From 510d9c743d938a888b1bdc144d432b87b21cde69 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 10 Feb 2025 11:45:39 +0900 Subject: [PATCH] Switch from liboqs to leancrypto Related: RHEL-70818 Signed-off-by: Daiki Ueno --- .gitignore | 3 +++ gnutls.spec | 62 +++++++++++++++++++++++++++++++++++++++++++++++------ sources | 5 +++-- 3 files changed, 61 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index eec36cb..330d059 100644 --- a/.gitignore +++ b/.gitignore @@ -164,3 +164,6 @@ gnutls-2.10.1-nosrp.tar.bz2 /nettle-3.10-hobbled.tar.xz /gnutls-3.8.8.tar.xz /gnutls-3.8.8.tar.xz.sig +/gnutls-3.8.9.tar.xz +/gnutls-3.8.9.tar.xz.sig +/leancrypto-1.2.0.tar.gz diff --git a/gnutls.spec b/gnutls.spec index df8c0e1..4658ed5 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -40,7 +40,7 @@ Patch: gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch %bcond_without gost %endif %bcond_without certificate_compression -%bcond_without liboqs +%bcond_without leancrypto %bcond_without tests %if 0%{?fedora} && 0%{?fedora} < 38 @@ -84,15 +84,15 @@ BuildRequires: readline-devel, libtasn1-devel >= 4.3 %if %{with certificate_compression} BuildRequires: zlib-devel, brotli-devel, libzstd-devel %endif -%if %{with liboqs} -BuildRequires: liboqs-devel -%endif %if %{with bootstrap} BuildRequires: automake, autoconf, gperf, libtool, texinfo %endif %if !%{with bundled_nettle} BuildRequires: nettle-devel >= 3.9.1 %endif +%if %{with leancrypto} +BuildRequires: meson +%endif %if %{with tpm12} BuildRequires: trousers-devel >= 0.3.11.2 %endif @@ -160,6 +160,10 @@ Source200: nettle-3.10-hobbled.tar.xz Source201: nettle-3.8-zeroize-stack.patch %endif +%if %{with leancrypto} +Source300: leancrypto-1.2.0.tar.gz +%endif + # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 Provides: bundled(gnulib) = 20130424 @@ -301,6 +305,13 @@ patch -p1 < %{SOURCE201} popd %endif +%if %{with leancrypto} +mkdir -p bundled_leancrypto +pushd bundled_leancrypto +tar --strip-components=1 -xf %{SOURCE300} +popd +%endif + %if %{with bundled_gmp} sed -i 's/@GMP_LIBS@//' lib/gnutls.pc.in %endif @@ -349,6 +360,39 @@ export HOGWEED_CFLAGS="-I$NETTLE_DIR" export HOGWEED_LIBS="$NETTLE_DIR/libhogweed.a" %endif +%if %{with leancrypto} +pushd bundled_leancrypto +%set_build_flags +meson setup -Dprefix="$PWD/install" -Dlibdir="$PWD/install/lib" \ + -Ddefault_library=static \ + -Dascon=disabled -Dascon_keccak=disabled \ + -Dbike_5=disabled -Dbike_3=disabled -Dbike_1=disabled \ + -Dkyber_x25519=disabled -Ddilithium_ed25519=disabled \ + -Dx509_parser=disabled -Dx509_generator=disabled \ + -Dpkcs7_parser=disabled -Dpkcs7_generator=disabled \ + -Dsha2-256=disabled \ + -Dchacha20=disabled -Dchacha20_drng=disabled \ + -Ddrbg_hash=disabled -Ddrbg_hmac=disabled \ + -Dhash_crypt=disabled \ + -Dhmac=disabled -Dhkdf=disabled \ + -Dkdf_ctr=disabled -Dkdf_fb=disabled -Dkdf_dpi=disabled \ + -Dpbkdf2=disabled \ + -Dkmac_drng=disabled -Dcshake_drng=disabled \ + -Dhotp=disabled -Dtotp=disabled \ + -Daes_block=disabled -Daes_cbc=disabled -Daes_ctr=disabled \ + -Daes_kw=disabled -Dapps=disabled \ + _build +meson compile -C _build +meson install -C _build + +popd + +export LEANCRYPTO_DIR="$PWD/bundled_leancrypto/install" + +export LEANCRYPTO_CFLAGS="-I$LEANCRYPTO_DIR/include" +export LEANCRYPTO_LIBS="$LEANCRYPTO_DIR/lib/libleancrypto.a" +%endif + %if %{with bootstrap} autoreconf -fi %endif @@ -415,10 +459,10 @@ pushd native_build %else --without-zlib --without-brotli --without-zstd \ %endif -%if %{with liboqs} - --with-liboqs \ +%if %{with leancrypto} + --with-leancrypto \ %else - --without-liboqs \ + --without-leancrypto \ %endif --disable-rpath \ --with-default-priority-string="@SYSTEM" @@ -429,6 +473,10 @@ pushd native_build sed -i '/^Requires.private:/s/\(nettle\|hogweed\)[ ,]*//g' lib/gnutls.pc %endif +%if %{with leancrypto} +sed -i '/^Requires.private:/s/leancrypto[ ,]*//g' lib/gnutls.pc +%endif + popd %if %{with mingw} diff --git a/sources b/sources index 6cf7a0d..3744978 100644 --- a/sources +++ b/sources @@ -1,5 +1,6 @@ -SHA512 (gnutls-3.8.8.tar.xz) = 4f617c63e8e8392e400d72c9e39989fcd782268b4a4c4e36bbfb0444a4b5bcb0f53054f04a6dce99ab89c0f38f57430c95aaaec6eb9209b8e9329140abf230c3 -SHA512 (gnutls-3.8.8.tar.xz.sig) = fdff792511e9e5de203a1dfd66bf521c12fb74a19de651ffa1f7359dafdd1dad59ae57d0f95fa363c4167f798e6b624b4ae1f84d4e0737ff690c2fb0e5a5bdce +SHA512 (gnutls-3.8.9.tar.xz) = b3b201671bf4e75325610a0291d4cd36a669718e22b3685246b64bde97b5bd94f463ab376ed817869869714115f4ff11bdc53c32604bb04a8ff8e10daa6d1fc7 +SHA512 (gnutls-3.8.9.tar.xz.sig) = 5a47a519ef35f21b59e2122528246d6109dd95667bfe5d01713b9a7efa2931f8523bf325b8824433f3117d63e0e50d66f8c467a7ee4bd2068ae039601a28441e SHA512 (gnutls-release-keyring.gpg) = 8c2b39239d1d8c5319757fcf669f28a11de7f8ec4a726f9904c57ba8105bea80240083c0de71b747115907bab46569f10cf58004137cc7884ac5c20f8319ae0a SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84 SHA512 (nettle-3.10-hobbled.tar.xz) = 5f2bba913e8ac9c3bef91e59cb7784f609ee6a4549157503583441770fb57782530391906c271316936297ccd691174578a9a584b4a374dfc6214c206b020cb2 +SHA512 (leancrypto-1.2.0.tar.gz) = 0b58644e3362bd512dd2a19a291ef58ba310d688c8d7c5fb2b7b3ac48ec51122311b998786a23cafa3127f3e4c75425babbc61d287e44fe3318ce584cbc87df7