Avoid unresolved symbols when compiled with OQS_DLOPEN_OPENSSL

Resolves: RHEL-75157

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1 +1,6 @@
-0.10.1.tar.gz
+/0.8.0.tar.gz
+/0.9.0.tar.gz
+/0.9.2.tar.gz
+/0.10.1.tar.gz
+/0.11.0.tar.gz
+/liboqs-0.12.0.tar.gz

README.md

@@ -0,0 +1,3 @@
+# liboqs
+
+The liboqs package

ci.fmf

@@ -0,0 +1 @@
+resultsdb-testcase: separate

gating.yaml

@@ -0,0 +1,9 @@
+--- !Policy
+product_versions:
+  - rhel-10
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-enabled.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-disabled.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-enabled-buildroot-enabled.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-enabled-buildroot-disabled.functional}

liboqs-0.10.0-std-stricter.patch

@@ -0,0 +1,14 @@
+diff -up liboqs-0.10.0/.CMake/alg_support.cmake.xxx liboqs-0.10.0/.CMake/alg_support.cmake
+--- liboqs-0.10.0/.CMake/alg_support.cmake.xxx	2024-05-06 05:52:52.668502602 -0400
++++ liboqs-0.10.0/.CMake/alg_support.cmake	2024-05-06 05:57:03.715008552 -0400
+@@ -182,6 +182,10 @@ elseif (${OQS_ALGS_ENABLED} STREQUAL "ST
+ ##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_LIST_STANDARDIZED_ALGS_START
+ 	filter_algs("KEM_ml_kem_512;KEM_ml_kem_768;KEM_ml_kem_1024;SIG_ml_dsa_44;SIG_ml_dsa_65;SIG_ml_dsa_87;SIG_falcon_512;SIG_falcon_1024;SIG_falcon_padded_512;SIG_falcon_padded_1024;SIG_sphincs_sha2_128f_simple;SIG_sphincs_sha2_128s_simple;SIG_sphincs_sha2_192f_simple;SIG_sphincs_sha2_192s_simple;SIG_sphincs_sha2_256f_simple;SIG_sphincs_sha2_256s_simple;SIG_sphincs_shake_128f_simple;SIG_sphincs_shake_128s_simple;SIG_sphincs_shake_192f_simple;SIG_sphincs_shake_192s_simple;SIG_sphincs_shake_256f_simple;SIG_sphincs_shake_256s_simple")
+ ##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_LIST_STANDARDIZED_ALGS_END
++elseif (${OQS_ALGS_ENABLED} STREQUAL "NIST_2024")
++##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_LIST_STANDARDIZED_ALGS_START
++	filter_algs("KEM_ml_kem_512;KEM_ml_kem_768;KEM_ml_kem_1024;SIG_ml_dsa_44;SIG_ml_dsa_65;SIG_ml_dsa_87;SIG_sphincs_sha2_128f_simple;SIG_sphincs_sha2_128s_simple;SIG_sphincs_sha2_192f_simple;SIG_sphincs_sha2_192s_simple;SIG_sphincs_sha2_256f_simple;SIG_sphincs_sha2_256s_simple;SIG_sphincs_shake_128f_simple;SIG_sphincs_shake_128s_simple;SIG_sphincs_shake_192f_simple;SIG_sphincs_shake_192s_simple;SIG_sphincs_shake_256f_simple;SIG_sphincs_shake_256s_simple")
++##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_LIST_STANDARDIZED_ALGS_END
+ elseif(${OQS_ALGS_ENABLED} STREQUAL "NIST_R4")
+ 	filter_algs("KEM_classic_mceliece_348864;KEM_classic_mceliece_348864f;KEM_classic_mceliece_460896;KEM_classic_mceliece_460896f;KEM_classic_mceliece_6688128;KEM_classic_mceliece_6688128f;KEM_classic_mceliece_6960119;KEM_classic_mceliece_6960119f;KEM_classic_mceliece_8192128;KEM_classic_mceliece_8192128f;KEM_hqc_128;KEM_hqc_192;KEM_hqc_256;KEM_bike_l1;KEM_bike_l3;KEM_bike_l5")
+ elseif(${OQS_ALGS_ENABLED} STREQUAL "NIST_SIG_ONRAMP")

