mkdir build`
Accepting request 1035902 from home:jengelh:branches:devel:libraries:c_c++ - Update descriptions OBS-URL: https://build.opensuse.org/request/show/1035902 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=2 2022-11-16 09:27:15 +01:00			`export RPM_OPT_FLAGS="%optflags -std=gnu11"`
Accepting request 1035875 from home:msmeissn openquantum safe openssl 3 provider plugin OBS-URL: https://build.opensuse.org/request/show/1035875 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=1 2022-11-15 16:21:09 +01:00			`cd build`
			`cmake -DBUILD_SHARED_LIBS=ON ..`
Accepting request 1092833 from home:msmeissn:branches:devel:libraries:c_c++ - updated to 0.5.0: - oqs-provider now also enables use of QSC algorithms during TLS1.3 handshake. The required OpenSSL code updates are contained in openssl/openssl#19312. * Algorithm updates All algorithms no longer supported in the NIST PQC competition and not under consideration for standardization by ISO have been removed. All remaining algorithms with the exception of McEliece have been lifted to their final round 3 variants as documented in liboqs. Most notably, algorithm names for Sphincs+ have been changed to the naming chosen by its authors. * Functional updates - Enablement of oqs-provider as a (first) dynamically fetchable OpenSSL3 TLS1.3 signature provider. - OSX support - Full support for CA functionality - Algorithms can now be selected by their respective bit strength using the property string "oqsprovider.security_bits" - Documentation of (O)IDs used by the different PQC algorithms used and supported in current and past releases of oqs-openssl and oqs-provider - Graceful handling (by way of functional degradation) of the feature sets contained in different OpenSSL releases; all oqsprovider capabilities are only available when using a version > than OpenSSL3.1. - A bug regarding handling of hybrid algorithms has been fixed as well as some memory leaks. * Misc updates - Dynamic code point and OID changes via environment variables. See ALGORITHMS.md. - Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See ALGORITHMS.md. - oqs-provider-shared-liboqs.patch: removed, not needed anymore - updated to 0.4.0: * Security considerations - This release removes Rainbow level 1 and all variants of SIDH and SIKE due to cryptanalytic breaks of those algorithms. Users are advised to move away from use of those algorithms immediately. * Algorithm updates - Removal of SIKE/SIDH and Rainbow level I due to cryptographic breaks OBS-URL: https://build.opensuse.org/request/show/1092833 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=4 2023-06-13 13:11:09 +02:00			`%cmake_build`
Accepting request 1035875 from home:msmeissn openquantum safe openssl 3 provider plugin OBS-URL: https://build.opensuse.org/request/show/1035875 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=1 2022-11-15 16:21:09 +01:00
			`%install`
			`install -d %buildroot/%{_libdir}/ossl-modules/`

Accepting request 1092833 from home:msmeissn:branches:devel:libraries:c_c++ - updated to 0.5.0: - oqs-provider now also enables use of QSC algorithms during TLS1.3 handshake. The required OpenSSL code updates are contained in openssl/openssl#19312. * Algorithm updates All algorithms no longer supported in the NIST PQC competition and not under consideration for standardization by ISO have been removed. All remaining algorithms with the exception of McEliece have been lifted to their final round 3 variants as documented in liboqs. Most notably, algorithm names for Sphincs+ have been changed to the naming chosen by its authors. * Functional updates - Enablement of oqs-provider as a (first) dynamically fetchable OpenSSL3 TLS1.3 signature provider. - OSX support - Full support for CA functionality - Algorithms can now be selected by their respective bit strength using the property string "oqsprovider.security_bits" - Documentation of (O)IDs used by the different PQC algorithms used and supported in current and past releases of oqs-openssl and oqs-provider - Graceful handling (by way of functional degradation) of the feature sets contained in different OpenSSL releases; all oqsprovider capabilities are only available when using a version > than OpenSSL3.1. - A bug regarding handling of hybrid algorithms has been fixed as well as some memory leaks. * Misc updates - Dynamic code point and OID changes via environment variables. See ALGORITHMS.md. - Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See ALGORITHMS.md. - oqs-provider-shared-liboqs.patch: removed, not needed anymore - updated to 0.4.0: * Security considerations - This release removes Rainbow level 1 and all variants of SIDH and SIKE due to cryptanalytic breaks of those algorithms. Users are advised to move away from use of those algorithms immediately. * Algorithm updates - Removal of SIKE/SIDH and Rainbow level I due to cryptographic breaks OBS-URL: https://build.opensuse.org/request/show/1092833 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=4 2023-06-13 13:11:09 +02:00			`install -m 755 -c build/lib/oqsprovider.so %buildroot/%{_libdir}/ossl-modules/`

			`%files`
			`%license LICENSE.txt`
Accepting request 1035875 from home:msmeissn openquantum safe openssl 3 provider plugin OBS-URL: https://build.opensuse.org/request/show/1035875 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=1 2022-11-15 16:21:09 +01:00			`%dir /%{_libdir}/ossl-modules`
			`/%{_libdir}/ossl-modules/oqsprovider.so`

			`%changelog`