testing

README.md

@@ -23,7 +23,7 @@ Currently available integrations at their respective support level:
 | **nginx**         | [Github: oqs-demos/nginx](nginx)                         | [Dockerhub: openquantumsafe/nginx](https://hub.docker.com/repository/docker/openquantumsafe/nginx), [Dockerhub: openquantumsafe/nginx-quic](https://hub.docker.com/repository/docker/openquantumsafe/nginx-quic)                            | [![nginx](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/nginx.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/nginx.yml) Maintained: @baentsch, @bhess, @pi-314159
 | **Chromium**      | [Github: oqs-demos/chromium](chromium) (limited support) | -                                                                                                                                                                                                                                           | Maintained: @pi-314159
 | **Locust**        | [Github: oqs-demos/locust](locust)                       | -                                                                                                                                                                                                                                           | [![locust](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/locust.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/locust.yml) Maintained: @davidgca
-| **Wireshark**     | [Github: oqs-demos/wireshark](wireshark)                 | [Dockerhub: openquantumsafe/wireshark](https://hub.docker.com/repository/docker/openquantumsafe/wireshark)                                                                                                                                  | [![wireshark](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/wireshark.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/wireshark.yml) Maintained: @hawazyn
+| **Wireshark**     | [Github: oqs-demos/wireshark](wireshark)                 | [Dockerhub: openquantumsafe/wireshark](https://hub.docker.com/repository/docker/openquantumsafe/wireshark)                                                                                                                                  | [![wireshark](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/wireshark.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/wireshark.yml) Maintained: @alraddady
 | **OpenSSH**       | [Github: oqs-demos/openssh](openssh)                     | [Dockerhub: openquantumsafe/openssh](https://hub.docker.com/repository/docker/openquantumsafe/openssh)                                                                                                                                      | [![openssh](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openssh.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openssh.yml) Unmaintained
 | **OpenVPN**       | [Github: oqs-demos/openvpn](openvpn)                     | [Dockerhub: openquantumsafe/openvpn](https://hub.docker.com/repository/docker/openquantumsafe/openvpn)                                                                                                                                      | [![openvpn](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openvpn.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openvpn.yml) Unmaintained
 | **ngtcp2**        | [Github: oqs-demos/ngtcp2](ngtcp2)                       | Dockerhub: [Server: openquantumsafe/ngtcp2-server](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-server), [Client: openquantumsafe/ngtcp2-client](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-client) | [![ngtcp2](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/ngtcp2.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/ngtcp2.yml) Unmaintained

curl/Dockerfile

@@ -3,7 +3,7 @@ ARG ALPINE_VERSION=3.21
 ARG OPENSSL_TAG=openssl-3.4.0
 ARG LIBOQS_TAG=0.12.0
 ARG OQSPROVIDER_TAG=0.8.0
-ARG CURL_VERSION=8.11.1
+ARG CURL_VERSION=8.13.0
 ARG INSTALLDIR=/opt/oqssa
 
 # Specify supported signature and key encapsulation mechanisms (KEM) algorithms.

curl/Dockerfile-QUIC

@@ -1,5 +1,5 @@
-ARG CURL_VERSION=8.11.1
-ARG QUICHE_VERSION=0.22.0
+ARG CURL_VERSION=8.13.0
+ARG QUICHE_VERSION=0.24.5
 
 # Stage 1: Build - Compile and assemble all necessary components and dependencies.
 FROM ubuntu:latest AS build

h2load/Dockerfile

@@ -5,7 +5,7 @@ ARG ALPINE_VERSION=3.21
 ARG OPENSSL_TAG=openssl-3.4.0
 ARG LIBOQS_TAG=0.12.0
 ARG OQSPROVIDER_TAG=0.8.0
-ARG NGHTTP2_TAG=v1.64.0
+ARG NGHTTP2_TAG=v1.65.0
 ARG INSTALLDIR=/opt/oqssa
 
