0.6.1-rc1

.circleci/config.yml

@@ -40,7 +40,7 @@ jobs:
       - run:
           name: Clone and build liboqs (<< parameters.CMAKE_ARGS >>)
           command: |
-             git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git &&
+             git clone --depth 1 --branch 0.10.1 https://github.com/open-quantum-safe/liboqs.git &&
              cd liboqs && mkdir _build && cd _build &&
              cmake -GNinja << parameters.CMAKE_ARGS >> -DCMAKE_INSTALL_PREFIX=$(pwd)/../../.local .. && ninja install &&
              cd .. && cd .. && pwd
@@ -158,7 +158,7 @@ jobs:
       - run:
           name: Clone and build liboqs
           command: |
-             git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git &&
+             git clone --depth 1 --branch 0.10.1 https://github.com/open-quantum-safe/liboqs.git &&
              export LIBOQS_INSTALLPATH=$(pwd)/.local && cd liboqs && mkdir _build && cd _build &&
              export OPENSSL_INSTALL="$(brew --prefix << parameters.OPENSSL_PREINSTALL >> || echo "")"
              cmake -GNinja -DOPENSSL_ROOT_DIR="${OPENSSL_INSTALL}" -DCMAKE_INSTALL_PREFIX=$LIBOQS_INSTALLPATH << parameters.CMAKE_ARGS >> .. && ninja install &&

.github/workflows/linux.yml

@@ -20,11 +20,12 @@ jobs:
       image: openquantumsafe/ci-ubuntu-jammy:latest
     env:
       MAKE_PARAMS: "-j 18"
+      LIBOQS_BRANCH="0.10.1"
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
       - name: Full build
-        run: OQSPROV_CMAKE_PARAMS=${{ matrix.cmake-params}} ./scripts/fullbuild.sh
+        run: OQSPROV_CMAKE_PARAMS=${{ matrix.cmake-params}} ../scripts/fullbuild.sh
       - name: Enable sibling oqsprovider for testing
         run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
       - name: Test
@@ -49,11 +50,12 @@ jobs:
       image: ${{ matrix.container }}
     env:
       MAKE_PARAMS: "-j 18"
+      LIBOQS_BRANCH="0.10.1"
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
       - name: Full build
-        run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=0.10.0 ./scripts/fullbuild.sh
+        run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} ./scripts/fullbuild.sh
       - name: Enable sibling oqsprovider for testing
         run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
       - name: Test
@@ -116,7 +118,7 @@ jobs:
 
       - name: Clone and build liboqs with ASan
         run: |
-          git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs
+          git clone --depth=1 --branch 0.10.0 https://github.com/open-quantum-safe/liboqs.git liboqs
           cd liboqs
           mkdir build install
           cmake -GNinja -B build \
@@ -198,7 +200,7 @@ jobs:
       - name: Clone and build liboqs for linux-aarch64
         working-directory: /opt/
         run: |
-          git clone --depth=1 --branch 0.10.0 https://github.com/open-quantum-safe/liboqs.git liboqs
+          git clone --depth=1 --branch 0.10.1 https://github.com/open-quantum-safe/liboqs.git liboqs
           cd liboqs
           mkdir build install
           cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \

.github/workflows/macos.yml

@@ -38,7 +38,7 @@ jobs:
         with:
           set-safe-directory: true
           repository: open-quantum-safe/liboqs
-          ref: 0.10.0
+          ref: 0.10.1
           path: liboqs
       - name: Retrieve OpenSSL32 from cache
         id: cache-openssl32

.github/workflows/standalone.yml

@@ -48,7 +48,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v2
       - name: Full build
-        run: ./scripts/fullbuild.sh
+        run: LIBOQS_BRANCH=0.10.1 ./scripts/fullbuild.sh
       - name: Test
         run: ./scripts/runtests.sh -V
 

.github/workflows/windows.yml

@@ -43,6 +43,7 @@ jobs:
         with:
           set-safe-directory: true
           repository: open-quantum-safe/liboqs
+          ref: 0.10.1
           path: liboqs
       - name: Install cygwin
         uses: cygwin/cygwin-install-action@master
@@ -137,6 +138,7 @@ jobs:
         with:
           set-safe-directory: true
           repository: open-quantum-safe/liboqs
+          ref: 0.10.1
           path: liboqs
       - uses: ilammy/msvc-dev-cmd@v1
         with:
@@ -250,6 +252,7 @@ jobs:
           with:
             set-safe-directory: true
             repository: open-quantum-safe/liboqs
+            ref: 0.10.1
             path: liboqs
         - uses: ilammy/msvc-dev-cmd@v1
           with:

