Skip to content

Commit

Permalink
openssl_quantum: init at 3.3.2
Browse files Browse the repository at this point in the history
Addded the ability to allow for providers with openssl. Added openssl_quantum using oqs-provider.
  • Loading branch information
siddharth-narayan committed Jan 11, 2025
1 parent d53b472 commit e5751e2
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 4 deletions.
47 changes: 44 additions & 3 deletions pkgs/development/libraries/openssl/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
fetchurl,
buildPackages,
perl,
oqs-provider,
coreutils,
writeShellScript,
makeBinaryWrapper,
Expand All @@ -20,6 +21,9 @@
conf ? null,
removeReferencesTo,
testers,
providers ? [ ],
autoloadProviders ? false,
extraConfig,
}:

# Note: this package is used for bootstrapping fetchurl, and thus
Expand Down Expand Up @@ -264,7 +268,6 @@ let
--add-flags "rehash"
''
+ ''
mkdir $dev
mv $out/include $dev/
Expand All @@ -275,6 +278,30 @@ let
''
+ lib.optionalString (conf != null) ''
cat ${conf} > $etc/etc/ssl/openssl.cnf
''

+ lib.concatStringsSep "\n" (
map
(provider: ''
cp --no-preserve=mode ${provider.package}/lib/ossl-modules/* "$out/lib/ossl-modules"
${lib.optionalString (autoloadProviders) ''
sed -i '/^[[:space:]]*#/!s/\[provider_sect\]/[provider_sect]\n${provider.name} = ${provider.name}_sect/g' $etc/etc/ssl/openssl.cnf
echo "[${provider.name}_sect]" >> $etc/etc/ssl/openssl.cnf
echo "activate = 1" >> $etc/etc/ssl/openssl.cnf
''}
'')

providers
)

+ lib.optionalString (autoloadProviders) ''
# The default provider needs loading when there are other providers loaded by default
sed -i '/^[[:space:]]*#/!s/\[default_sect\]/[default_sect]\nactivate = 1/g' $etc/etc/ssl/openssl.cnf
''

+ ''
echo "${extraConfig}" >> $etc/etc/ssl/openssl.cnf
'';

postFixup =
Expand Down Expand Up @@ -309,9 +336,8 @@ let
platforms = lib.platforms.all;
} // extraMeta;
});

in
{
rec {
# intended version "policy":
# - 1.1 as long as some package exists, which does not build without it
# (tracking issue: https://github.com/NixOS/nixpkgs/issues/269713)
Expand Down Expand Up @@ -391,4 +417,19 @@ in
license = lib.licenses.asl20;
};
};

openssl_quantum = openssl_3_3.override {
providers = [
{
name = "oqsprovider";
package = oqs-provider;
}
];
autoloadProviders = true;
# TLS groups should be post quantum by default
extraConfig = ''
[tls_system_default]
Groups = X25519MLKEM768:x25519_kyber768:x25519:P-521:prime256v1
'';
};
}
3 changes: 2 additions & 1 deletion pkgs/top-level/all-packages.nix
Original file line number Diff line number Diff line change
Expand Up @@ -10465,7 +10465,8 @@ with pkgs;
inherit (callPackages ../development/libraries/openssl { })
openssl_1_1
openssl_3
openssl_3_3;
openssl_3_3
openssl_quantum;

openwebrx = callPackage ../applications/radio/openwebrx {
inherit (python3Packages)
Expand Down

0 comments on commit e5751e2

Please sign in to comment.