Skip to content

Releases: open-quantum-safe/oqs-provider

Release 0.10.0

29 Jul 18:46
@ashman-p ashman-p
0.10.0
f076e91
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 0.10.0 Latest
Latest

oqs-provider 0.10.0

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst (signature) operations.

When deployed, the oqs-provider binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl functionality shall be PQC-enabled.

In general, the oqs-provider main branch is meant to be usable in conjunction with the main branch of liboqs and the master branch of OpenSSL.

Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.

Release notes

This is release candidate 1 of version 0.10.0 of oqs-provider which continues from the earlier 0.9.0 release. This release is fully tested to be used in conjunction with the main branch of liboqs and is guaranteed to be in sync with v0.14.0 of liboqs.

Deprecation notice

This release of oqsprovider removes support for composite signatures.

What's New

What's Changed

New Contributors

Full Changelog: 0.9.0...0.10.0

Contributors

ryjones, vacuas, and praveksharma
Assets 2
Loading

Release 0.10.0 RC1

18 Jul 21:16
@ashman-p ashman-p
0.10.0-rc1
bbf7741
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 0.10.0 RC1 Pre-release
Pre-release

oqs-provider 0.10.0-rc1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst (signature) operations.

When deployed, the oqs-provider binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl functionality shall be PQC-enabled.

In general, the oqs-provider main branch is meant to be usable in conjunction with the main branch of liboqs and the master branch of OpenSSL.

Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.

Release notes

This is release candidate 1 of version 0.10.0 of oqs-provider which continues from the earlier 0.9.0 release. This release is fully tested to be used in conjunction with the main branch of liboqs and is guaranteed to be in sync with v0.14.0 of liboqs.

Deprecation notice

This release of oqsprovider removes support for composite signatures.

What's New

What's Changed

New Contributors

Full Changelog: 0.9.0...0.10.0-rc1

Contributors

ryjones, vacuas, and praveksharma
Loading

0.9.0

28 May 15:14
@praveksharma praveksharma
0.9.0
848b4e6
This commit was signed with the committer’s verified signature.
praveksharma Pravek Sharma
SSH Key Fingerprint: cUFz/t771C/kRArjwpuxGCI5BuZVfnCXJrMw5R4dMEo
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.9.0

oqs-provider 0.9.0

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst (signature) operations.

When deployed, the oqs-provider binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl functionality shall be PQC-enabled.

In general, the oqs-provider main branch is meant to be usable in conjunction with the main branch of liboqs and the master branch of OpenSSL.

Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.

Release notes

This is version 0.9.0 of oqs-provider which continues from the earlier 0.8.0 release. This release is fully tested to be used in conjunction with the main branch of liboqs and is guaranteed to be in sync with v0.13.0 of liboqs.

Deprecation notice

This release of oqsprovider removes default support for Kyber and Dilithium (Round 3 version).

What's New

In addition to improving CI and testing, fixing platform specific build issues and bugs, and updating build dependencies this release of oqs-provider:

  • Adds support for UOV (NIST Additional Signatures Round 2)
  • Adds support for Mayo (NIST Additional Signatures Round 2)
  • Adds support for CROSS (NIST Additional Signatures Round 2)
  • Disables HQC KEM by default, following liboqs v0.13.0, until a security flaw is fixed.
  • Disables default support for Kyber (Round 3 version).
  • Disables default support for Dilithium (Round 3 version).
  • Restricts non-standard TLS group code points to IANA private use range.
  • Updates TLS group code point and name for ML-KEM 1024 hybrid SecP384r1MLKEM1024.
  • Disables ML-KEM (along with certain hybrid variants) and ML-DSA (along with all composite/hybrid variants) when oqs-provider is loaded with OpenSSL (version >= 3.5.0) which offers native support for some of these algorithms. Please see README.md for detailed information.

What's Changed

New Contributors

Full Changelog: 0.8.0...0.9.0

Contributors

bhess, Lekensteyn, and 12 other contributors
Loading

0.9.0-rc1

20 May 19:40
@praveksharma praveksharma
0.9.0-rc1
afd1eab
This commit was signed with the committer’s verified signature.
praveksharma Pravek Sharma
SSH Key Fingerprint: cUFz/t771C/kRArjwpuxGCI5BuZVfnCXJrMw5R4dMEo
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.9.0-rc1 Pre-release
Pre-release

oqs-provider 0.9.0-rc1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst (signature) operations.

