Rebasing liboqs stuff to the latest NIST-approved versions of PQ cryptography
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2025-cc4e64ede9
Please login to add feedback.
This update's test gating status has been changed to 'waiting'.
This update has been submitted for testing by bodhi.
Thanks, but don't we need gnutls to be configured with --with-liboqs=yes/link/dlopen to actually use the new PQ crypto? The build log suggests that this is not the case.
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
This update's test gating status has been changed to 'passed'.
@cmorris good catch, I can lower the liboqs requirement to enable PQC support in F41 as well, though it would also be ok to drop the gnutls build from this update, as it turned out that gnutls didn't use liboqs in F41 or earlier @dbelyavs.
@ueno yes, please drop then
@ueno knows the state of gnutls best, and perhaps would prefer to wait for 3.8.9, if that is imminent. As far as I'm concerned, the sooner everyone has FIPS 203, 204, and 205 enabled by default, and the latest versions of the other algorithms available to test, the better; and even a slightly mis-configured 3.8.8 is an improvement over 3.8.6, if only for the better multiple ocsp record and malformed compress_certificate handling.
dbelyavs edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been pushed to testing.
I'm afraid this liboqs package can only be used with openssl applications for now, as it has an implicit dependency on libcrypto functions:
I guess we could use the native memory allocation functions by removing
defined(OQS_DLOPEN_OPENSSL)
condition from the#if
's in src/common/common.[ch].Works.
Works great! LGTM! =)
This update can be pushed to stable now if the maintainer wishes
dbelyavs edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by dbelyavs.
This update's test gating status has been changed to 'waiting'.
no regressions noted
dbelyavs edited this update.
New build(s):
Removed build(s):
Karma has been reset.
I hope this is the final state of the project
This update's test gating status has been changed to 'passed'.
dbelyavs edited this update.
This update has been pushed to testing.
Works great here.
Also noted that it doesn't cause gnutls to link libssl (presumably because it uses dlopen to get liboqs), as that would have caused problems with our application.
Works great here, "gnutls-cli --list | grep Pub" lists ML-KEM-768 for me.
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by dbelyavs.
This update has been pushed to stable.
Somehow the mingw static library is missing various pkcs functions, which was not the case with the previous release. (Something to do with building against p11-key, I suppose):
I suppose that's because p11-kit doesn't have a package for F42 and higher (lack of maintainer, etc.), but there is a package that installs on F41, so removing support for p11-kit functions on F41 as well is an unexpected regression.