OQS provider should provide only standard groups
Resolves: RHEL-64277
This commit is contained in:
Dmitry Belyavskiy
parent
b26143ee4e
commit
2928a530b0
126
01-iana-kem-only.patch
Normal file
126
01-iana-kem-only.patch
Normal file
@ -0,0 +1,126 @@
|
||||
diff -up oqs-provider-0.7.0/oqsprov/oqsprov_capabilities.c.xxx oqs-provider-0.7.0/oqsprov/oqsprov_capabilities.c
|
||||
--- oqs-provider-0.7.0/oqsprov/oqsprov_capabilities.c.xxx 2024-10-24 17:53:18.851079647 +0200
|
||||
+++ oqs-provider-0.7.0/oqsprov/oqsprov_capabilities.c 2024-10-24 17:54:02.535120220 +0200
|
||||
@@ -138,122 +138,9 @@ static OQS_GROUP_CONSTANTS oqs_group_lis
|
||||
static const OSSL_PARAM oqs_param_group_list[][11] = {
|
||||
///// OQS_TEMPLATE_FRAGMENT_GROUP_NAMES_START
|
||||
|
||||
-#ifdef OQS_ENABLE_KEM_frodokem_640_aes
|
||||
- OQS_GROUP_ENTRY(frodo640aes, frodo640aes, frodo640aes, 0),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p256_frodo640aes, p256_frodo640aes, p256_frodo640aes, 1),
|
||||
- OQS_GROUP_ENTRY(x25519_frodo640aes, x25519_frodo640aes, x25519_frodo640aes,
|
||||
- 2),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_frodokem_640_shake
|
||||
- OQS_GROUP_ENTRY(frodo640shake, frodo640shake, frodo640shake, 3),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p256_frodo640shake, p256_frodo640shake, p256_frodo640shake,
|
||||
- 4),
|
||||
- OQS_GROUP_ENTRY(x25519_frodo640shake, x25519_frodo640shake,
|
||||
- x25519_frodo640shake, 5),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_frodokem_976_aes
|
||||
- OQS_GROUP_ENTRY(frodo976aes, frodo976aes, frodo976aes, 6),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p384_frodo976aes, p384_frodo976aes, p384_frodo976aes, 7),
|
||||
- OQS_GROUP_ENTRY(x448_frodo976aes, x448_frodo976aes, x448_frodo976aes, 8),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_frodokem_976_shake
|
||||
- OQS_GROUP_ENTRY(frodo976shake, frodo976shake, frodo976shake, 9),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p384_frodo976shake, p384_frodo976shake, p384_frodo976shake,
|
||||
- 10),
|
||||
- OQS_GROUP_ENTRY(x448_frodo976shake, x448_frodo976shake, x448_frodo976shake,
|
||||
- 11),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_frodokem_1344_aes
|
||||
- OQS_GROUP_ENTRY(frodo1344aes, frodo1344aes, frodo1344aes, 12),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p521_frodo1344aes, p521_frodo1344aes, p521_frodo1344aes,
|
||||
- 13),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_frodokem_1344_shake
|
||||
- OQS_GROUP_ENTRY(frodo1344shake, frodo1344shake, frodo1344shake, 14),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p521_frodo1344shake, p521_frodo1344shake,
|
||||
- p521_frodo1344shake, 15),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_kyber_512
|
||||
- OQS_GROUP_ENTRY(kyber512, kyber512, kyber512, 16),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p256_kyber512, p256_kyber512, p256_kyber512, 17),
|
||||
- OQS_GROUP_ENTRY(x25519_kyber512, x25519_kyber512, x25519_kyber512, 18),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_kyber_768
|
||||
- OQS_GROUP_ENTRY(kyber768, kyber768, kyber768, 19),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p384_kyber768, p384_kyber768, p384_kyber768, 20),
|
||||
- OQS_GROUP_ENTRY(x448_kyber768, x448_kyber768, x448_kyber768, 21),
|
||||
- OQS_GROUP_ENTRY(x25519_kyber768, x25519_kyber768, x25519_kyber768, 22),
|
||||
- OQS_GROUP_ENTRY(p256_kyber768, p256_kyber768, p256_kyber768, 23),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_kyber_1024
|
||||
- OQS_GROUP_ENTRY(kyber1024, kyber1024, kyber1024, 24),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p521_kyber1024, p521_kyber1024, p521_kyber1024, 25),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_ml_kem_512
|
||||
- OQS_GROUP_ENTRY(mlkem512, mlkem512, mlkem512, 26),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p256_mlkem512, p256_mlkem512, p256_mlkem512, 27),