When deployed, the oqs-provider binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl functionality shall be PQC-enabled.

In general, the oqs-provider main branch is meant to be usable in conjunction with the main branch of liboqs and the master branch of OpenSSL.

Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.

Release notes

This is release candidate 1 of version 0.9.0 of oqs-provider which continues from the earlier 0.8.0 release. This release is fully tested to be used in conjunction with the main branch of liboqs and is guaranteed to be in sync with v0.13.0 of liboqs.

Deprecation notice

This release of oqsprovider removes default support for Kyber and Dilithium (Round 3 version).

What's New

In addition to improving CI and testing, fixing platform specific build issues and bugs, and updating build dependencies this release of oqs-provider:

  • Adds support for UOV (NIST Additional Signatures Round 2)
  • Adds support for Mayo (NIST Additional Signatures Round 2)
  • Adds support for CROSS (NIST Additional Signatures Round 2)
  • Disables HQC KEM by default, following liboqs v0.13.0, until a security flaw is fixed.
  • Disables default support for Kyber (Round 3 version).
  • Disables default support for Dilithium (Round 3 version).
  • Restricts non-standard TLS group code points to IANA private use range.
  • Updates TLS group code point and name for ML-KEM 1024 hybrid SecP384r1MLKEM1024.
  • Disables ML-KEM (along with certain hybrid variants) and ML-DSA (along with all composite/hybrid variants) when oqs-provider is loaded with OpenSSL (version >= 3.5.0) which offers native support for some of these algorithms. Please see README.md for detailed information.

What's Changed

New Contributors

Full Changelog: 0.8.0...0.9.0-rc1

Contributors

bhess, Lekensteyn, and 12 other contributors
Loading

0.8.0

24 Dec 07:12
@baentsch baentsch
0.8.0
ec1e843
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.8.0

oqs-provider 0.8.0

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst (signature) operations.

When deployed, the oqs-provider binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl functionality shall be PQC-enabled.

In general, the oqs-provider main branch is meant to be usable in conjunction with the main branch of liboqs and the master branch of OpenSSL.

Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.

Release notes

This is version 0.8.0 of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of liboqs and is guaranteed to be in sync with v0.12.0 of liboqs.

Deprecation notice

This is to notify users of Kyber and Dilithium (Round 3 version) to switch to the ML-KEM (FIPS 203 final version) and ML-DSA (FIPS 204 final version), respectively, as support for both will be removed with the next release of oqsprovider.

Security considerations

  • CVE-2024-54137: The associated liboqs v0.12.0 release fixed a bug in HQC decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.

What's New

In addition to improving testing, CI, and fixing platform specific build issues this release of oqs-provider:

  • Updates IANA code points for ML-KEM and changes FrodoKEM code points.
  • Adds support for ML-DSA (FIPS 204 final version).
  • Adds support for context strings in OpenSSL versions >= 3.2.
  • Updates the implementation of draft-ietf-lamps-pq-composite-sigs from version 01 to version 02.
  • Adds a SBOM template in the CycloneDX 1.6 format.
  • Adds support for DTLS 1.3 (pending support in OpenSSL).

What's Changed

New Contributors

Full Changelog: 0.7.0...0.8.0

Contributors

bhess, hughsie, and 5 other contributors
Loading

0.8.0-rc1

18 Dec 16:39
@praveksharma praveksharma
0.8.0-rc1
778058d
Compare
Choose a tag to compare
0.8.0-rc1 Pre-release
Pre-release

oqs-provider 0.8.0 release candidate 1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst (signature) operations.

When deployed, the oqs-provider binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl functionality shall be PQC-enabled.

In general, the oqs-provider main branch is meant to be usable in conjunction with the main branch of liboqs and the master branch of OpenSSL.

Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.

Release notes

This is version 0.8.0-rc1 of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of liboqs and is guaranteed to be in sync with v0.12.0 of liboqs.

Deprecation notice

This is to notify users of Kyber (Round 3 version) to switch to the ML-KEM (FIPS 203 final version) as support for Kyber will be removed with the next release of liboqs and oqsprovider.

Security considerations

  • CVE-2024-54137: The associated liboqs v0.12.0 release fixed a bug in HQC decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.

