Skip to content

0.6.0-rc1

Pre-release
Pre-release
Compare
Choose a tag to compare
@baentsch baentsch released this 08 Apr 11:30
· 88 commits to main since this release
0.6.0-rc1
b544ba2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

oqs-provider 0.6.0-rc1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst (signature) operations.

When deployed, the oqs-provider binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl functionality shall be PQC-enabled.

In general, the oqs-provider main branch is meant to be usable in conjunction with the main branch of liboqs and the master branch of OpenSSL.

Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.

Release notes

This is version 0.6.0-rc1 of oqs-provider.

Security considerations

None.

What's New

This release continues from the 0.5.3 release of oqs-provider and is fully tested to be used in conjunction with the main branch of liboqs. This release is guaranteed to be in sync with v0.10.0 of liboqs.

This release also makes available ready-to-run binaries for Windows (.dll) and MacOS (.dylib) compiled for x64 CPUs. Activation and use is documented in USAGE.md.

Additional new feature highlights

  • First availability of standardized PQ algorithms, e.g., ML-KEM, ML-DSA
  • Support for Composite PQ operations
  • Alignment with PQ algorithm implementations as provided by liboqs 0.10.0, most notably updating HQC and Falcon.
  • Implementation of security code review recommendations
  • Support for more hybrid operations as fully documented here.
  • Support for extraction of classical and hybrid key material

What's Changed

  • Clarify liboqs_DIR naming convention by @ajbozarth in #292
  • check empty params lists passed by @baentsch in #296
  • Fix minor typos in documentation by @johnma14 in #304
  • HQC code point update by @baentsch in #306
  • Fix broken circleci job for macOS by @johnma14 in #305
  • Contribution policy by @baentsch in #286
  • Fix link in GOVERNANCE.md [skip ci] by @pi-314159 in #309
  • Add a example of how to load oqsprovider using OSSL_PROVIDER_add_builtin. by @thb-sb in #308
  • Get Windows CI to work again by @qnfm in #310
  • Use build directory instead of _build. by @thb-sb in #314
  • correct upstream and Windows CI snafus by @baentsch in #322
  • Revert "Use build directory instead of _build. (#314)" by @baentsch in #325
  • reverting to dev by @baentsch in #327
  • Bump jinja2 from 3.0.3 to 3.1.3 in /oqs-template by @dependabot in #334
  • LICENSE copyright update [skip ci] by @baentsch in #336
  • update to 0.5.4-dev by @baentsch in #337
  • bring GOVERNANCE in line with liboqs [skip ci] by @baentsch in #342
  • Automatically run release tests on liboqs release candidates by @SWilson4 in #345
  • add more defensive error handling by @baentsch in #346
  • correct wrong use of sizeof by @baentsch in #347
  • Protecting from NULL parameters by @baentsch in #350
  • guard external testing against algorithm absence by @baentsch in #352
  • first cut adding ML-* by @baentsch in #348
  • Adapt Kyber OIDs and avoid testing using downlevel brew releases by @baentsch in #356
  • Add extra debug information in case of TLS handshake failure. by @beldmit in #357
  • p384_mlkem1024 hybrid added by @bencemali in #361
  • length and null checks in en/decaps by @bencemali in #364
  • documentation update [skip ci] by @baentsch in #366
  • Set Kyber OIDs by @bhess in #368
  • Add code points for PADDED variant of Falcon [skip ci] by @SWilson4 in #362
  • Fix #372: expose hybrid_classical_ and hybrid_pq_ OSSL_PARAMS for EVP_PKEY. by @thb-sb in #374
  • Implementation of Composite Sig by @feventura in #317
  • Do not duplicate call to getenv. by @thb-sb in #369
  • Fix #338 and #339: output a valid aarch64 debian package with a valid directory layout. by @thb-sb in #377
  • Move the clang-format check from CircleCI to GitHub actions. by @thb-sb in #376
  • fix ossl32 cache miss for cygwin by @baentsch in #387
  • Remove --repeat until-pass:5 workaround for ASan tests. by @thb-sb in #382
  • Add composite signatures to sigalg list & add code points. by @bhess in #386
  • openssl provider support documentation update [skip ci] by @baentsch in #388

New Contributors

Full Changelog: 0.5.3...0.6.0-rc1

Contributors

bhess, johnma14, and 9 other contributors
Assets 2
Loading
0 Join discussion