The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst
(signature) operations.
When deployed, the oqs-provider
binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl
functionality shall be PQC-enabled.
In general, the oqs-provider main
branch is meant to be usable in conjunction with the main
branch of liboqs and the master
branch of OpenSSL.
Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.
This is version 0.5.3 of oqs-provider.
This improves a non-constant time issue in previous releases for Kyber.
This release continues from the 0.5.2 release of oqs-provider and is fully tested to be used in conjunction with the main branch of liboqs. This release is guaranteed to be in sync with v0.9.1 of liboqs
.
This release also makes available ready-to-run binaries for Linux (.so), Windows (.dll) and MacOS (.dylib) compiled for x64
CPUs. Activation and use is documented in USAGE.md.
- Kyber code update addressing constant time property
- Code point updates for HQC following code updates in
liboqs
- Document project governance
- Clarify liboqs_DIR naming convention by @ajbozarth in open-quantum-safe#292
- check empty params lists passed by @baentsch in open-quantum-safe#296
- Fix minor typos in documentation by @johnma14 in open-quantum-safe#304
- HQC code point update by @baentsch in open-quantum-safe#306
- Fix broken circleci job for macOS by @johnma14 in open-quantum-safe#305
- Contribution policy by @baentsch in open-quantum-safe#286
- Fix link in GOVERNANCE.md [skip ci] by @pi-314159 in open-quantum-safe#309
- Add a example of how to load oqsprovider using
OSSL_PROVIDER_add_builtin
. by @thb-sb in open-quantum-safe#308 - Get Windows CI to work again by @qnfm in open-quantum-safe#310
- Use
build
directory instead of_build
. by @thb-sb in open-quantum-safe#314
- @ajbozarth made their first contribution in open-quantum-safe#292
- @johnma14 made their first contribution in open-quantum-safe#304
- @pi-314159 made their first contribution in open-quantum-safe#309
Full Changelog: https://github.com/open-quantum-safe/oqs-provider/compare/0.5.2...0.5.3
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst
(signature) operations.
When deployed, the oqs-provider
binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl
functionality shall be PQC-enabled.
In general, the oqs-provider main
branch is meant to be usable in conjunction with the main
branch of liboqs and the master
branch of OpenSSL.
Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.
This is version 0.5.2 of oqs-provider.
None.
This release continues from the 0.5.1 release of oqs-provider and is fully tested to be used in conjunction with the main branch of liboqs. This release is guaranteed to be in sync with v0.9.0 of liboqs
.
This release also makes available ready-to-run binaries for Windows (.dll) and MacOS (.dylib) compiled for x64
CPUs. Activation and use is documented in USAGE.md.
- Algorithm updates as documented in the liboqs 0.9.0 release notes
- Standard coding style
- Enhanced memory leak protection
- Added community cooperation documentation
- (optional) KEM algorithm en-/decoder feature
- switch repo to -dev mode/unlock release by @baentsch in open-quantum-safe#225
- add C API and cleanup PQ terminology [skip ci] by @baentsch in open-quantum-safe#226
- Clarify install instructions by @baentsch in open-quantum-safe#232
- sigalg config warning by @baentsch in open-quantum-safe#235
- Fix a missing
-DOQS_PROVIDER_BUILD_STATIC=ON
in CircleCI build static jobs. by @thb-sb in open-quantum-safe#242 - Fix DOQS_ALGS_ENABLED setting for cmake by @marcbrevoort-cyberhive in open-quantum-safe#238
- Fix #224: Add a clang-format that matches the best the OpenSSL coding style. by @thb-sb in open-quantum-safe#241
- corner case object creation added by @baentsch in open-quantum-safe#243
- fix for runtests.sh: skip non-working OpenSSL versions by @bhess in open-quantum-safe#244
- Add a GithubCI job to test oqs-provider against memory leaks. by @thb-sb in open-quantum-safe#246
- Fix various memory leaks. by @thb-sb in open-quantum-safe#245
- remove unneeded OQS context reference from CCI PRs by @baentsch in open-quantum-safe#250
- Cross-compile to linux-aarch64 from linux-x64 in GitHub actions. by @thb-sb in open-quantum-safe#253
- add manual approval step to use restricted CCI context by @baentsch in open-quantum-safe#254
- Create SECURITY.md by @baentsch in open-quantum-safe#257
- Create CODE_OF_CONDUCT.md by @baentsch in open-quantum-safe#258
- adding contributing guideline [skip ci] by @baentsch in open-quantum-safe#259
- CI & cmake changes by @qnfm in open-quantum-safe#263
- fix for txt output length of plain PQ key material by @baentsch in open-quantum-safe#268
- KEM en/decoders by @baentsch in open-quantum-safe#266
- Remove duplicate LIBOQS_BRANCH option in CONFIGURE.md by @psschwei in open-quantum-safe#274
- add cloudflare interop tests by @baentsch in open-quantum-safe#278
- Add releasetest by @baentsch in open-quantum-safe#281
- Support web proxy in external interop tests by @mouse07410 in open-quantum-safe#288
- Get Windows CI to work again; prepare for release by @baentsch in open-quantum-safe#291
- @marcbrevoort-cyberhive made their first contribution in open-quantum-safe#238
- @qnfm made their first contribution in open-quantum-safe#263
- @psschwei made their first contribution in open-quantum-safe#274
- @mouse07410 made their first contribution in open-quantum-safe#288
Full Changelog: https://github.com/open-quantum-safe/oqs-provider/compare/0.5.1...0.5.2
None.
This release continues from the 0.5.0 release of oqs-provider and is fully tested to be used in conjunction with the main branch of liboqs. This release is guaranteed to be in sync with v0.8.0 of liboqs
.
