Accepting request 1092833 from home:msmeissn:branches:devel:libraries:c_c++

- updated to 0.5.0:
  - oqs-provider now also enables use of QSC algorithms during TLS1.3
    handshake. The required OpenSSL code updates are contained in
    openssl/openssl#19312.
  * Algorithm updates
    All algorithms no longer supported in the NIST PQC competition
    and not under consideration for standardization by ISO have been
    removed. All remaining algorithms with the exception of McEliece
    have been lifted to their final round 3 variants as documented in
    liboqs. Most notably, algorithm names for Sphincs+ have been changed
    to the naming chosen by its authors.
  * Functional updates
  - Enablement of oqs-provider as a (first) dynamically fetchable OpenSSL3 TLS1.3 signature provider.
  - OSX support
  - Full support for CA functionality
  - Algorithms can now be selected by their respective bit strength using the property string "oqsprovider.security_bits"
  - Documentation of (O)IDs used by the different PQC algorithms used and supported in current and past releases of oqs-openssl and oqs-provider
  - Graceful handling (by way of functional degradation) of the feature sets contained in different OpenSSL releases; all oqsprovider capabilities are only available when using a version > than OpenSSL3.1.
  - A bug regarding handling of hybrid algorithms has been fixed as well as some memory leaks.
  * Misc updates
  - Dynamic code point and OID changes via environment variables. See ALGORITHMS.md.
  - Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See ALGORITHMS.md.
- oqs-provider-shared-liboqs.patch: removed, not needed anymore
- updated to 0.4.0:
  * Security considerations
  - This release removes Rainbow level 1 and all variants of SIDH and
    SIKE due to cryptanalytic breaks of those algorithms. Users are advised
    to move away from use of those algorithms immediately.
  * Algorithm updates
  - Removal of SIKE/SIDH and Rainbow level I due to cryptographic breaks

OBS-URL: https://build.opensuse.org/request/show/1092833
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=4

oqs-provider-0.3.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9a3c3897d18b63ee58dc592304973e7264776be6e7cfa88f46dae6df91ee030c
-size 76156

oqs-provider-shared-liboqs.patch

@@ -1,13 +0,0 @@
-Index: oqs-provider-0.3.0/CMakeLists.txt
-===================================================================
---- oqs-provider-0.3.0.orig/CMakeLists.txt
-+++ oqs-provider-0.3.0/CMakeLists.txt
-@@ -14,7 +14,7 @@ message("-- Looking for liboqs include d
- find_path(liboqs_INCLUDE_DIR NAMES oqs/oqs.h REQUIRED)
- message("-- Looking for liboqs include directory - found ${liboqs_INCLUDE_DIR}")
- message("-- Looking for liboqs library")
--find_library(liboqs_LIBRARY NAMES liboqs.a REQUIRED)
-+find_library(liboqs_LIBRARY NAMES liboqs.so REQUIRED)
- message("-- Looking for liboqs library - found ${liboqs_LIBRARY}")
- include_directories(${liboqs_INCLUDE_DIR})
- 

oqs-provider.changes

@@ -1,3 +1,60 @@
+-------------------------------------------------------------------
+Tue Jun 13 09:19:27 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.5.0:
+
+  - oqs-provider now also enables use of QSC algorithms during TLS1.3
+    handshake. The required OpenSSL code updates are contained in
+    openssl/openssl#19312.
+
+  * Algorithm updates
+
+    All algorithms no longer supported in the NIST PQC competition
+    and not under consideration for standardization by ISO have been
+    removed. All remaining algorithms with the exception of McEliece
+    have been lifted to their final round 3 variants as documented in
+    liboqs. Most notably, algorithm names for Sphincs+ have been changed
+    to the naming chosen by its authors.
+
+  * Functional updates
+
+  - Enablement of oqs-provider as a (first) dynamically fetchable OpenSSL3 TLS1.3 signature provider.
+  - OSX support
+  - Full support for CA functionality
+  - Algorithms can now be selected by their respective bit strength using the property string "oqsprovider.security_bits"
+  - Documentation of (O)IDs used by the different PQC algorithms used and supported in current and past releases of oqs-openssl and oqs-provider
+  - Graceful handling (by way of functional degradation) of the feature sets contained in different OpenSSL releases; all oqsprovider capabilities are only available when using a version > than OpenSSL3.1.
+  - A bug regarding handling of hybrid algorithms has been fixed as well as some memory leaks.
+
+  * Misc updates
+
+  - Dynamic code point and OID changes via environment variables. See ALGORITHMS.md.
+  - Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See ALGORITHMS.md.
+
+- oqs-provider-shared-liboqs.patch: removed, not needed anymore
+
+- updated to 0.4.0:
+
+  * Security considerations
+
+  - This release removes Rainbow level 1 and all variants of SIDH and
+    SIKE due to cryptanalytic breaks of those algorithms. Users are advised
+    to move away from use of those algorithms immediately.
+
+  * Algorithm updates
+
+  - Removal of SIKE/SIDH and Rainbow level I due to cryptographic breaks
+
+  * Functional updates
+
+  - Addition of quantum-safe CMS operations via the OpenSSL interface
+  - Addition of quantum-safe dgst operations via the OpenSSL interface
+
+  * Misc updates
+
+  - Additional testing
+  - Integration with and of OpenSSL test harness
+
 -------------------------------------------------------------------
 Tue Nov 15 17:04:53 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
 

oqs-provider.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package oqs-provider
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,19 +17,18 @@
 
 
 Name:           oqs-provider
-Version:        0.3.0
+Version:        0.5.0
 Release:        0
 Summary:        Quantum-safe crypto provider for OpenSSL
 License:        MIT
 Group:          Productivity/Security
 URL:            https://github.com/open-quantum-safe/oqs-provider/
 Source:         https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/%{version}.tar.gz#/%name-%version.tar.gz
-Patch0:		oqs-provider-shared-liboqs.patch
 # currently would need libtestutil.a from openssl-3, so basically a copy of openssl-3 to test.
-Patch1:		oqs-provider-disable-test.patch
+Patch1:         oqs-provider-disable-test.patch
 BuildRequires:  cmake
 BuildRequires:  libopenssl-3-devel
-BuildRequires:  liboqs-devel
+BuildRequires:  pkgconfig(liboqs)
 
 %description
 This is a plugin/shared library making available quantum-safe cryptography
@@ -47,14 +46,15 @@ mkdir build
 export RPM_OPT_FLAGS="%optflags -std=gnu11"
 cd build
 cmake -DBUILD_SHARED_LIBS=ON ..
-%cmake_build 
+%cmake_build
 
 %install
 install -d %buildroot/%{_libdir}/ossl-modules/
-install -m 755 -c build/oqsprov/oqsprovider.so %buildroot/%{_libdir}/ossl-modules/
 
-%files 
-%license LICENSE.txt 
+install -m 755 -c build/lib/oqsprovider.so %buildroot/%{_libdir}/ossl-modules/
+
+%files
+%license LICENSE.txt
 %dir /%{_libdir}/ossl-modules
 /%{_libdir}/ossl-modules/oqsprovider.so