From 00926cf91bbb455e347d813b5e5712162f75392bc8d9e6859c19391ff87ee53e Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Wed, 18 Dec 2024 09:57:46 +0000
Subject: [PATCH] =?UTF-8?q?-=20updated=20to=200.7.0:=20=20=20-=20Adds=20su?=
 =?UTF-8?q?pport=20for=20MAYO=20from=20Round=201=20of=20NIST=E2=80=99s=20P?=
 =?UTF-8?q?ost-Quantum=20Signature=20On-Ramp=20process.=20=20=20-=20Adds?=
 =?UTF-8?q?=20support=20for=20CROSS=20from=20Round=201=20of=20NIST?=
 =?UTF-8?q?=E2=80=99s=20Post-Quantum=20Signature=20On-Ramp=20process.=20?=
 =?UTF-8?q?=20=20-=20Updates=20ML-KEM's=20code=20points=20in=20line=20with?=
 =?UTF-8?q?=20internet=20draft=20draft-kwiatkowski-tls-ecdhe-mlkem-02.=20?=
 =?UTF-8?q?=20=20-=20Reverses=20keyshares=20for=20X25519MLKEM768=20and=20X?=
 =?UTF-8?q?448-ML-KEM-768=20TLS=20hybrids=20in=20line=20with=20draft-kwiat?=
 =?UTF-8?q?kowski-tls-ecdhe-mlkem-02.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=12
---
 .gitattributes                  |  23 +++++++
 .gitignore                      |   1 +
 oqs-provider-0.6.1.tar.gz       |   3 +
 oqs-provider-0.7.0.tar.gz       |   3 +
 oqs-provider-disable-test.patch |  17 +++++
 oqs-provider.changes            | 112 ++++++++++++++++++++++++++++++++
 oqs-provider.spec               |  61 +++++++++++++++++
 7 files changed, 220 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 .gitignore
 create mode 100644 oqs-provider-0.6.1.tar.gz
 create mode 100644 oqs-provider-0.7.0.tar.gz
 create mode 100644 oqs-provider-disable-test.patch
 create mode 100644 oqs-provider.changes
 create mode 100644 oqs-provider.spec

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..57affb6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.osc
diff --git a/oqs-provider-0.6.1.tar.gz b/oqs-provider-0.6.1.tar.gz
new file mode 100644
index 0000000..07b05e1
--- /dev/null
+++ b/oqs-provider-0.6.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:28522326630b41c0ff3d2d47445c4293e7e28766fefca5e94416e4de4ae23e1e
+size 201436
diff --git a/oqs-provider-0.7.0.tar.gz b/oqs-provider-0.7.0.tar.gz
new file mode 100644
index 0000000..0b502e6
--- /dev/null
+++ b/oqs-provider-0.7.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dd7abda5aab2408672ca886baac7bceb629f918df2bca203038fb23949e3323f
+size 208082
diff --git a/oqs-provider-disable-test.patch b/oqs-provider-disable-test.patch
new file mode 100644
index 0000000..86ab933
--- /dev/null
+++ b/oqs-provider-disable-test.patch
@@ -0,0 +1,17 @@
+Index: oqs-provider-0.7.0/CMakeLists.txt
+===================================================================
+--- oqs-provider-0.7.0.orig/CMakeLists.txt
++++ oqs-provider-0.7.0/CMakeLists.txt
+@@ -81,9 +81,9 @@ endfunction()
+ add_subdirectory(oqsprov)
+ 
+ # Testing
+-include(CTest)
+-enable_testing()
+-add_subdirectory(test)
++#include(CTest)
++#enable_testing()
++#add_subdirectory(test)
+ 
+ # Examples
+ add_subdirectory(examples)
diff --git a/oqs-provider.changes b/oqs-provider.changes
new file mode 100644
index 0000000..a267056
--- /dev/null
+++ b/oqs-provider.changes
@@ -0,0 +1,112 @@
+-------------------------------------------------------------------
+Thu Dec 12 15:15:59 UTC 2024 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.7.0:
+  - Adds support for MAYO from Round 1 of NIST’s Post-Quantum Signature On-Ramp process.
+  - Adds support for CROSS from Round 1 of NIST’s Post-Quantum Signature On-Ramp process.
+  - Updates ML-KEM's code points in line with internet draft draft-kwiatkowski-tls-ecdhe-mlkem-02.
+  - Reverses keyshares for X25519MLKEM768 and X448-ML-KEM-768 TLS hybrids in line with draft-kwiatkowski-tls-ecdhe-mlkem-02.
+
+-------------------------------------------------------------------
+Tue Jun 18 12:44:27 UTC 2024 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.6.1
+  - CVE-2024-37305: Fixed buffer overflow in deserialization of hybrid
+    keys and signatures (bsc#1226468)
+
+-------------------------------------------------------------------
+Tue Jun 11 08:56:30 UTC 2024 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.6.0
+  - First availability of standardized PQ algorithms, e.g., ML-KEM, ML-DSA
+  - Support for Composite PQ operations
+  - Alignment with PQ algorithm implementations as provided by liboqs 0.10.0, most notably updating HQC and Falcon.