 # Stage 1: Build - Compile and assemble all necessary components and dependencies.

httpd/Dockerfile

@@ -3,7 +3,7 @@ ARG ALPINE_VERSION=3.21
 ARG OPENSSL_TAG=openssl-3.4.0
 ARG LIBOQS_TAG=0.12.0
 ARG OQSPROVIDER_TAG=0.8.0
-ARG HTTPD_VERSION=2.4.62
+ARG HTTPD_VERSION=2.4.63
 ARG APR_VERSION=1.7.5
 ARG APRU_VERSION=1.6.3
 ARG OPENSSL_PATH=/opt/openssl

locust/Dockerfile

@@ -1,57 +1,35 @@
-# define the liboqs tag to be used
+# Define build arguments for version tags, installation paths, and configurations
+ARG ALPINE_VERSION=3.21
+ARG OPENSSL_BRANCH=openssl-3.4.0
 ARG LIBOQS_TAG=0.11.0
-
-# define the oqsprovider tag to be used
-ARG OQSPROVIDER_TAG=0.7.0
-
-# define the openssl version to be baked in
-ARG OPENSSL_BRANCH=openssl-3.3.2
-
-# Default location where all binaries wind up:
+ARG OQSPROVIDER_TAG=0.8.0
+ARG PYTHON_VERSION=3.13.2
 ARG INSTALLDIR=/opt/oqssa
 
-# Default Python version to be used
-ARG PYTHON_VERSION=3.12.6
-
-# liboqs build type variant; maximum portability of image:
-ARG LIBOQS_BUILD_DEFINES="-DOQS_DIST_BUILD=ON"
-
-# Default root CA signature algorithm; can be set to any listed at https://github.com/open-quantum-safe/oqs-provider#algorithms
+# Specify supported signature and key encapsulation mechanisms (KEM) algorithms
 ARG SIG_ALG="dilithium3"
-
-# Default KEM algorithms; can be set to any listed at https://github.com/open-quantum-safe/oqs-provider#algorithms
 ARG DEFAULT_GROUPS="x25519:x448:kyber512:p256_kyber512:kyber768:p384_kyber768:kyber1024:p521_kyber1024"
 
-# Define the degree of parallelism when building the image; leave the number away only if you know what you are doing
-ARG MAKE_DEFINES="-j 16"
-
-# Define the Alpine version to be used
-ARG ALPINE_VERSION=3.20.3
 
 FROM alpine:${ALPINE_VERSION}
 # Take in all global args
 ARG LIBOQS_TAG
 ARG OQSPROVIDER_TAG
 ARG INSTALLDIR
-ARG LIBOQS_BUILD_DEFINES
 ARG SIG_ALG
 ARG DEFAULT_GROUPS
-ARG MAKE_DEFINES
 ARG PYTHON_VERSION
 ARG OPENSSL_BRANCH
 
 LABEL version="1"
 
-ENV DEBIAN_FRONTEND noninteractive
 ENV LD_LIBRARY_PATH=${INSTALLDIR}/lib
 
-RUN apk update && apk upgrade
 
 # Get all software packages required for builing all components:
-RUN apk add build-base linux-headers \
-            libtool automake autoconf cmake ninja \
-            make \
-            git wget vim nano zlib-dev py3-pip tcpdump python3-dev
+RUN apk update && apk --no-cache add build-base linux-headers \
+    libtool automake autoconf cmake ninja make \
+    git wget vim nano zlib-dev py3-pip tcpdump python3-dev
 
 # get all sources
 WORKDIR /opt
@@ -62,16 +40,14 @@ RUN git clone --depth 1 --branch ${LIBOQS_TAG} https://github.com/open-quantum-s
 # build OpenSSL3
 WORKDIR /opt/openssl
 RUN LDFLAGS="-Wl,-rpath -Wl,${INSTALLDIR}/lib64" ./config shared enable-zlib no-comp --prefix=${INSTALLDIR} && \
-    make ${MAKE_DEFINES} && make install_sw install_ssldirs install_dev && \
+    make -j("nproc") && make install_sw install_ssldirs install_dev && \
     if [ -d ${INSTALLDIR}/lib64 ]; then ln -s ${INSTALLDIR}/lib64 ${INSTALLDIR}/lib; fi && \
     if [ -d ${INSTALLDIR}/lib ]; then ln -s ${INSTALLDIR}/lib ${INSTALLDIR}/lib64; fi
 
-
 # build liboqs
-WORKDIR /opt/liboqs
-RUN mkdir build &&  \
-    cd build  &&  \
-    cmake -G"Ninja" .. ${LIBOQS_BUILD_DEFINES} -DCMAKE_INSTALL_PREFIX=${INSTALLDIR}  &&  \
+WORKDIR /opt/liboqs/build
+RUN cmake -G"Ninja" .. -DOQS_DIST_BUILD=ON  \
+    -DCMAKE_INSTALL_PREFIX=${INSTALLDIR}  &&  \
     ninja install
 
 # set path to use 'new' openssl. Dyn libs have been properly linked in to match
@@ -105,11 +81,10 @@ RUN wget --no-check-certificate https://test.openquantumsafe.org/CA.crt &&  \
     mv CA.crt oqs-testca.pem
 