liboqs-0.12.0-acvp_patch.patch

@@ -0,0 +1,47 @@
+diff -up liboqs-0.12.0/tests/test_acvp_vectors.py.xxx liboqs-0.12.0/tests/test_acvp_vectors.py
+--- liboqs-0.12.0/tests/test_acvp_vectors.py.xxx	2025-01-02 12:42:53.623845023 +0100
++++ liboqs-0.12.0/tests/test_acvp_vectors.py	2025-01-02 12:44:42.340435783 +0100
+@@ -121,8 +121,9 @@ def test_acvp_vec_sig_keygen(sig_name):
+                     pk = testCase["pk"]
+                     sk = testCase["sk"]
+                     
++                    build_dir = helpers.get_current_build_dir_name()
+                     helpers.run_subprocess(
+-                        ['build/tests/vectors_sig', sig_name, "keyGen", seed, pk, sk]
++                        [f'{build_dir}/tests/vectors_sig', sig_name, "keyGen", seed, pk, sk]
+                     )
+ 
+         assert(variantFound == True)
+@@ -146,8 +147,9 @@ def test_acvp_vec_sig_gen_deterministic(
+                     sk = testCase["sk"]
+                     message = testCase["message"]
+                     signature = testCase["signature"]
++                    build_dir = helpers.get_current_build_dir_name()
+                     helpers.run_subprocess(
+-                        ['build/tests/vectors_sig', sig_name, "sigGen_det", sk, message, signature]
++                        [f'{build_dir}/tests/vectors_sig', sig_name, "sigGen_det", sk, message, signature]
+                     )
+ 
+         assert(variantFound == True)
+@@ -173,8 +175,9 @@ def test_acvp_vec_sig_gen_randomized(sig
+                     signature = testCase["signature"]
+                     rnd = testCase["rnd"]
+                     
++                    build_dir = helpers.get_current_build_dir_name()
+                     helpers.run_subprocess(
+-                        ['build/tests/vectors_sig', sig_name, "sigGen_rnd", sk, message, signature, rnd]
++                        [f'{build_dir}/tests/vectors_sig', sig_name, "sigGen_rnd", sk, message, signature, rnd]
+                     )
+ 
+         assert(variantFound == True)
+@@ -200,8 +203,9 @@ def test_acvp_vec_sig_ver(sig_name):
+                     signature = testCase["signature"]
+                     testPassed = "1" if testCase["testPassed"] else "0"
+                     
++                    build_dir = helpers.get_current_build_dir_name()
+                     helpers.run_subprocess(
+-                        ['build/tests/vectors_sig', sig_name, "sigVer", pk, message, signature, testPassed]
++                        [f'{build_dir}/tests/vectors_sig', sig_name, "sigVer", pk, message, signature, testPassed]
+                     )
+ 
+         assert(variantFound == True)

