rpms/gnutls
7
0
Fork 0
Code Issues Pull Requests Releases Activity

liboqs: check whether Kyber768 is compiled in

Browse Source 
Related: RHEL-50011
Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
Daiki Ueno 2024-07-29 08:54:00 +09:00
parent 3559e33707
commit 0ad408d5bc
1 changed files with 135 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
gnutls-3.8.6-liboqs-x25519-kyber768d00.patch
View File

@ -3109,3 +3109,138 @@ index 4155a540ed..79f7988d50 100644
-- --
2.45.2 2.45.2
From dfac4bb0d96507a409e3c3434c04bd8f79ac479f Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 29 Jul 2024 08:40:34 +0900
Subject: [PATCH 1/2] liboqs: check whether Kyber768 is compiled in
In the default build configuration of liboqs 0.10.1, Kyber768 is
disabled. This adds a guard against it and skip tests if not
available.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
devel/dlwrap/oqs.syms | 1 +
lib/dlwrap/oqsfuncs.h | 1 +
lib/nettle/pk.c | 27 ++++++++++++++++++---------
tests/pqc-hybrid-kx.sh | 4 ++++
4 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/devel/dlwrap/oqs.syms b/devel/dlwrap/oqs.syms
index 8f067b2dd3..413f887598 100644
--- a/devel/dlwrap/oqs.syms
+++ b/devel/dlwrap/oqs.syms
@@ -1,6 +1,7 @@
OQS_SHA3_set_callbacks
OQS_init
OQS_destroy
+OQS_KEM_alg_is_enabled
OQS_KEM_new
OQS_KEM_encaps
OQS_KEM_decaps
diff --git a/lib/dlwrap/oqsfuncs.h b/lib/dlwrap/oqsfuncs.h
index 95c1b083dc..4aa0ba4ab4 100644
--- a/lib/dlwrap/oqsfuncs.h
+++ b/lib/dlwrap/oqsfuncs.h
@@ -7,6 +7,7 @@ VOID_FUNC(void, OQS_init, (void), ())
VOID_FUNC(void, OQS_destroy, (void), ())
VOID_FUNC(void, OQS_SHA3_set_callbacks, (struct OQS_SHA3_callbacks *new_callbacks), (new_callbacks))
VOID_FUNC(void, OQS_randombytes_custom_algorithm, (void (*algorithm_ptr)(uint8_t *, size_t)), (algorithm_ptr))
+FUNC(int, OQS_KEM_alg_is_enabled, (const char *method_name), (method_name))
FUNC(OQS_KEM *, OQS_KEM_new, (const char *method_name), (method_name))
FUNC(OQS_STATUS, OQS_KEM_keypair, (const OQS_KEM *kem, uint8_t *public_key, uint8_t *secret_key), (kem, public_key, secret_key))
FUNC(OQS_STATUS, OQS_KEM_encaps, (const OQS_KEM *kem, uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key), (kem, ciphertext, shared_secret, public_key))
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index eb8c44459d..8a987ed121 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -704,7 +704,9 @@ static int _wrap_nettle_pk_encaps(gnutls_pk_algorithm_t algo,
OQS_KEM *kem = NULL;
OQS_STATUS rc;
- if (_gnutls_liboqs_ensure() < 0)
+ if (_gnutls_liboqs_ensure() < 0 ||
+ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
+ OQS_KEM_alg_kyber_768))
return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(OQS_KEM_alg_kyber_768);
@@ -765,7 +767,9 @@ static int _wrap_nettle_pk_decaps(gnutls_pk_algorithm_t algo,
OQS_KEM *kem = NULL;
OQS_STATUS rc;
- if (_gnutls_liboqs_ensure() < 0)
+ if (_gnutls_liboqs_ensure() < 0 ||
+ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
+ OQS_KEM_alg_kyber_768))
return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(OQS_KEM_alg_kyber_768);
@@ -2359,7 +2363,9 @@ static int _wrap_nettle_pk_exists(gnutls_pk_algorithm_t pk)
return 1;
#ifdef HAVE_LIBOQS
case GNUTLS_PK_EXP_KYBER768:
- return _gnutls_liboqs_ensure() == 0;
+ return _gnutls_liboqs_ensure() == 0 &&
+ GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
+ OQS_KEM_alg_kyber_768);
#endif
default:
return 0;
@@ -2997,7 +3003,9 @@ static int pct_test(gnutls_pk_algorithm_t algo,
break;
#ifdef HAVE_LIBOQS
case GNUTLS_PK_EXP_KYBER768:
- if (_gnutls_liboqs_ensure() < 0) {
+ if (_gnutls_liboqs_ensure() < 0 ||
+ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
+ OQS_KEM_alg_kyber_768)) {
ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
goto cleanup;
}
@@ -3736,12 +3744,12 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
OQS_KEM *kem = NULL;
OQS_STATUS rc;
-#ifdef HAVE_LIBOQS
- if (_gnutls_liboqs_ensure() < 0) {
+ if (_gnutls_liboqs_ensure() < 0 ||
+ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
+ OQS_KEM_alg_kyber_768)) {
ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
goto cleanup;
}
-#endif
not_approved = true;
@@ -4038,8 +4046,9 @@ static int wrap_nettle_pk_verify_priv_params(gnutls_pk_algorithm_t algo,
}
#ifdef HAVE_LIBOQS
case GNUTLS_PK_EXP_KYBER768:
- ret = _gnutls_liboqs_ensure();
- if (ret < 0)
+ if (_gnutls_liboqs_ensure() < 0 ||
+ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
+ OQS_KEM_alg_kyber_768))
ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
break;
#endif
diff --git a/tests/pqc-hybrid-kx.sh b/tests/pqc-hybrid-kx.sh
index b587587bd2..6d47105fa0 100644
--- a/tests/pqc-hybrid-kx.sh
+++ b/tests/pqc-hybrid-kx.sh
@@ -31,6 +31,10 @@ if ! test -x "${CLI}"; then
exit 77
fi
+if ! "${CLI}" --list | grep '^Public Key Systems: .*Kyber768.*' >/dev/null; then
+ exit 77
+fi
+
. "${srcdir}/scripts/common.sh"
testdir=`create_testdir pqc-hybrid-kx`
--
2.45.2