Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

0.7.0 release candidate 1 #533

Merged
6 commits merged into from
Oct 8, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions .github/workflows/linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
image: openquantumsafe/ci-ubuntu-jammy:latest
env:
MAKE_PARAMS: "-j 18"
LIBOQS_BRANCH: "main"
LIBOQS_BRANCH: "0.11.0"
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
Expand All @@ -38,7 +38,7 @@ jobs:
strategy:
fail-fast: false
matrix:
ossl-branch: [openssl-3.1.0, master]
ossl-branch: [openssl-3.3.2, master]
libjade-build:
- "ON"
- "OFF"
Expand All @@ -59,7 +59,7 @@ jobs:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Full build
run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} OQS_LIBJADE_BUILD=${{ matrix.libjade-build }} ./scripts/fullbuild.sh
run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=0.11.0 OQS_LIBJADE_BUILD=${{ matrix.libjade-build }} ./scripts/fullbuild.sh
- name: Enable sibling oqsprovider for testing
run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
- name: Test
Expand Down Expand Up @@ -104,7 +104,7 @@ jobs:
CXX: "clang++"
ASAN_C_FLAGS: "-fsanitize=address -fno-omit-frame-pointer"
ASAN_OPTIONS: "detect_stack_use_after_return=1,detect_leaks=1"
OPENSSL_BRANCH: "openssl-3.1"
OPENSSL_BRANCH: "openssl-3.3.2"
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
Expand All @@ -128,7 +128,7 @@ jobs:

- name: Clone and build liboqs with ASan
run: |
git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs
git clone --depth=1 --branch 0.11.0 https://github.com/open-quantum-safe/liboqs.git liboqs
cd liboqs
mkdir build install
cmake -GNinja -B build \
Expand Down Expand Up @@ -210,7 +210,7 @@ jobs:
- name: Clone and build liboqs for linux-aarch64
working-directory: /opt/
run: |
git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs
git clone --depth=1 --branch 0.11.0 https://github.com/open-quantum-safe/liboqs.git liboqs
cd liboqs
mkdir build install
cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/macos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:
with:
set-safe-directory: true
repository: open-quantum-safe/liboqs
ref: main
ref: 0.11.0
path: liboqs
- name: Retrieve OpenSSL32 from cache
id: cache-openssl32
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ jobs:
with:
set-safe-directory: true
repository: open-quantum-safe/liboqs
ref: main
ref: 0.11.0
path: liboqs
- name: Install cygwin
uses: cygwin/cygwin-install-action@master
Expand Down Expand Up @@ -140,7 +140,7 @@ jobs:
with:
set-safe-directory: true
repository: open-quantum-safe/liboqs
ref: main
ref: 0.11.0
path: liboqs
- uses: ilammy/msvc-dev-cmd@v1
with:
Expand Down Expand Up @@ -254,7 +254,7 @@ jobs:
with:
set-safe-directory: true
repository: open-quantum-safe/liboqs
ref: main
ref: 0.11.0
path: liboqs
- uses: ilammy/msvc-dev-cmd@v1
with:
Expand Down
2 changes: 1 addition & 1 deletion CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ else()
cmake_minimum_required(VERSION 3.5 FATAL_ERROR)
endif()
project(oqs-provider LANGUAGES C)
set(OQSPROVIDER_VERSION_TEXT "0.6.2-dev")
set(OQSPROVIDER_VERSION_TEXT "0.7.0")
set(CMAKE_C_STANDARD 11)
set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON)
if(CMAKE_BUILD_TYPE STREQUAL "Debug")
Expand Down
68 changes: 68 additions & 0 deletions RELEASE.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,71 @@
# oqs-provider 0.7.1 release candidate 1

## About

The **Open Quantum Safe (OQS) project** has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

**oqs-provider** is a standalone [OpenSSL 3](https://github.com/openssl/openssl) [provider](https://www.openssl.org/docs/manmaster/man7/provider.html) enabling [liboqs](https://github.com/open-quantum-safe/liboqs)-based quantum-safe and [hybrid key exchange](https://datatracker.ietf.org/doc/draft-ietf-pquip-pqt-hybrid-terminology) for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and `dgst` (signature) operations.

When deployed, the `oqs-provider` binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all `openssl` functionality shall be [PQC-enabled](https://csrc.nist.gov/projects/post-quantum-cryptography).