liboqs-0.12.0-openssl-memfuncs.patch

@@ -0,0 +1,278 @@
+From 21b0a7f55c495913b856cb4188de18c89aec7ee8 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Wed, 15 Jan 2025 15:11:30 +0900
+Subject: [PATCH 1/2] Do not assume OpenSSL memory functions when libcrypto is
+ dlopened
+
+Otherwise, when the OQS_DLOPEN_OPENSSL is defined but OpenSSL is
+used only partially, e.g., with OQS_USE_SHA3_OPENSSL=ON, there will be
+some unresolved symbols in the final artifact:
+
+```
+$ cmake -GNinja -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_AES_INSTRUCTIONS=OFF -DOQS_DIST_BUILD=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_DLOPEN_OPENSSL=ON -DCMAKE_BUILD_TYPE=Debug -LAH ..
+$ ninja
+$ nm -g lib/liboqs.so.0.12.1-dev | grep '^[[:space:]]*U '
+                 U __assert_fail@GLIBC_2.2.5
+                 U CRYPTO_free
+                 U CRYPTO_malloc
+                 U dlopen@GLIBC_2.34
+                 U dlsym@GLIBC_2.34
+```
+
+Signed-off-by: Daiki Ueno <dueno@redhat.com>
+---
+ src/common/common.c | 2 +-
+ src/common/common.h | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/common/common.c b/src/common/common.c
+index 795f3f97..6cfa0814 100644
+--- a/src/common/common.c
++++ b/src/common/common.c
+@@ -299,7 +299,7 @@ OQS_API void OQS_MEM_secure_free(void *ptr, size_t len) {
+ }
+ 
+ OQS_API void OQS_MEM_insecure_free(void *ptr) {
+-#if (defined(OQS_USE_OPENSSL) || defined(OQS_DLOPEN_OPENSSL)) && defined(OPENSSL_VERSION_NUMBER)
++#if defined(OQS_USE_OPENSSL) && defined(OPENSSL_VERSION_NUMBER)
+ 	OPENSSL_free(ptr);
+ #else
+ 	free(ptr); // IGNORE memory-check
+diff --git a/src/common/common.h b/src/common/common.h
+index e264db71..aebb1c20 100644
+--- a/src/common/common.h
++++ b/src/common/common.h
+@@ -26,8 +26,7 @@ extern "C" {
+  * using OpenSSL functions when OQS_USE_OPENSSL is defined, and
+  * standard C library functions otherwise.
+  */
+-#if (defined(OQS_USE_OPENSSL) || defined(OQS_DLOPEN_OPENSSL)) &&               \
+-    defined(OPENSSL_VERSION_NUMBER)
++#if defined(OQS_USE_OPENSSL) && defined(OPENSSL_VERSION_NUMBER)
+ #include <openssl/crypto.h>
+ 
+ /**
+-- 
+2.47.1
+
+
+From 185ea28636d14b97638404f53dea5b77d5dbe2f4 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Wed, 15 Jan 2025 16:28:59 +0900
+Subject: [PATCH 2/2] Wrap OpenSSL memory functions with OSSL_FUNC
+
+This enables those OpenSSL memory functions can be either resolved at
+build time or at run-time through dlopen. Note that we use CRYPTO_*
+functions instead of OPENSSL_* as the latter are defined as a macro
+and cannot be dynamically resolved.
+
+Signed-off-by: Daiki Ueno <dueno@redhat.com>
+---
+ src/common/common.c         | 33 ++++++++++++--
+ src/common/common.h         | 85 +++++++++++++------------------------
+ src/common/ossl_functions.h |  6 ++-
+ src/common/ossl_helpers.h   |  1 +
+ 4 files changed, 65 insertions(+), 60 deletions(-)
+
+diff --git a/src/common/common.c b/src/common/common.c
+index 6cfa0814..7f45e37b 100644
+--- a/src/common/common.c
++++ b/src/common/common.c
+@@ -300,7 +300,7 @@ OQS_API void OQS_MEM_secure_free(void *ptr, size_t len) {
+ 
+ OQS_API void OQS_MEM_insecure_free(void *ptr) {
+ #if defined(OQS_USE_OPENSSL) && defined(OPENSSL_VERSION_NUMBER)
+-	OPENSSL_free(ptr);
++	OSSL_FUNC(CRYPTO_free)(ptr, OPENSSL_FILE, OPENSSL_LINE);
+ #else
+ 	free(ptr); // IGNORE memory-check
+ #endif