What's New

In addition to improving testing, CI, and fixing platform specific build issues this release of oqs-provider:

  • Updates IANA code points for ML-KEM and changes FrodoKEM code points.
  • Adds support for ML-DSA (FIPS 204 final version).
  • Adds support for context strings in OpenSSL versions >= 3.2.
  • Updates the implementation of draft-ietf-lamps-pq-composite-sigs from version 01 to version 02.
  • Adds a SBOM template in the CycloneDX 1.6 format.
  • Adds support for DTLS 1.3 (pending support in OpenSSL).

What's Changed

New Contributors

Full Changelog: 0.7.0...0.8.0-rc1

Contributors

bhess, hughsie, and 5 other contributors
Loading

0.7.0

08 Oct 15:44
@praveksharma praveksharma
0.7.0
aa0877a
Compare
Choose a tag to compare
0.7.0

oqs-provider 0.7.0

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst (signature) operations.

When deployed, the oqs-provider binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl functionality shall be PQC-enabled.

In general, the oqs-provider main branch is meant to be usable in conjunction with the main branch of liboqs and the master branch of OpenSSL.

Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.

Release notes

This is version 0.7.0 of oqs-provider which continues from the earlier 0.6.1 release. This release is fully tested to be used in conjunction with the main branch of liboqs and is guaranteed to be in sync with v0.11.0 of liboqs.

Errata

This release was updated on October 10, 2024 after being first published on October 08, 2024. Prior to being updated the release notes heading incorrectly reported the release version number to be 0.7.1; this error was limited to oqs-provider 0.7.0 release notes and did not affect any oqs-provider functionality.

Security considerations

None.

What's New

In addition to updating documentation, improving the CI, and fixing issues uncovered by compiler warnings and static analysis, this release of oqs-provider:

What's Changed

  • Point CI back to liboqs main by @SWilson4 in #431
  • Fix a typo in NOTES-Windows.md by @qnfm in #436
  • Fix #439: install the static library under $PREFIX/lib. by @thb-sb in #441
  • Fix #440: disable tests and examples using BUILD_TESTING. by @thb-sb in #442
  • Add MAYO by @bhess in #413
  • update the composite to draft-ietf-lamps-pq-composite-sigs-02 by @feventura in #454
  • Update codeowners by @baentsch in #458
  • Remove external encoding lib by @baentsch in #460
  • update coding style and test facilities by @baentsch in #477
  • Fix various warnings. by @ashman-p in #480
  • A note about key encapsulation/decapsulation support in OpenSSL by @beldmit in #486
  • Force liboqs as a debian package dependency requirement only if it is not a static linked library. by @fwh-dc in #493
  • openssl and contribution documentation updates [skip ci] by @baentsch in #499
  • Adds note on supported openssl versions for tls certificates. by @fwh-dc in #498
  • add support for the CMAKE_PARAMS environment variable by @jschauma in #510
  • update MLKEM code points by @baentsch in #511
  • Actionlint workflow checking by @jplomas in #516
  • add explicit usage warning [skip ci] by @baentsch in #515
  • Address some Static Analysis Issues #519 by @ashman-p in #521
  • Only overwrite default library prefix for module library type build. by @fwh-dc in #525
  • Add build option to toggle libjade implementations in liboqs by @praveksharma in #529
  • Reverse TLS hybrid keyshares for x25519/x448-mlkem hybrids by @bhess in #524
  • Rebase and add CROSS by @praveksharma in #530
  • Remove unmanaged KEM OIDs by @baentsch in #522
  • Use more future-proof hash for signature by @beldmit in #532

New Contributors

Full Changelog: 0.6.1...0.7.0

Contributors

bhess, jschauma, and 9 other contributors
Loading

0.7.0-rc1

07 Oct 18:34
@praveksharma praveksharma
0.7.0-rc1
692ebdc
Compare
Choose a tag to compare
0.7.0-rc1 Pre-release
Pre-release

oqs-provider 0.7.0 release candidate 1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst (signature) operations.

When deployed, the oqs-provider binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl functionality shall be PQC-enabled.

In general, the oqs-provider main branch is meant to be usable in conjunction with the main branch of liboqs and the master branch of OpenSSL.

Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.

Release notes

This is release candidate 1 of version 0.7.0 of oqs-provider which continues from the earlier 0.6.1 release. This release is fully tested to be used in conjunction with the main branch of liboqs and is guaranteed to be in sync with v0.11.0 of liboqs.