|
||||
- OQS_GROUP_ENTRY(x25519_mlkem512, x25519_mlkem512, x25519_mlkem512, 28),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_ml_kem_768
|
||||
- OQS_GROUP_ENTRY(mlkem768, mlkem768, mlkem768, 29),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p384_mlkem768, p384_mlkem768, p384_mlkem768, 30),
|
||||
- OQS_GROUP_ENTRY(x448_mlkem768, x448_mlkem768, x448_mlkem768, 31),
|
||||
OQS_GROUP_ENTRY(X25519MLKEM768, X25519MLKEM768, X25519MLKEM768, 32),
|
||||
OQS_GROUP_ENTRY(SecP256r1MLKEM768, SecP256r1MLKEM768, SecP256r1MLKEM768,
|
||||
33),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_ml_kem_1024
|
||||
- OQS_GROUP_ENTRY(mlkem1024, mlkem1024, mlkem1024, 34),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p521_mlkem1024, p521_mlkem1024, p521_mlkem1024, 35),
|
||||
- OQS_GROUP_ENTRY(p384_mlkem1024, p384_mlkem1024, p384_mlkem1024, 36),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_bike_l1
|
||||
- OQS_GROUP_ENTRY(bikel1, bikel1, bikel1, 37),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p256_bikel1, p256_bikel1, p256_bikel1, 38),
|
||||
- OQS_GROUP_ENTRY(x25519_bikel1, x25519_bikel1, x25519_bikel1, 39),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_bike_l3
|
||||
- OQS_GROUP_ENTRY(bikel3, bikel3, bikel3, 40),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p384_bikel3, p384_bikel3, p384_bikel3, 41),
|
||||
- OQS_GROUP_ENTRY(x448_bikel3, x448_bikel3, x448_bikel3, 42),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_bike_l5
|
||||
- OQS_GROUP_ENTRY(bikel5, bikel5, bikel5, 43),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p521_bikel5, p521_bikel5, p521_bikel5, 44),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_hqc_128
|
||||
- OQS_GROUP_ENTRY(hqc128, hqc128, hqc128, 45),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p256_hqc128, p256_hqc128, p256_hqc128, 46),
|
||||
- OQS_GROUP_ENTRY(x25519_hqc128, x25519_hqc128, x25519_hqc128, 47),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_hqc_192
|
||||
- OQS_GROUP_ENTRY(hqc192, hqc192, hqc192, 48),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p384_hqc192, p384_hqc192, p384_hqc192, 49),
|
||||
- OQS_GROUP_ENTRY(x448_hqc192, x448_hqc192, x448_hqc192, 50),
|
||||
-#endif
|
||||
-#ifdef OQS_ENABLE_KEM_hqc_256
|
||||
- OQS_GROUP_ENTRY(hqc256, hqc256, hqc256, 51),
|
||||
-
|
||||
- OQS_GROUP_ENTRY(p521_hqc256, p521_hqc256, p521_hqc256, 52),
|
||||
-#endif
|
||||
- ///// OQS_TEMPLATE_FRAGMENT_GROUP_NAMES_END
|
||||
};
|
||||
|
||||
typedef struct oqs_sigalg_constants_st {
|
||||
@ -1,8 +1,8 @@
|
||||
%global oqs_version 0.7.0
|
||||
%global liboqs_min_version 0.11.0
|
||||
%global liboqs_min_version 0.11.0-3
|
||||
Name: oqsprovider
|
||||
Version: %{oqs_version}
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: oqsprovider is an OpenSSL provider for quantum-safe algorithms based on liboqs
|
||||
|
||||
License: Apache-2.0 AND MIT
|
||||
@ -10,6 +10,8 @@ URL: https://github.com/open-quantum-safe/oqs-provider.git
|
||||
Source0: https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/%{oqs_version}.tar.gz
|
||||
Source1: oqsprovider.conf
|
||||
|
||||
Patch01: 01-iana-kem-only.patch
|
||||
|
||||
Requires: liboqs >= %{liboqs_min_version}
|
||||
Requires: openssl
|
||||
BuildRequires: ninja-build
|
||||
@ -52,6 +54,10 @@ install -m644 '%{SOURCE1}' \
|
||||
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.d/oqsprovider.conf
|
||||
|
||||
%changelog
|
||||
* Thu Oct 24 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.7.0-2
|
||||
- OQS provider should provide only standard groups
|
||||
Resolves: RHEL-64277
|
||||
|
||||
* Thu Oct 17 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 0.7.0-1
|
||||
- Rebase oqsprovider to 0.7.0
|
||||
Resolves: RHEL-56155
|
||||
|
||||
Loading…
Reference in New Issue
Block a user