+@@ -313,7 +313,7 @@ void *OQS_MEM_aligned_alloc(size_t alignment, size_t size) {
+ 		return NULL;
+ 	}
+ 	const size_t offset = alignment - 1 + sizeof(uint8_t);
+-	uint8_t *buffer = OPENSSL_malloc(size + offset);
++	uint8_t *buffer = OSSL_FUNC(CRYPTO_malloc)(size + offset, OPENSSL_FILE, OPENSSL_LINE);
+ 	if (!buffer) {
+ 		return NULL;
+ 	}
+@@ -321,7 +321,7 @@ void *OQS_MEM_aligned_alloc(size_t alignment, size_t size) {
+ 	ptrdiff_t diff = ptr - buffer;
+ 	if (diff > UINT8_MAX) {
+ 		// Free and return NULL if alignment is too large
+-		OPENSSL_free(buffer);
++		OSSL_FUNC(CRYPTO_free)(buffer, OPENSSL_FILE, OPENSSL_LINE);
+ 		errno = EINVAL;
+ 		return NULL;
+ 	}
+@@ -396,7 +396,7 @@ void OQS_MEM_aligned_free(void *ptr) {
+ #if defined(OQS_USE_OPENSSL)
+ 	// Use OpenSSL's free function
+ 	uint8_t *u8ptr = ptr;
+-	OPENSSL_free(u8ptr - u8ptr[-1]);
++	OSSL_FUNC(CRYPTO_free)(u8ptr - u8ptr[-1], OPENSSL_FILE, OPENSSL_LINE);
+ #elif defined(OQS_HAVE_ALIGNED_ALLOC) || defined(OQS_HAVE_POSIX_MEMALIGN) || defined(OQS_HAVE_MEMALIGN)
+ 	free(ptr); // IGNORE memory-check
+ #elif defined(__MINGW32__) || defined(__MINGW64__)
+@@ -410,3 +410,28 @@ void OQS_MEM_aligned_free(void *ptr) {
+ 	free(u8ptr - u8ptr[-1]); // IGNORE memory-check
+ #endif
+ }
++
++OQS_API void *OQS_MEM_malloc(size_t size) {
++#if defined(OQS_USE_OPENSSL)
++	return OSSL_FUNC(CRYPTO_malloc)(size, OPENSSL_FILE, OPENSSL_LINE);
++#else
++	return malloc(size); // IGNORE memory-check
++#endif
++}
++
++OQS_API void *OQS_MEM_calloc(size_t num_elements, size_t element_size) {
++#if defined(OQS_USE_OPENSSL)
++	return OSSL_FUNC(CRYPTO_zalloc)(num_elements * element_size,
++	                                OPENSSL_FILE, OPENSSL_LINE);
++#else
++	return calloc(num_elements, element_size); // IGNORE memory-check
++#endif
++}
++
++OQS_API char *OQS_MEM_strdup(const char *str) {
++#if defined(OQS_USE_OPENSSL)
++	return OSSL_FUNC(CRYPTO_strdup)(str, OPENSSL_FILE, OPENSSL_LINE);
++#else
++	return strdup(str); // IGNORE memory-check
++#endif
++}
+diff --git a/src/common/common.h b/src/common/common.h
+index aebb1c20..0dcf4489 100644
+--- a/src/common/common.h
++++ b/src/common/common.h
+@@ -19,61 +19,6 @@
+ extern "C" {
+ #endif
+ 
+-/**
+- * @brief Memory allocation and deallocation functions.
+- *
+- * These macros provide a unified interface for memory operations,
+- * using OpenSSL functions when OQS_USE_OPENSSL is defined, and
+- * standard C library functions otherwise.
+- */
+-#if defined(OQS_USE_OPENSSL) && defined(OPENSSL_VERSION_NUMBER)
+-#include <openssl/crypto.h>
+-
+-/**
+- * Allocates memory of a given size.
+- * @param size The size of the memory to be allocated in bytes.
+- * @return A pointer to the allocated memory.
+- */
+-#define OQS_MEM_malloc(size) OPENSSL_malloc(size)
+-
+-/**
+- * Allocates memory for an array of elements of a given size.
+- * @param num_elements The number of elements to allocate.
+- * @param element_size The size of each element in bytes.
+- * @return A pointer to the allocated memory.
+- */
+-#define OQS_MEM_calloc(num_elements, element_size)                             \
+-  OPENSSL_zalloc((num_elements) * (element_size))
+-/**
+- * Duplicates a string.
+- * @param str The string to be duplicated.
+- * @return A pointer to the newly allocated string.
+- */
+-#define OQS_MEM_strdup(str) OPENSSL_strdup(str)
+-#else
+-/**