+  - Implementation of security code review recommendations
+  - Support for more hybrid operations as fully documented here.
+  - Support for extraction of classical and hybrid key material
+- updated to 0.5.3
+  - only tracking parallel liboqs security update
+- updated to 0.5.2
+  - Algorithm updates as documented in the liboqs 0.9.0 release notes
+  - Standard coding style
+  - Enhanced memory leak protection
+  - Added community cooperation documentation
+  - (optional) KEM algorithm en-/decoder feature
+
+-------------------------------------------------------------------
+Tue Sep 19 12:16:31 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.5.1
+  - Documentation update
+  - document specs
+  - General documentation overhaul
+  - change TLS demo to use QSC alg
+  - Build a module instead of a shared library.
+  - explain groups in USAGE
+
+-------------------------------------------------------------------
+Tue Jun 13 09:19:27 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.5.0:
+
+  - oqs-provider now also enables use of QSC algorithms during TLS1.3
+    handshake. The required OpenSSL code updates are contained in
+    openssl/openssl#19312.
+
+  * Algorithm updates
+
+    All algorithms no longer supported in the NIST PQC competition
+    and not under consideration for standardization by ISO have been
+    removed. All remaining algorithms with the exception of McEliece
+    have been lifted to their final round 3 variants as documented in
+    liboqs. Most notably, algorithm names for Sphincs+ have been changed
+    to the naming chosen by its authors.
+
+  * Functional updates
+
+  - Enablement of oqs-provider as a (first) dynamically fetchable OpenSSL3 TLS1.3 signature provider.
+  - OSX support
+  - Full support for CA functionality
+  - Algorithms can now be selected by their respective bit strength using the property string "oqsprovider.security_bits"
+  - Documentation of (O)IDs used by the different PQC algorithms used and supported in current and past releases of oqs-openssl and oqs-provider
+  - Graceful handling (by way of functional degradation) of the feature sets contained in different OpenSSL releases; all oqsprovider capabilities are only available when using a version > than OpenSSL3.1.
+  - A bug regarding handling of hybrid algorithms has been fixed as well as some memory leaks.
+
+  * Misc updates
+
+  - Dynamic code point and OID changes via environment variables. See ALGORITHMS.md.
+  - Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See ALGORITHMS.md.
+
+- oqs-provider-shared-liboqs.patch: removed, not needed anymore
+
+- updated to 0.4.0:
+
+  * Security considerations
+
+  - This release removes Rainbow level 1 and all variants of SIDH and
+    SIKE due to cryptanalytic breaks of those algorithms. Users are advised
+    to move away from use of those algorithms immediately.
+
+  * Algorithm updates
+
+  - Removal of SIKE/SIDH and Rainbow level I due to cryptographic breaks
+
+  * Functional updates
+
+  - Addition of quantum-safe CMS operations via the OpenSSL interface
+  - Addition of quantum-safe dgst operations via the OpenSSL interface
+
+  * Misc updates
+
+  - Additional testing
+  - Integration with and of OpenSSL test harness
+
+-------------------------------------------------------------------
+Tue Nov 15 17:04:53 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update descriptions
+
+-------------------------------------------------------------------
+Mon Nov 14 15:43:52 UTC 2022 - Marcus Meissner <meissner@suse.com>
+
+- initial import of openssl-3 plugin for liboqs
diff --git a/oqs-provider.spec b/oqs-provider.spec
new file mode 100644
index 0000000..186aa61
--- /dev/null
+++ b/oqs-provider.spec
@@ -0,0 +1,61 @@
+#
+# spec file for package oqs-provider
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           oqs-provider
+Version:        0.7.0
+Release:        0
+Summary:        Quantum-safe crypto provider for OpenSSL
+License:        MIT
+Group:          Productivity/Security
+URL:            https://github.com/open-quantum-safe/oqs-provider/
+Source:         https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/%{version}.tar.gz#/%name-%version.tar.gz
+# currently would need libtestutil.a from openssl-3, so basically a copy of openssl-3 to test.
+Patch1:         oqs-provider-disable-test.patch
+BuildRequires:  cmake
+BuildRequires:  libopenssl-3-devel
+BuildRequires:  pkgconfig(liboqs)
+
+%description
+This is a plugin/shared library making available quantum-safe cryptography
+(QSC) to OpenSSL 3.x installations via the Provider API.
+
+Sample call:
+
+openssl-3 ciphers -provider oqsprovider
+
+%prep
+%autosetup
+
+%build
+mkdir build
+export RPM_OPT_FLAGS="%optflags -std=gnu11"
+cd build
+cmake -DBUILD_SHARED_LIBS=ON ..
+%cmake_build
+
+%install
+install -d %buildroot/%{_libdir}/ossl-modules/
+
+install -m 755 -c build/lib/oqsprovider.so %buildroot/%{_libdir}/ossl-modules/
+
+%files
+%license LICENSE.txt
+%dir /%{_libdir}/ossl-modules
+/%{_libdir}/ossl-modules/oqsprovider.so
+
+%changelog