From 930e978ef8e717424afa9159bcf899b119815032 Mon Sep 17 00:00:00 2001
From: Basil Hess <bhe@zurich.ibm.com>
Date: Wed, 10 Apr 2024 14:01:28 +0000
Subject: [PATCH] update to nginx 1.25.4 & reference composite sigs in html
 update test server build script to use liboqs 0.10.0

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
---
 nginx/fulltest/Dockerfile      | 10 +++++-----
 nginx/fulltest/build_ubuntu.sh |  4 ++--
 nginx/fulltest/index-template  |  1 +
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/nginx/fulltest/Dockerfile b/nginx/fulltest/Dockerfile
index 3258ebc..1514404 100644
--- a/nginx/fulltest/Dockerfile
+++ b/nginx/fulltest/Dockerfile
@@ -3,11 +3,11 @@
 # First: global build arguments:
 
 # liboqs build type variant; maximum portability of image:
-ARG LIBOQS_VERSION=0.9.2
+ARG LIBOQS_VERSION=0.10.0
 
 ARG OPENSSL_VERSION=master
 
-ARG OQS_PROVIDER_VERSION=0.5.2
+ARG OQS_PROVIDER_VERSION=0.6.0-rc1
 
 ARG LIBOQS_BUILD_DEFINES="-DOQS_DIST_BUILD=ON"
 
@@ -26,7 +26,7 @@ ARG SIG_ALG="dilithium3"
 ARG DEFAULT_GROUPS=x25519:x448:prime256v1:secp384r1:secp521r1:kyber512:p256_kyber512:kyber768:p384_kyber768:kyber1024:p521_kyber1024
 
 # define the nginx version to include
-ARG NGINX_VERSION=1.25.3
+ARG NGINX_VERSION=1.25.4
 
 # Define the degree of parallelism when building the image; leave the number away only if you know what you are doing
 ARG MAKE_DEFINES="-j"
@@ -81,7 +81,7 @@ RUN mkdir -p ${OSSLDIR}/ssl && cp /opt/openssl/apps/openssl.cnf ${OSSLDIR}/ssl/
 # build oqsprovider
 WORKDIR /opt/oqs-provider
 
-RUN ln -s /opt/nginx/include/oqs ${OSSLDIR}/include && rm -rf build && cmake -DCMAKE_C_STANDARD_LIBRARIES="-ldl" -DOPENSSL_ROOT_DIR=${OSSLDIR} -DCMAKE_PREFIX_PATH=${INSTALLDIR} -S . -B build && cmake --build build && mkdir -p ${OSSLDIR}/lib64/ossl-modules && cp build/lib/oqsprovider.so ${OSSLDIR}/lib64/ossl-modules && rm -rf ${INSTALLDIR}/lib64
+RUN ln -s /opt/nginx/include/oqs ${OSSLDIR}/include && rm -rf build && cmake -DCMAKE_C_STANDARD_LIBRARIES="-ldl -pthread" -DOPENSSL_ROOT_DIR=${OSSLDIR} -DCMAKE_PREFIX_PATH=${INSTALLDIR} -S . -B build && cmake --build build && mkdir -p ${OSSLDIR}/lib64/ossl-modules && cp build/lib/oqsprovider.so ${OSSLDIR}/lib64/ossl-modules && rm -rf ${INSTALLDIR}/lib64
 
 WORKDIR ${INSTALLDIR}
 
@@ -156,4 +156,4 @@ COPY --from=intermediate ${CAROOTDIR} ${CAROOTDIR}
 RUN tar czvf oqs-nginx-${LIBOQS_VERSION}.tgz ${BASEDIR}
 
 # Package for root CA cert and key
-RUN tar czvf oqs-testserver-rootca-${LIBOQS_VERSION}.tgz ${CAROOTDIR}
\ No newline at end of file
+RUN tar czvf oqs-testserver-rootca-${LIBOQS_VERSION}.tgz ${CAROOTDIR}
diff --git a/nginx/fulltest/build_ubuntu.sh b/nginx/fulltest/build_ubuntu.sh
index 07b106c..dc33b78 100755
--- a/nginx/fulltest/build_ubuntu.sh
+++ b/nginx/fulltest/build_ubuntu.sh
@@ -9,7 +9,7 @@
 docker build --no-cache -t oqs-nginx-fulltest-provider .
 
 # Copy deployment tar from image
-docker cp $(docker create oqs-nginx-fulltest-provider:latest):oqs-nginx-0.9.2.tgz .
+docker cp $(docker create oqs-nginx-fulltest-provider:latest):oqs-nginx-0.10.0.tgz .
 
 # Copy root ca tar from image
-docker cp $(docker create oqs-nginx-fulltest-provider:latest):oqs-testserver-rootca-0.9.2.tgz .
\ No newline at end of file
+docker cp $(docker create oqs-nginx-fulltest-provider:latest):oqs-testserver-rootca-0.10.0.tgz .
\ No newline at end of file
diff --git a/nginx/fulltest/index-template b/nginx/fulltest/index-template
index 215c392..19d1cc0 100644
--- a/nginx/fulltest/index-template
+++ b/nginx/fulltest/index-template
@@ -33,6 +33,7 @@ tr:nth-child(even) {
 <p>This nginx server supports</p>
 <ul>
 <li>the TLS1.3 specification with QSC enhancement as specified in <a href="https://tools.ietf.org/html/draft-ietf-tls-hybrid-design-06">https://tools.ietf.org/html/draft-ietf-tls-hybrid-design-06</a>.</li>
+<li>The signature algorithms with prefix mldsa*_ are composite signatures as specified in <a href="https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/10">https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/10</a>.</li>
 <li>Code points/curve IDs of KEM algorithms are implemented with the highest numbers available for each algorithm listed <a href="https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md">here</a>. </li>
 <li>Code points/OIDs of SIG algorithms are implemented with the highest numbers available for each algorithm as listed <a href="https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md">here</a>. </li>
 </ul>