diff --git a/gnutls-3.8.6-liboqs-x25519-kyber768d00.patch b/gnutls-3.8.6-liboqs-x25519-kyber768d00.patch index bae07b7..d807f76 100644 --- a/gnutls-3.8.6-liboqs-x25519-kyber768d00.patch +++ b/gnutls-3.8.6-liboqs-x25519-kyber768d00.patch @@ -3109,3 +3109,138 @@ index 4155a540ed..79f7988d50 100644 -- 2.45.2 +From dfac4bb0d96507a409e3c3434c04bd8f79ac479f Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 29 Jul 2024 08:40:34 +0900 +Subject: [PATCH 1/2] liboqs: check whether Kyber768 is compiled in + +In the default build configuration of liboqs 0.10.1, Kyber768 is +disabled. This adds a guard against it and skip tests if not +available. + +Signed-off-by: Daiki Ueno +--- + devel/dlwrap/oqs.syms | 1 + + lib/dlwrap/oqsfuncs.h | 1 + + lib/nettle/pk.c | 27 ++++++++++++++++++--------- + tests/pqc-hybrid-kx.sh | 4 ++++ + 4 files changed, 24 insertions(+), 9 deletions(-) + +diff --git a/devel/dlwrap/oqs.syms b/devel/dlwrap/oqs.syms +index 8f067b2dd3..413f887598 100644 +--- a/devel/dlwrap/oqs.syms ++++ b/devel/dlwrap/oqs.syms +@@ -1,6 +1,7 @@ + OQS_SHA3_set_callbacks + OQS_init + OQS_destroy ++OQS_KEM_alg_is_enabled + OQS_KEM_new + OQS_KEM_encaps + OQS_KEM_decaps +diff --git a/lib/dlwrap/oqsfuncs.h b/lib/dlwrap/oqsfuncs.h +index 95c1b083dc..4aa0ba4ab4 100644 +--- a/lib/dlwrap/oqsfuncs.h ++++ b/lib/dlwrap/oqsfuncs.h +@@ -7,6 +7,7 @@ VOID_FUNC(void, OQS_init, (void), ()) + VOID_FUNC(void, OQS_destroy, (void), ()) + VOID_FUNC(void, OQS_SHA3_set_callbacks, (struct OQS_SHA3_callbacks *new_callbacks), (new_callbacks)) + VOID_FUNC(void, OQS_randombytes_custom_algorithm, (void (*algorithm_ptr)(uint8_t *, size_t)), (algorithm_ptr)) ++FUNC(int, OQS_KEM_alg_is_enabled, (const char *method_name), (method_name)) + FUNC(OQS_KEM *, OQS_KEM_new, (const char *method_name), (method_name)) + FUNC(OQS_STATUS, OQS_KEM_keypair, (const OQS_KEM *kem, uint8_t *public_key, uint8_t *secret_key), (kem, public_key, secret_key)) + FUNC(OQS_STATUS, OQS_KEM_encaps, (const OQS_KEM *kem, uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key), (kem, ciphertext, shared_secret, public_key)) +diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c +index eb8c44459d..8a987ed121 100644 +--- a/lib/nettle/pk.c ++++ b/lib/nettle/pk.c +@@ -704,7 +704,9 @@ static int _wrap_nettle_pk_encaps(gnutls_pk_algorithm_t algo, + OQS_KEM *kem = NULL; + OQS_STATUS rc; + +- if (_gnutls_liboqs_ensure() < 0) ++ if (_gnutls_liboqs_ensure() < 0 || ++ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)( ++ OQS_KEM_alg_kyber_768)) + return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); + + kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(OQS_KEM_alg_kyber_768); +@@ -765,7 +767,9 @@ static int _wrap_nettle_pk_decaps(gnutls_pk_algorithm_t algo, + OQS_KEM *kem = NULL; + OQS_STATUS rc; + +- if (_gnutls_liboqs_ensure() < 0) ++ if (_gnutls_liboqs_ensure() < 0 || ++ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)( ++ OQS_KEM_alg_kyber_768)) + return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); + + kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(OQS_KEM_alg_kyber_768); +@@ -2359,7 +2363,9 @@ static int _wrap_nettle_pk_exists(gnutls_pk_algorithm_t pk) + return 1; + #ifdef HAVE_LIBOQS + case GNUTLS_PK_EXP_KYBER768: +- return _gnutls_liboqs_ensure() == 0; ++ return _gnutls_liboqs_ensure() == 0 && ++ GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)( ++ OQS_KEM_alg_kyber_768); + #endif + default: + return 0; +@@ -2997,7 +3003,9 @@ static int pct_test(gnutls_pk_algorithm_t algo, + break; + #ifdef HAVE_LIBOQS + case GNUTLS_PK_EXP_KYBER768: +- if (_gnutls_liboqs_ensure() < 0) { ++ if (_gnutls_liboqs_ensure() < 0 || ++ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)( ++ OQS_KEM_alg_kyber_768)) { + ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); + goto cleanup; + } +@@ -3736,12 +3744,12 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, + OQS_KEM *kem = NULL; + OQS_STATUS rc; + +-#ifdef HAVE_LIBOQS +- if (_gnutls_liboqs_ensure() < 0) { ++ if (_gnutls_liboqs_ensure() < 0 || ++ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)( ++ OQS_KEM_alg_kyber_768)) { + ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); + goto cleanup; + } +-#endif + + not_approved = true; + +@@ -4038,8 +4046,9 @@ static int wrap_nettle_pk_verify_priv_params(gnutls_pk_algorithm_t algo, + } + #ifdef HAVE_LIBOQS + case GNUTLS_PK_EXP_KYBER768: +- ret = _gnutls_liboqs_ensure(); +- if (ret < 0) ++ if (_gnutls_liboqs_ensure() < 0 || ++ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)( ++ OQS_KEM_alg_kyber_768)) + ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); + break; + #endif +diff --git a/tests/pqc-hybrid-kx.sh b/tests/pqc-hybrid-kx.sh +index b587587bd2..6d47105fa0 100644 +--- a/tests/pqc-hybrid-kx.sh ++++ b/tests/pqc-hybrid-kx.sh +@@ -31,6 +31,10 @@ if ! test -x "${CLI}"; then + exit 77 + fi + ++if ! "${CLI}" --list | grep '^Public Key Systems: .*Kyber768.*' >/dev/null; then ++ exit 77 ++fi ++ + . "${srcdir}/scripts/common.sh" + testdir=`create_testdir pqc-hybrid-kx` + +-- +2.45.2 +