CMakeLists.txt

@@ -4,7 +4,7 @@ else()
 cmake_minimum_required(VERSION 3.0 FATAL_ERROR)
 endif()
 project(oqs-provider LANGUAGES C)
-set(OQSPROVIDER_VERSION_TEXT "0.6.1-dev")
+set(OQSPROVIDER_VERSION_TEXT "0.6.1")
 set(CMAKE_C_STANDARD 11)
 set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON)
 if(CMAKE_BUILD_TYPE STREQUAL "Debug")

RELEASE.md

@@ -1,3 +1,50 @@
+# oqs-provider 0.6.1
+
+## About
+
+The **Open Quantum Safe (OQS) project** has the goal of developing and prototyping quantum-resistant cryptography.  More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
+
+**oqs-provider** is a standalone [OpenSSL 3](https://github.com/openssl/openssl) [provider](https://www.openssl.org/docs/manmaster/man7/provider.html) enabling [liboqs](https://github.com/open-quantum-safe/liboqs)-based quantum-safe and [hybrid key exchange](https://datatracker.ietf.org/doc/draft-ietf-pquip-pqt-hybrid-terminology) for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and `dgst` (signature) operations.
+
+When deployed, the `oqs-provider` binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all `openssl` functionality shall be [PQC-enabled](https://csrc.nist.gov/projects/post-quantum-cryptography).
+
+In general, the oqs-provider `main` branch is meant to be usable in conjunction with the `main` branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and the `master` branch of [OpenSSL](https://github.com/openssl/openssl).
+
+Further details on building, testing and use can be found in [README.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/README.md). See in particular limitations on intended use.
+
+## Release notes
+
+This is version 0.6.1 of oqs-provider.
+
+Most important updates are fixed references to a security update to `liboqs`, fixes of potential buffer overrun errors in hybrid key decoding, adding of composite OID setting logic and several documentation updates.
+
+### Security considerations
+
+This fixes potential buffer overrun problems in hybrid key decoding. Use of prior versions is strongly discouraged.
+
+## What's Changed
+* reverting to dev mode [skip ci] by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/394
+* add caveat regarding OpenSSL installs [skip ci] by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/402
+* cpack x64 CI fix by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/401
+* Add PKCS#12 test by @iyanmv in https://github.com/open-quantum-safe/oqs-provider/pull/400
+* Fix CI (Add Ubuntu 24 support) by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/410
+* Bump jinja2 from 3.1.3 to 3.1.4 in /oqs-template by @dependabot in https://github.com/open-quantum-safe/oqs-provider/pull/409
+* Extra parentheses removed by @bencemali in https://github.com/open-quantum-safe/oqs-provider/pull/405
+* No unwanted error left in queue from OBJ_create by @bencemali in https://github.com/open-quantum-safe/oqs-provider/pull/404
+* update security issue reporting [skip ci] by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/414
+* DECODE_UINT32 without lengths checked fixed by @bencemali in https://github.com/open-quantum-safe/oqs-provider/pull/416
+* add composite OIDs to getenv logic by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/419
+* Switch to https for git access by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/423
+* STANDARDS.md update by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/420
+
+## New Contributors
+* @iyanmv made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/400
+
+**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.6.0...0.6.1-rc1
+
+Previous Release Notes
+======================
+
 # oqs-provider 0.6.0
 
 ## About
@@ -87,9 +134,6 @@ This release also makes available ready-to-run binaries for Windows (.dll) and M
 
 **Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.5.3...0.6.0
 
-Previous Release Notes
-======================
-
 # oqs-provider 0.5.3
 
 This is a maintenance release not changing any `oqsprovider` functionality but only tracking a security update in `liboqs` (0.9.2).

SECURITY.md

@@ -6,7 +6,8 @@ We only support the most recent release.
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.6.0   | :white_check_mark: |
+| 0.6.1   | :white_check_mark: |
+| 0.6.0   | :x:                |
 | 0.5.3   | :x:                |
 | 0.5.2   | :x:                |
 | 0.5.1   | :x:                |