0.7.0-rc1
Pre-releaseoqs-provider 0.7.0 release candidate 1
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst
(signature) operations.
When deployed, the oqs-provider
binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl
functionality shall be PQC-enabled.
In general, the oqs-provider main
branch is meant to be usable in conjunction with the main
branch of liboqs and the master
branch of OpenSSL.
Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.
Release notes
This is release candidate 1 of version 0.7.0 of oqs-provider which continues from the earlier 0.6.1 release. This release is fully tested to be used in conjunction with the main branch of liboqs and is guaranteed to be in sync with v0.11.0 of liboqs
.
Errata
This release candidate was updated on October 10, 2024 after being first published on October 07, 2024. Prior to being updated the release notes heading incorrectly reported the release candidate version number to be 0.7.1 release candidate 1; this error was limited to oqs-provider 0.7.0 release candidate 1 release notes and did not affect any oqs-provider functionality.
Security considerations
None.
What's New
In addition to updating documentation, improving the CI, and fixing issues uncovered by compiler warnings and static analysis, this release of oqs-provider:
- Adds support for MAYO from Round 1 of NIST’s Post-Quantum Signature On-Ramp process.
- Adds support for CROSS from Round 1 of NIST’s Post-Quantum Signature On-Ramp process.
- Updates ML-KEM's code points in line with internet draft draft-kwiatkowski-tls-ecdhe-mlkem-02.
- Updates the
fullbuild.sh
build script to build against liboqs with formally verified Kyber-512 and Kyber-768 from libjade turned on by default; seeOQS_LIBJADE_BUILD
underCONFIGURE.md
for more information. - Reverses keyshares for X25519MLKEM768 and X448-ML-KEM-768 TLS hybrids in line with draft-kwiatkowski-tls-ecdhe-mlkem-02.
What's Changed
- Point CI back to liboqs main by @SWilson4 in #431
- Fix a typo in NOTES-Windows.md by @qnfm in #436
- Fix #439: install the static library under
$PREFIX/lib
. by @thb-sb in #441 - Fix #440: disable tests and examples using
BUILD_TESTING
. by @thb-sb in #442 - Add MAYO by @bhess in #413
- update the composite to draft-ietf-lamps-pq-composite-sigs-02 by @feventura in #454
- Update codeowners by @baentsch in #458
- Remove external encoding lib by @baentsch in #460
- update coding style and test facilities by @baentsch in #477
- Fix various warnings. by @ashman-p in #480
- A note about key encapsulation/decapsulation support in OpenSSL by @beldmit in #486
- Force liboqs as a debian package dependency requirement only if it is not a static linked library. by @fwh-dc in #493
- openssl and contribution documentation updates [skip ci] by @baentsch in #499
- Adds note on supported openssl versions for tls certificates. by @fwh-dc in #498
- add support for the CMAKE_PARAMS environment variable by @jschauma in #510
- update MLKEM code points by @baentsch in #511
- Actionlint workflow checking by @jplomas in #516
- add explicit usage warning [skip ci] by @baentsch in #515
- Address some Static Analysis Issues #519 by @ashman-p in #521
- Only overwrite default library prefix for module library type build. by @fwh-dc in #525
- Add build option to toggle libjade implementations in liboqs by @praveksharma in #529
- Reverse TLS hybrid keyshares for x25519/x448-mlkem hybrids by @bhess in #524
- Rebase and add CROSS by @praveksharma in #530
- Remove unmanaged KEM OIDs by @baentsch in #522
- Use more future-proof hash for signature by @beldmit in #532
New Contributors
- @ashman-p made their first contribution in #480
- @fwh-dc made their first contribution in #493
- @jschauma made their first contribution in #510
- @jplomas made their first contribution in #516
- @praveksharma made their first contribution in #529
Full Changelog: 0.6.1...0.7.0-rc1