 # Install Locust
-RUN mkdir /home/locust && cd /home/locust
+WORKDIR /home/locust
 ENV CFLAGS="-I/opt/python-${PYTHON_VERSION}-custom/include/${PYTHON_VERSION}"
 ENV LDFLAGS="-L/opt/python-${PYTHON_VERSION}-custom/lib"
 COPY requirements.txt /home/locust
 RUN pip3 install --break-system-packages --upgrade pip
 RUN pip3 install  --break-system-packages -r /home/locust/requirements.txt
 ADD / /mnt/locust
-

mosquitto/Dockerfile

@@ -1,39 +1,21 @@
-# Original Dockerfile made by Chia-Chin Chung <60947091s@gapps.ntnu.edu.tw>
-# Multi-stage build: First the full builder image:
+# Original Dockerfile written by Chia-Chin Chung <60947091s@gapps.ntnu.edu.tw>
 
-# define the openssl tag to be used
+# Define build arguments for version tags, installation paths, and configurations.
+ARG UBUNTU_VERSION=24.04
 ARG OPENSSL_TAG=openssl-3.4.0
-
-# define the liboqs tag to be used
 ARG LIBOQS_TAG=0.12.0
-
-# define the oqsprovider tag to be used
 ARG OQSPROVIDER_TAG=0.8.0
-
-# Default location where all binaries wind up:
+ARG MOSQUITTO_TAG=v2.0.20
 ARG INSTALLDIR=/opt/oqssa
-
-# liboqs build type variant; maximum portability of image:
-ARG LIBOQS_BUILD_DEFINES="-DOQS_DIST_BUILD=ON"
-
-# Default KEM algorithms to be utilized
 ARG KEM_ALGLIST="mlkem768:p384_mlkem768"
-
-# Default Signature algorithm to be used
 ARG SIG_ALG="mldsa65"
-
-ARG MOSQUITTO_TAG=v2.0.20
-
-# define IP addresses or Domain Name
 ARG BROKER_IP=localhost
 ARG PUB_IP=localhost
 ARG SUB_IP=localhost
-
-# choose the shell script(simple example)
 ARG EXAMPLE=broker-start.sh
 
 # First stage: the full build image:
-FROM ubuntu:22.04 AS builder
+FROM ubuntu:${UBUNTU_VERSION} AS builder
 
 # Set timezone
 ARG TZ=Europe/London
@@ -43,71 +25,56 @@ ARG OPENSSL_TAG
 ARG LIBOQS_TAG
 ARG OQSPROVIDER_TAG
 ARG INSTALLDIR
-ARG HAPROXYDIR
-ARG LIBOQS_BUILD_DEFINES
 ARG KEM_ALGLIST
 ARG MOSQUITTO_TAG
 
-# Update image and install all prerequisites
-RUN apt update && apt install -y build-essential \
-    cmake \
-    gcc \
-    libtool \
-    libssl-dev \
-    make \
-    ninja-build \
-    git \
-    doxygen \
-    libcjson1 \
-    libcjson-dev \
-    uthash-dev \
-    libcunit1-dev \
-    libsqlite3-dev \
-    xsltproc \
-    docbook-xsl && \
-    apt clean
-
-# get all sources
+# Install dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential cmake gcc libtool libssl-dev \
+    make ninja-build git doxygen libcjson1 libcjson-dev \
+    uthash-dev libcunit1-dev libsqlite3-dev xsltproc docbook-xsl \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Clone source repositories
 WORKDIR /opt
 RUN git clone --depth 1 --branch ${LIBOQS_TAG} https://github.com/open-quantum-safe/liboqs && \
     git clone --depth 1 --branch ${OPENSSL_TAG} https://github.com/openssl/openssl.git && \
     git clone --depth 1 --branch ${OQSPROVIDER_TAG} https://github.com/open-quantum-safe/oqs-provider.git && \
     git clone --depth 1 --branch ${MOSQUITTO_TAG} https://github.com/eclipse/mosquitto.git
 
-# build liboqs
-WORKDIR /opt/liboqs
-RUN mkdir build && cd build && \
-    cmake -G"Ninja" .. ${LIBOQS_BUILD_DEFINES} -DCMAKE_INSTALL_PREFIX=${INSTALLDIR} && \
+# Build and install liboqs
+WORKDIR /opt/liboqs/build
+RUN cmake -G"Ninja" .. -DOQS_DIST_BUILD=ON -DCMAKE_INSTALL_PREFIX=${INSTALLDIR} && \
     ninja install
 