In general, the oqs-provider `main` branch is meant to be usable in conjunction with the `main` branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and the `master` branch of [OpenSSL](https://github.com/openssl/openssl).

Further details on building, testing and use can be found in [README.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/README.md). See in particular limitations on intended use.

## Release notes

This is release candidate 1 of version 0.7.0 of oqs-provider which continues from the earlier 0.6.1 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.11.0 of `liboqs`.

### Security considerations

None.

### What's New

In addition to updating documentation, improving the CI, and fixing issues uncovered by compiler warnings and static analysis, this release of oqs-provider:

* Adds support for MAYO from Round 1 of [NIST’s Post-Quantum Signature On-Ramp process](https://csrc.nist.gov/projects/pqc-dig-sig/round-1-additional-signatures).
* Adds support for CROSS from Round 1 of [NIST’s Post-Quantum Signature On-Ramp process](https://csrc.nist.gov/projects/pqc-dig-sig/round-1-additional-signatures).
* Updates ML-KEM's code points in line with internet draft [draft-kwiatkowski-tls-ecdhe-mlkem-02](https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-02.html).
* Updates the `fullbuild.sh` build script to build against liboqs with formally verified Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade) turned on by default; see `OQS_LIBJADE_BUILD` under `CONFIGURE.md` for more information.
* Reverses keyshares for X25519MLKEM768 and X448-ML-KEM-768 TLS hybrids in line with [draft-kwiatkowski-tls-ecdhe-mlkem-02](https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-02.html).

## What's Changed
* Point CI back to liboqs main by @SWilson4 in https://github.com/open-quantum-safe/oqs-provider/pull/431
* Fix a typo in NOTES-Windows.md by @qnfm in https://github.com/open-quantum-safe/oqs-provider/pull/436
* Fix #439: install the static library under `$PREFIX/lib`. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/441
* Fix #440: disable tests and examples using `BUILD_TESTING`. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/442
* Add MAYO by @bhess in https://github.com/open-quantum-safe/oqs-provider/pull/413
* update the composite to draft-ietf-lamps-pq-composite-sigs-02 by @feventura in https://github.com/open-quantum-safe/oqs-provider/pull/454
* Update codeowners by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/458
* Remove external encoding lib by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/460
* update coding style and test facilities by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/477
* Fix various warnings. by @ashman-p in https://github.com/open-quantum-safe/oqs-provider/pull/480
* A note about key encapsulation/decapsulation support in OpenSSL by @beldmit in https://github.com/open-quantum-safe/oqs-provider/pull/486
* Force liboqs as a debian package dependency requirement only if it is not a static linked library. by @fwh-dc in https://github.com/open-quantum-safe/oqs-provider/pull/493
* openssl and contribution documentation updates [skip ci] by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/499
* Adds note on supported openssl versions for tls certificates. by @fwh-dc in https://github.com/open-quantum-safe/oqs-provider/pull/498
* add support for the CMAKE_PARAMS environment variable by @jschauma in https://github.com/open-quantum-safe/oqs-provider/pull/510
* update MLKEM code points by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/511
* Actionlint workflow checking by @jplomas in https://github.com/open-quantum-safe/oqs-provider/pull/516
* add explicit usage warning [skip ci] by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/515
* Address some Static Analysis Issues #519 by @ashman-p in https://github.com/open-quantum-safe/oqs-provider/pull/521
* Only overwrite default library prefix for module library type build. by @fwh-dc in https://github.com/open-quantum-safe/oqs-provider/pull/525
* Add build option to toggle libjade implementations in liboqs by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/529
* Reverse TLS hybrid keyshares for x25519/x448-mlkem hybrids by @bhess in https://github.com/open-quantum-safe/oqs-provider/pull/524
* Rebase and add CROSS by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/530
* Remove unmanaged KEM OIDs by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/522
* Use more future-proof hash for signature by @beldmit in https://github.com/open-quantum-safe/oqs-provider/pull/532

## New Contributors
* @ashman-p made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/480
* @fwh-dc made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/493
* @jschauma made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/510
* @jplomas made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/516
* @praveksharma made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/529

**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.6.1...0.7.0-rc1

# oqs-provider 0.6.1

## About
Expand Down
Loading