0.6.0-rc1
Pre-releaseoqs-provider 0.6.0-rc1
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst
(signature) operations.
When deployed, the oqs-provider
binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl
functionality shall be PQC-enabled.
In general, the oqs-provider main
branch is meant to be usable in conjunction with the main
branch of liboqs and the master
branch of OpenSSL.
Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.
Release notes
This is version 0.6.0-rc1 of oqs-provider.
Security considerations
None.
What's New
This release continues from the 0.5.3 release of oqs-provider and is fully tested to be used in conjunction with the main branch of liboqs. This release is guaranteed to be in sync with v0.10.0 of liboqs
.
This release also makes available ready-to-run binaries for Windows (.dll) and MacOS (.dylib) compiled for x64
CPUs. Activation and use is documented in USAGE.md.
Additional new feature highlights
- First availability of standardized PQ algorithms, e.g., ML-KEM, ML-DSA
- Support for Composite PQ operations
- Alignment with PQ algorithm implementations as provided by liboqs 0.10.0, most notably updating HQC and Falcon.
- Implementation of security code review recommendations
- Support for more hybrid operations as fully documented here.
- Support for extraction of classical and hybrid key material
What's Changed
- Clarify liboqs_DIR naming convention by @ajbozarth in #292
- check empty params lists passed by @baentsch in #296
- Fix minor typos in documentation by @johnma14 in #304
- HQC code point update by @baentsch in #306
- Fix broken circleci job for macOS by @johnma14 in #305
- Contribution policy by @baentsch in #286
- Fix link in GOVERNANCE.md [skip ci] by @pi-314159 in #309
- Add a example of how to load oqsprovider using
OSSL_PROVIDER_add_builtin
. by @thb-sb in #308 - Get Windows CI to work again by @qnfm in #310
- Use
build
directory instead of_build
. by @thb-sb in #314 - correct upstream and Windows CI snafus by @baentsch in #322
- Revert "Use
build
directory instead of_build
. (#314)" by @baentsch in #325 - reverting to dev by @baentsch in #327
- Bump jinja2 from 3.0.3 to 3.1.3 in /oqs-template by @dependabot in #334
- LICENSE copyright update [skip ci] by @baentsch in #336
- update to 0.5.4-dev by @baentsch in #337
- bring GOVERNANCE in line with liboqs [skip ci] by @baentsch in #342
- Automatically run release tests on liboqs release candidates by @SWilson4 in #345
- add more defensive error handling by @baentsch in #346
- correct wrong use of sizeof by @baentsch in #347
- Protecting from NULL parameters by @baentsch in #350
- guard external testing against algorithm absence by @baentsch in #352
- first cut adding ML-* by @baentsch in #348
- Adapt Kyber OIDs and avoid testing using downlevel brew releases by @baentsch in #356
- Add extra debug information in case of TLS handshake failure. by @beldmit in #357
- p384_mlkem1024 hybrid added by @bencemali in #361
- length and null checks in en/decaps by @bencemali in #364
- documentation update [skip ci] by @baentsch in #366
- Set Kyber OIDs by @bhess in #368
- Add code points for PADDED variant of Falcon [skip ci] by @SWilson4 in #362
- Fix #372: expose
hybrid_classical_
andhybrid_pq_
OSSL_PARAMS
forEVP_PKEY
. by @thb-sb in #374 - Implementation of Composite Sig by @feventura in #317
- Do not duplicate call to
getenv
. by @thb-sb in #369 - Fix #338 and #339: output a valid aarch64 debian package with a valid directory layout. by @thb-sb in #377
- Move the clang-format check from CircleCI to GitHub actions. by @thb-sb in #376
- fix ossl32 cache miss for cygwin by @baentsch in #387
- Remove
--repeat until-pass:5
workaround for ASan tests. by @thb-sb in #382 - Add composite signatures to sigalg list & add code points. by @bhess in #386
- openssl provider support documentation update [skip ci] by @baentsch in #388
New Contributors
- @ajbozarth made their first contribution in #292
- @johnma14 made their first contribution in #304
- @pi-314159 made their first contribution in #309
- @dependabot made their first contribution in #334
- @beldmit made their first contribution in #357
- @bencemali made their first contribution in #361
- @feventura made their first contribution in #317
Full Changelog: 0.5.3...0.6.0-rc1