-# build OpenSSL3
+# Build and install OpenSSL with rpath pointing to custom lib64
 WORKDIR /opt/openssl
-RUN LDFLAGS="-Wl,-rpath -Wl,${INSTALLDIR}/lib64" ./config shared --prefix=${INSTALLDIR} && \
-    make -j $(nproc) && \
-    make install_sw install_ssldirs && \
-    if [ -d ${INSTALLDIR}/lib64 ]; then ln -s ${INSTALLDIR}/lib64 ${INSTALLDIR}/lib; fi && \
-    if [ -d ${INSTALLDIR}/lib ]; then ln -s ${INSTALLDIR}/lib ${INSTALLDIR}/lib64; fi
+RUN LDFLAGS="-Wl,-rpath -Wl,${INSTALLDIR}/lib64" ./config shared --prefix="${INSTALLDIR}" && \
+    make -j"$(nproc)" && make install_sw install_ssldirs && \
+    if [ -d "${INSTALLDIR}/lib64" ]; then ln -s "${INSTALLDIR}/lib64" "${INSTALLDIR}/lib"; fi && \
+    if [ -d "${INSTALLDIR}/lib" ]; then ln -s "${INSTALLDIR}/lib" "${INSTALLDIR}/lib64"; fi
 
-# set path to use 'new' openssl. Dyn libs have been properly linked in to match
+# Update PATH to use newly installed OpenSSL
 ENV PATH="${INSTALLDIR}/bin:${PATH}"
 
-# build & install provider (and activate by default)
+# Build and install OQS provider, activate it by editing openssl.cnf
 WORKDIR /opt/oqs-provider
 RUN ln -s ../openssl . && \
     cmake -DOPENSSL_ROOT_DIR=${INSTALLDIR} -DCMAKE_BUILD_TYPE=Release -DCMAKE_PREFIX_PATH=${INSTALLDIR} -S . -B _build && \
-    cmake --build _build  && cp _build/lib/oqsprovider.so ${INSTALLDIR}/lib64/ossl-modules && \
-    sed -i "s/default = default_sect/default = default_sect\noqsprovider = oqsprovider_sect/g" /opt/oqssa/ssl/openssl.cnf && \
-    sed -i "s/\[default_sect\]/\[default_sect\]\nactivate = 1\n\[oqsprovider_sect\]\nactivate = 1\n/g" /opt/oqssa/ssl/openssl.cnf && \
-    sed -i "s/providers = provider_sect/providers = provider_sect\nssl_conf = ssl_sect\n\n\[ssl_sect\]\nsystem_default = system_default_sect\n\n\[system_default_sect\]\nGroups = ${KEM_ALGLIST}\n/g" /opt/oqssa/ssl/openssl.cnf
+    cmake --build _build && \
+    cp _build/lib/oqsprovider.so ${INSTALLDIR}/lib64/ossl-modules && \
+    sed -i "s/default = default_sect/default = default_sect\noqsprovider = oqsprovider_sect/g" ${INSTALLDIR}/ssl/openssl.cnf && \
+    sed -i "s/\[default_sect\]/\[default_sect\]\nactivate = 1\n\[oqsprovider_sect\]\nactivate = 1\n/g" ${INSTALLDIR}/ssl/openssl.cnf && \
+    sed -i "s/providers = provider_sect/providers = provider_sect\nssl_conf = ssl_sect\n\n\[ssl_sect\]\nsystem_default = system_default_sect\n\n\[system_default_sect\]\nGroups = ${KEM_ALGLIST}\n/g" ${INSTALLDIR}/ssl/openssl.cnf
 
 # Build and install Mosquitto
 WORKDIR /opt/mosquitto
-RUN make -j$(nproc) && \
-    make install
+RUN make -j"$(nproc)" && make install
 
 # Second stage: Only create minimal image:
-FROM ubuntu:22.04
-RUN apt update && apt install -y libcjson1
+FROM ubuntu:${UBUNTU_VERSION}
+RUN apt-get update && apt-get install -y --no-install-recommends libcjson1 \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 ARG SIG_ALG
 ENV SIG_ALG=${SIG_ALG}
@@ -119,43 +86,33 @@ ARG SUB_IP
 ENV SUB_IP=${SUB_IP}
 ARG EXAMPLE
 ENV EXAMPLE=${EXAMPLE}
-
 ARG KEM_ALGLIST
-# Set the TLS_DEFAULT_GROUPS environment variable to permit selection of QSC KEMs, by default the ones associated with the openssl configuration are chosen
 ENV TLS_DEFAULT_GROUPS=${KEM_ALGLIST}
-
 ARG INSTALLDIR
 
