diff --git a/01-nosha1-test.patch b/01-nosha1-test.patch new file mode 100644 index 0000000..73299e0 --- /dev/null +++ b/01-nosha1-test.patch @@ -0,0 +1,12 @@ +diff -up oqs-provider-0.6.1/test/tlstest_helpers.c.xxx oqs-provider-0.6.1/test/tlstest_helpers.c +--- oqs-provider-0.6.1/test/tlstest_helpers.c.xxx 2024-10-03 17:54:19.127349786 +0200 ++++ oqs-provider-0.6.1/test/tlstest_helpers.c 2024-10-03 17:54:28.356566812 +0200 +@@ -28,7 +28,7 @@ int create_cert_key(OSSL_LIB_CTX *libctx + || !X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, + (unsigned char *)"localhost", -1, -1, 0) + || !X509_set_issuer_name(x509, name) +- || !X509_sign(x509, pkey, EVP_sha1()) ++ || !X509_sign(x509, pkey, EVP_sha256()) + || !(keybio = BIO_new_file(privkeyfilename, "wb")) + || !PEM_write_bio_PrivateKey(keybio, pkey, NULL, NULL, 0, NULL, NULL) + || !(certbio = BIO_new_file(certfilename, "wb")) diff --git a/oqsprovider.conf b/oqsprovider.conf new file mode 100644 index 0000000..c1b96cd --- /dev/null +++ b/oqsprovider.conf @@ -0,0 +1,5 @@ +[provider_sect] +oqsprovider = oqs_sect + +[oqs_sect] +activate = 1 diff --git a/oqsprovider.spec b/oqsprovider.spec index f99f0cd..f20569f 100644 --- a/oqsprovider.spec +++ b/oqsprovider.spec @@ -1,20 +1,25 @@ %global oqs_version 0.6.1 +%global liboqs_min_version 0.11.0 Name: oqsprovider Version: %{oqs_version} -Release: 1%{?dist} +Release: 2%{?dist} Summary: oqsprovider is an OpenSSL provider for quantum-safe algorithms based on liboqs License: Apache-2.0 AND MIT URL: https://github.com/open-quantum-safe/oqs-provider.git -Source: https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/%{oqs_version}.tar.gz +Source0: https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/%{oqs_version}.tar.gz +Source1: oqsprovider.conf -Requires: liboqs >= 0.10.1 +Patch1: 01-nosha1-test.patch + +Requires: liboqs >= %{liboqs_min_version} Requires: openssl BuildRequires: ninja-build BuildRequires: cmake BuildRequires: gcc BuildRequires: liboqs-devel BuildRequires: openssl-devel +BuildRequires: liboqs >= %{liboqs_min_version} %description oqs-provider fully enables quantum-safe cryptography for KEM key @@ -38,13 +43,21 @@ OPENSSL_CONF=/dev/null ctest -V mkdir -p $RPM_BUILD_ROOT/%{_libdir}/ossl-modules install %{_vpath_builddir}/lib/oqsprovider.so $RPM_BUILD_ROOT/%{_libdir}/ossl-modules (cd $RPM_BUILD_ROOT/%{_libdir}/ossl-modules/ && ln -s oqsprovider.so oqsprovider.so.%{oqs_version}) +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.d +install -m644 '%{SOURCE1}' \ + $RPM_BUILD_ROOT/%{_sysconfdir}/pki/tls/openssl.d/oqsprovider.conf %files %license LICENSE.txt %{_libdir}/ossl-modules/oqsprovider.so.%{oqs_version} %{_libdir}/ossl-modules/oqsprovider.so +%config(noreplace) %{_sysconfdir}/pki/tls/openssl.d/oqsprovider.conf %changelog +* Thu Oct 03 2024 Dmitry Belyavskiy - 0.6.1-2 +- Add drop-in configuration for oqsprovider + Resolves: RHEL-56891 + * Thu Jul 11 2024 Dmitry Belyavskiy - 0.6.1-1 - Rebase oqsprovider to 0.6.1 Resolves: RHEL-43146