From 8a96e57d503798b4ae1dc084bab89c7a871d9832 Mon Sep 17 00:00:00 2001 From: pi-314159 <74706004+pi-314159@users.noreply.github.com> Date: Thu, 19 Sep 2024 05:29:58 +0000 Subject: [PATCH] Update * Modify algorithms in CI due to the change in hybrid signature algorithms in OQS-BoringSSL * Update cURL Signed-off-by: pi-314159 <74706004+pi-314159@users.noreply.github.com> --- .github/workflows/quic.yml | 4 ++-- curl/Dockerfile-QUIC | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/quic.yml b/.github/workflows/quic.yml index 2b7f1169..e550aa6c 100644 --- a/.github/workflows/quic.yml +++ b/.github/workflows/quic.yml @@ -30,8 +30,8 @@ jobs: - name: Generate a quantum-safe certificate chain run: | docker run -v shared-1:/certs $TARGET_NAME/openssl3 /bin/sh -c "\ - openssl req -x509 -new -newkey p256_falcon512 -keyout /certs/CA.key -out /certs/CA.crt -nodes -subj '/C=US/O=Open Quantum Safe/CN=OQS Demos' -days 1461 && \ - openssl req -new -newkey mldsa87 -keyout /certs/server.key -out /certs/server.csr -nodes -subj /CN=host.docker.internal && \ + openssl req -x509 -new -newkey rsa3072_falcon512 -keyout /certs/CA.key -out /certs/CA.crt -nodes -subj '/C=US/O=Open Quantum Safe/CN=OQS Demos' -days 1461 && \ + openssl req -new -newkey sphincssha2128fsimple -keyout /certs/server.key -out /certs/server.csr -nodes -subj /CN=host.docker.internal && \ openssl x509 -req -in /certs/server.csr -out /certs/server.crt -CA /certs/CA.crt -CAkey /certs/CA.key -CAcreateserial -days 365" shell: bash - name: Build NGINX with QUIC support and start the server diff --git a/curl/Dockerfile-QUIC b/curl/Dockerfile-QUIC index 37d4ac76..408a50fb 100644 --- a/curl/Dockerfile-QUIC +++ b/curl/Dockerfile-QUIC @@ -1,6 +1,6 @@ FROM ubuntu:latest AS build -ARG CURL_VERSION=8.9.1 +ARG CURL_VERSION=8.10.1 ARG QUICHE_VERSION=0.22.0 RUN apt update && apt install cmake gcc ninja-build libunwind-dev pkg-config build-essential cargo git wget -y && cd /root && \ @@ -13,7 +13,7 @@ RUN apt update && apt install cmake gcc ninja-build libunwind-dev pkg-config bui # Build quiche cd /root && git clone --recursive -b ${QUICHE_VERSION} https://github.com/cloudflare/quiche && cd quiche/quiche/deps && rm -R boringssl && ln -s /root/bssl boringssl && cd /root/quiche && cargo build --package quiche --release --features ffi,pkg-config-meta,qlog && cp -p target/release/libquiche.so /usr/local/lib/bssl/libquiche.so.0 && \ # Build curl - cd /root && wget https://curl.se/download/curl-${CURL_VERSION}.tar.gz && tar -zxf curl-${CURL_VERSION}.tar.gz && rm -R curl-${CURL_VERSION}.tar.gz && mv curl-${CURL_VERSION} curl && cd curl && LIBS=-lpthread ./configure LDFLAGS="-Wl,-rpath,/usr/local/lib/bssl" --with-openssl=/root/bssl/install --with-quiche=/root/quiche/target/release --prefix="/usr/local/curl" && make && make install + cd /root && wget https://curl.se/download/curl-${CURL_VERSION}.tar.gz && tar -zxf curl-${CURL_VERSION}.tar.gz && rm -R curl-${CURL_VERSION}.tar.gz && mv curl-${CURL_VERSION} curl && cd curl && LIBS=-lpthread ./configure LDFLAGS="-Wl,-rpath,/usr/local/lib/bssl" --with-openssl=/root/bssl/install --with-quiche=/root/quiche/target/release --without-libpsl --prefix="/usr/local/curl" && make && make install FROM ubuntu:latest