+- * Allocates memory of a given size.
+- * @param size The size of the memory to be allocated in bytes.
+- * @return A pointer to the allocated memory.
+- */
+-#define OQS_MEM_malloc(size) malloc(size) // IGNORE memory-check
+-
+-/**
+- * Allocates memory for an array of elements of a given size.
+- * @param num_elements The number of elements to allocate.
+- * @param element_size The size of each element in bytes.
+- * @return A pointer to the allocated memory.
+- */
+-#define OQS_MEM_calloc(num_elements, element_size)                             \
+-  calloc(num_elements, element_size)    // IGNORE memory-check
+-/**
+- * Duplicates a string.
+- * @param str The string to be duplicated.
+- * @return A pointer to the newly allocated string.
+- */
+-#define OQS_MEM_strdup(str) strdup(str) // IGNORE memory-check
+-#endif
+-
+ /**
+  * Macro for terminating the program if x is
+  * a null pointer.
+@@ -235,6 +180,36 @@ OQS_API void OQS_destroy(void);
+  */
+ OQS_API const char *OQS_version(void);
+ 
++/**
++ * @brief Memory allocation and deallocation functions.
++ *
++ * These functions provide a unified interface for memory operations,
++ * using OpenSSL functions when OQS_USE_OPENSSL is defined, and
++ * standard C library functions otherwise.
++ */
++
++/**
++ * Allocates memory of a given size.
++ * @param size The size of the memory to be allocated in bytes.
++ * @return A pointer to the allocated memory.
++ */
++OQS_API void *OQS_MEM_malloc(size_t size);
++
++/**
++ * Allocates memory for an array of elements of a given size.
++ * @param num_elements The number of elements to allocate.
++ * @param element_size The size of each element in bytes.
++ * @return A pointer to the allocated memory.
++ */
++OQS_API void *OQS_MEM_calloc(size_t num_elements, size_t element_size);
++
++/**
++ * Duplicates a string.
++ * @param str The string to be duplicated.
++ * @return A pointer to the newly allocated string.
++ */
++OQS_API char *OQS_MEM_strdup(const char *str);
++
+ /**
+  * Constant time comparison of byte sequences `a` and `b` of length `len`.
+  * Returns 0 if the byte sequences are equal or if `len`=0.
+diff --git a/src/common/ossl_functions.h b/src/common/ossl_functions.h
+index 7e02898b..4779168c 100644
+--- a/src/common/ossl_functions.h
++++ b/src/common/ossl_functions.h
+@@ -60,4 +60,8 @@ VOID_FUNC(void, OPENSSL_cleanse, (void *ptr, size_t len), (ptr, len))
+ FUNC(int, RAND_bytes, (unsigned char *buf, int num), (buf, num))
+ FUNC(int, RAND_poll, (void), ())
+ FUNC(int, RAND_status, (void), ())
+-VOID_FUNC(void, OPENSSL_thread_stop, (void), ())
+\ No newline at end of file
++VOID_FUNC(void, OPENSSL_thread_stop, (void), ())
++FUNC(void *, CRYPTO_malloc, (size_t num, const char *file, int line), (num, file, line))
++FUNC(void *, CRYPTO_zalloc, (size_t num, const char *file, int line), (num, file, line))
++FUNC(char *, CRYPTO_strdup, (const char *str, const char *file, int line), (str, file, line))
++VOID_FUNC(void, CRYPTO_free, (void *ptr, const char *file, int line), (ptr, file, line))
+diff --git a/src/common/ossl_helpers.h b/src/common/ossl_helpers.h
+index 7587d80f..1abccea7 100644
+--- a/src/common/ossl_helpers.h
++++ b/src/common/ossl_helpers.h
+@@ -6,6 +6,7 @@
+ extern "C" {
+ #endif
+ 
++#include <openssl/crypto.h>
+ #include <openssl/err.h>
+ #include <openssl/evp.h>
+ #include <openssl/rand.h>
+-- 
+2.47.1
+