-# Copy files from the local storage to a destination in the Docker image
-WORKDIR /
-RUN mkdir test
-ADD . /test
-RUN chmod 777 /test/* && sed -i 's/\r//' /test/*
+# Copy scripts and set permissions
+WORKDIR /test
+COPY . .
+RUN chmod +x /test/* && sed -i 's/\r//' /test/*
 
-# openssl
+# Copy built artifacts from builder stage
 COPY --from=builder ${INSTALLDIR} ${INSTALLDIR}
-# Mosquitto
 COPY --from=builder /usr/local/lib  /usr/local/lib
 COPY --from=builder /usr/local/bin  /usr/local/bin
-COPY --from=builder /usr/local/sbin  /usr/local/sbin
+COPY --from=builder /usr/local/sbin /usr/local/sbin
 
-# Dynamically link to mosquitto
+# Set up dynamic linking to mosquitto and OpenSSL
 RUN ln -s /usr/local/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 && ldconfig
-
-# Dynamically link to Newly built OpenSSL
-ENV LD_LIBRARY_PATH=$INSTALLDIR/lib64
-
-# Set path
+ENV LD_LIBRARY_PATH=${INSTALLDIR}/lib64
 ENV PATH="/usr/local/bin:/usr/local/sbin:${INSTALLDIR}/bin:$PATH"
 
-# Generate the CA key and the cert
+# Generate the CA key and the certificate
 RUN openssl req -x509 -new -newkey $SIG_ALG -keyout /test/CA.key -out /test/CA.crt -nodes -subj "/O=test-ca" -days 3650
 
-# MQTTS port
+# Expose MQTTS port
 EXPOSE 8883
 
-# Run shell script
+# Default command to run the provided example script
 WORKDIR /test
-CMD /bin/bash $EXAMPLE
-
+CMD ["/bin/bash", "-c", "$EXAMPLE"]
 STOPSIGNAL SIGTERM

nginx/Dockerfile

@@ -3,7 +3,7 @@ ARG ALPINE_VERSION=3.21
 ARG OPENSSL_TAG=openssl-3.4.0
 ARG LIBOQS_TAG=0.12.0
 ARG OQSPROVIDER_TAG=0.8.0
-ARG NGINX_VERSION=1.27.3
+ARG NGINX_VERSION=1.27.4
 ARG BASEDIR="/opt"
 ARG INSTALLDIR=${BASEDIR}/nginx
 
@@ -126,4 +126,4 @@ RUN addgroup -g 1000 -S oqs \
 # Run as non-root user
 USER oqs
 STOPSIGNAL SIGTERM
-CMD ["nginx", "-c", "nginx-conf/nginx.conf", "-g", "daemon off;"]
+CMD ["nginx", "-c", "nginx-conf/nginx.conf", "-g", "daemon off;"]

nginx/Dockerfile-QUIC

@@ -1,5 +1,4 @@
-# Define nginx version
-ARG NGINX_VERSION=1.26.2
+ARG NGINX_VERSION=1.27.4
 
 # Stage 1: Build - Compile and assemble all necessary components and dependencies
 FROM ubuntu:latest AS build
@@ -10,8 +9,8 @@ RUN apt-get update && apt-get install --no-install-recommends -y \
       g++ make cmake git build-essential \
       libpcre3 libpcre3-dev zlib1g-dev \
       wget ninja-build libunwind-dev \
-      pkg-config python3  ca-certificates && \
-    rm -rf /var/lib/apt/lists/*
+      pkg-config python3  ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
 
 # Download and prepare source files needed for the build process
 WORKDIR /home/build
@@ -30,9 +29,8 @@ RUN cmake -GNinja \
     ninja && ninja install
 
 # Build and install boringssl
-WORKDIR /home/build/boringssl
-RUN mkdir build && cd build && \
-    cmake -GNinja \
+WORKDIR /home/build/boringssl/build
+RUN cmake -GNinja \
           -DCMAKE_BUILD_TYPE=Release \
           -DBUILD_SHARED_LIBS=1 .. && \
     ninja && \
@@ -115,4 +113,4 @@ RUN mkdir -p /var/run /var/cache/nginx /var/log/nginx && \
 EXPOSE 80 443 443/udp
 
 STOPSIGNAL SIGQUIT
-CMD ["nginx", "-g", "daemon off;"]
+CMD ["nginx", "-g", "daemon off;"]