Errata

This release candidate was updated on October 10, 2024 after being first published on October 07, 2024. Prior to being updated the release notes heading incorrectly reported the release candidate version number to be 0.7.1 release candidate 1; this error was limited to oqs-provider 0.7.0 release candidate 1 release notes and did not affect any oqs-provider functionality.

Security considerations

None.

What's New

In addition to updating documentation, improving the CI, and fixing issues uncovered by compiler warnings and static analysis, this release of oqs-provider:

What's Changed

  • Point CI back to liboqs main by @SWilson4 in #431
  • Fix a typo in NOTES-Windows.md by @qnfm in #436
  • Fix #439: install the static library under $PREFIX/lib. by @thb-sb in #441
  • Fix #440: disable tests and examples using BUILD_TESTING. by @thb-sb in #442
  • Add MAYO by @bhess in #413
  • update the composite to draft-ietf-lamps-pq-composite-sigs-02 by @feventura in #454
  • Update codeowners by @baentsch in #458
  • Remove external encoding lib by @baentsch in #460
  • update coding style and test facilities by @baentsch in #477
  • Fix various warnings. by @ashman-p in #480
  • A note about key encapsulation/decapsulation support in OpenSSL by @beldmit in #486
  • Force liboqs as a debian package dependency requirement only if it is not a static linked library. by @fwh-dc in #493
  • openssl and contribution documentation updates [skip ci] by @baentsch in #499
  • Adds note on supported openssl versions for tls certificates. by @fwh-dc in #498
  • add support for the CMAKE_PARAMS environment variable by @jschauma in #510
  • update MLKEM code points by @baentsch in #511
  • Actionlint workflow checking by @jplomas in #516
  • add explicit usage warning [skip ci] by @baentsch in #515
  • Address some Static Analysis Issues #519 by @ashman-p in #521
  • Only overwrite default library prefix for module library type build. by @fwh-dc in #525
  • Add build option to toggle libjade implementations in liboqs by @praveksharma in #529
  • Reverse TLS hybrid keyshares for x25519/x448-mlkem hybrids by @bhess in #524
  • Rebase and add CROSS by @praveksharma in #530
  • Remove unmanaged KEM OIDs by @baentsch in #522
  • Use more future-proof hash for signature by @beldmit in #532

New Contributors

Full Changelog: 0.6.1...0.7.0-rc1

Contributors

bhess, jschauma, and 9 other contributors
Loading

0.6.1

14 Jun 09:50
@baentsch baentsch
0.6.1
c4130ea
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.6.1

oqs-provider 0.6.1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst (signature) operations.

When deployed, the oqs-provider binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl functionality shall be PQC-enabled.

In general, the oqs-provider main branch is meant to be usable in conjunction with the main branch of liboqs and the master branch of OpenSSL.

Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.

Release notes

This is version 0.6.1 of oqs-provider. This version is closely in sync with liboqs v.0.10.1.

Most important updates are fixed references to a security update to liboqs, fixes of potential buffer overrun errors in hybrid key decoding, adding of composite OID setting logic and several documentation updates.

Security considerations

This fixes potential buffer overrun problems in hybrid key decoding. Use of prior versions is strongly discouraged.

What's Changed

New Contributors

Full Changelog: 0.6.0...0.6.1

Contributors

iyanmv, dependabot, and 2 other contributors
Loading

0.6.1-rc1

12 Jun 05:50
@baentsch baentsch
0.6.1-rc1
40442e8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.6.1-rc1 Pre-release
Pre-release

oqs-provider 0.6.1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst (signature) operations.

When deployed, the oqs-provider binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl functionality shall be PQC-enabled.

In general, the oqs-provider main branch is meant to be usable in conjunction with the main branch of liboqs and the master branch of OpenSSL.

Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.

Release notes

This is version 0.6.1 of oqs-provider.

Most important updates are fixed references to a security update to liboqs, fixes of potential buffer overrun errors in hybrid key decoding, adding of composite OID setting logic and several documentation updates.

Security considerations

This fixes potential buffer overrun problems in hybrid key decoding. Use of prior versions is strongly discouraged.

What's Changed

New Contributors

Full Changelog: 0.6.0...0.6.1-rc1

Contributors

iyanmv, dependabot, and 2 other contributors
Loading