liboqs.spec

@@ -1,4 +1,4 @@
-%global oqs_version 0.10.1
+%global oqs_version 0.12.0
 Name:       liboqs
 Version:    %{oqs_version}
 Release:    2%{?dist}
@@ -10,8 +10,11 @@ Summary:    liboqs is an open source C library for quantum-safe cryptographic al
 #see https://github.com/open-quantum-safe/liboqs/blob/main/README.md#license for more details
 License:    MIT AND Apache-2.0 AND BSD-3-Clause AND (BSD-3-Clause OR GPL-1.0-or-later) AND CC0-1.0 AND Unlicense
 URL:        https://github.com/open-quantum-safe/liboqs.git
-Source:     https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{oqs_version}.tar.gz
-Patch1:	    liboqs-0.10.0-dlopen-openssl.patch
+Source:     https://github.com/open-quantum-safe/liboqs/archive/refs/tags/liboqs-%{oqs_version}.tar.gz
+Patch1:	    liboqs-0.12.0-acvp_patch.patch
+Patch2:	    liboqs-0.10.0-std-stricter.patch
+# https://github.com/open-quantum-safe/liboqs/pull/2043
+Patch3:	    liboqs-0.12.0-openssl-memfuncs.patch
 
 BuildRequires: ninja-build
 BuildRequires: cmake
@@ -61,7 +64,7 @@ sed -e '/COMMAND.*pytest/s|$| --ignore tests/test_code_conventions.py|' \
     -i tests/CMakeLists.txt
 
 %build
-%cmake -GNinja -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_AES_INSTRUCTIONS=OFF -DOQS_DIST_BUILD=ON -DOQS_ALGS_ENABLED=STD -DOQS_USE_SHA3_OPENSSL=ON -DOQS_DLOPEN_OPENSSL=ON -DCMAKE_BUILD_TYPE=Debug -LAH ..
+%cmake -GNinja -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_AES_INSTRUCTIONS=OFF -DOQS_DIST_BUILD=ON -DOQS_ALGS_ENABLED=NIST_2024 -DOQS_USE_SHA3_OPENSSL=ON -DOQS_DLOPEN_OPENSSL=ON -DCMAKE_BUILD_TYPE=Debug -LAH ..
 %cmake_build
 #ninja gen_docs
 
@@ -81,7 +84,7 @@ done
 %files
 %license LICENSE.txt
 %{_libdir}/liboqs.so.%{oqs_version}
-%{_libdir}/liboqs.so.5
+%{_libdir}/liboqs.so.7
 
 %files devel
 %{_libdir}/liboqs.so
@@ -98,6 +101,30 @@ done
 #%doc %%{_datadir}/doc/oqs/xml/*
 
 %changelog
+* Wed Jan 15 2025 Daiki Ueno <dueno@redhat.com> - 0.12.0-2
+- Avoid unresolved symbols when compiled with OQS_DLOPEN_OPENSSL
+  Resolves: RHEL-75157
+
+* Thu Jan 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.12.0-1
+- Rebasing to liboqs-0.12.0
+  Resolves: RHEL-65426
+
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.11.0-4
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
+
+* Thu Oct 24 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.11.0-3
+- Restoring ML-KEM-512 built out by accident
+  Resolves: RHEL-64284
+
+* Fri Oct 04 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.11.0-2
+- Removing Falcon from supported algorithms
+  Related: RHEL-56152
+
+* Mon Sep 30 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.11.0-1
+- Update to 0.11.0 version
+  Resolves: RHEL-56152
+
 * Mon Jul 08 2024 Dmitry Belyavskiy - 0.10.1-1
 - Rebase to 0.10.1 version (CVE-2024-36405)
   Resolves: RHEL-40699

plans/ci.fmf

@@ -0,0 +1,24 @@
+/fips-disabled-buildroot-disabled:
+  plan:
+    import:
+      url: https://pkgs.devel.redhat.com/git/tests/liboqs
+      name: /Plans/ci/fips-disabled-buildroot-disabled
+
+/fips-disabled-buildroot-enabled:
+  plan:
+    import:
+      url: https://pkgs.devel.redhat.com/git/tests/liboqs
+      name: /Plans/ci/fips-disabled-buildroot-enabled
+
+/fips-enabled-buildroot-disabled:
+  plan:
+    import:
+      url: https://pkgs.devel.redhat.com/git/tests/liboqs
+      name: /Plans/ci/fips-enabled-buildroot-disabled
+
+/fips-enabled-buildroot-enabled:
+  plan:
+    import:
+      url: https://pkgs.devel.redhat.com/git/tests/liboqs
+      name: /Plans/ci/fips-enabled-buildroot-enabled
+

sources

@@ -1 +1 @@
-SHA512 (0.10.1.tar.gz) = 7049c084d9bef2064ff5ad4964bf5071b2fe0553c2dfe7522b32b3a441fcdd46f718adeca63a163e95d5f86c3f092b02ffa3190822861f566b498654711c722d
+SHA512 (liboqs-0.12.0.tar.gz) = 93260f15c02108157fa595e252685c49c5fb6433d04b989c381da4e27169577f3011d9174b2ec0c110fff15d2d3c640a9833bf28aa53949e8f33c0e674b6e781