- Support for Windows platform
- Added
brew
support for MacOS - Documentation restructured supporting different platforms
- Enable statically linkable oqsprovider
- trigger oqs-demos build when pushing to main by @baentsch in open-quantum-safe#182
- Enable building on platforms without _Atomic support by @baentsch in open-quantum-safe#183
- Standalone ctest by @baentsch in open-quantum-safe#184
- Convert oqs-kem-info.md code points to hex by @WillChilds-Klein in open-quantum-safe#188
- Documentation update by @baentsch in open-quantum-safe#187
- Add full Windows support by @baentsch in open-quantum-safe#192
- Improve installation by @baentsch in open-quantum-safe#196
- document specs [skip ci] by @baentsch in open-quantum-safe#190
- Add .DS_Store (macOS), .vscode (visual studio code), and .idea (Jetbr… by @planetf1 in open-quantum-safe#200
- first test for macos CI by @baentsch in open-quantum-safe#198
- Add brew to preinstall test matrix by @baentsch in open-quantum-safe#205
- General documentation overhaul by @baentsch in open-quantum-safe#204
- change TLS demo to use QSC alg [skip ci] by @baentsch in open-quantum-safe#208
- Build a module instead of a shared library. by @thb-sb in open-quantum-safe#207
- explain groups in USAGE [skip ci] by @baentsch in open-quantum-safe#214
- ensure OpenSSL3 is linked to liboqs during script build by @baentsch in open-quantum-safe#212
- Remove trailing whitespaces in generated code. by @thb-sb in open-quantum-safe#215
- Fix a minor bug in the
runtests.sh
. by @thb-sb in open-quantum-safe#216 - Specify version
3.1
while installing OpenSSL using brew. by @thb-sb in open-quantum-safe#217 - Allow the user to build oqs-provider as a static library. by @thb-sb in open-quantum-safe#201
- Add a line to
RELEASE.md
to highlight the support for static libraries by @thb-sb in open-quantum-safe#220 - Enhance github bug report template by @baentsch in open-quantum-safe#219
- Use OpenSSL 3 if available to build liboqs on CircleCI/macOS. by @thb-sb in open-quantum-safe#222
- Fix a bug in the CMake script. by @thb-sb in open-quantum-safe#221
- @WillChilds-Klein made their first contribution in open-quantum-safe#188
- @planetf1 made their first contribution in open-quantum-safe#200
- @thb-sb made their first contribution in open-quantum-safe#207
Full Changelog: https://github.com/open-quantum-safe/oqs-provider/compare/0.5.0...0.5.1
None.
This release continues from the 0.4.0 release of oqs-provider and is fully tested to be used in conjunction with the main branch of liboqs. This release is guaranteed to be in sync with v0.8.0 of liboqs
.
oqs-provider now also enables use of QSC algorithms during TLS1.3 handshake. The required OpenSSL code updates are contained in openssl/openssl#19312. Prior to this code merging, the functionality can be tested by using https://github.com/baentsch/openssl/tree/sigload.
All algorithms no longer supported in the NIST PQC competition and not under consideration for standardization by ISO have been removed. All remaining algorithms with the exception of McEliece have been lifted to their final round 3 variants as documented in liboqs. Most notably, algorithm names for Sphincs+ have been changed to the naming chosen by its authors.
- Enablement of oqs-provider as a (first) dynamically fetchable OpenSSL3 TLS1.3 signature provider.
- MacOS support
- Full support for CA functionality
- Algorithms can now be selected by their respective bit strength using the property string "oqsprovider.security_bits"
- Documentation of (O)IDs used by the different PQC algorithms used and supported in current and past releases of oqs-openssl and oqs-provider
- Testing is now completely independent of a source code distribution of OpenSSL being available
- oqsprovider can be built and installed making use of pre-existing installations of
OpenSSL
andliboqs
. Details are found in the "scripts" directory's build and test scripts. - Automated creation of (Debian) packaging information
- Graceful handling (by way of functional degradation) of the feature sets contained in different OpenSSL releases; all oqsprovider capabilities are only available when using a version > than OpenSSL3.1.
- A bug regarding handling of hybrid algorithms has been fixed as well as some memory leaks.
- Dynamic code point and OID changes via environment variables. See ALGORITHMS.md.
- Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See ALGORITHMS.md.
Full Changelog: https://github.com/open-quantum-safe/oqs-provider/compare/0.4.0...0.5.0.
This release removes Rainbow level 1 and all variants of SIDH and SIKE due to cryptanalytic breaks of those algorithms. Users are advised to move away from use of those algorithms immediately.
This release continues from the 0.3.0 release of oqs-provider and is fully tested to be used in conjunction with version 0.7.2 of liboqs.
oqs-provider has been integrated as an external test component for OpenSSL3 testing and will thus remain in line with any possibly required provider API enhancements.
- Removal of SIKE/SIDH and Rainbow level I due to cryptographic breaks
- Addition of quantum-safe CMS operations via the OpenSSL interface
- Addition of quantum-safe dgst operations via the OpenSSL interface
- Additional testing
- Integration with and of OpenSSL test harness
Full Changelog: https://github.com/open-quantum-safe/oqs-provider/compare/0.3.0...0.4.0.
This is the first official release of oqsprovider
, a plugin/shared library making available quantum safe cryptography (QSC) to OpenSSL (3) installations via the provider API. Work on this project began in oqs-openssl's branch "OQS-OpenSSL3" by @baentsch. This original code dependent on OpenSSL APIs was transferred into a standalone project by @levitte and subsequently branched by the OQS project into this code base.
This project is part of the Open Quantum Safe (OQS) project: More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
The current feature set of oqsprovider
comprises
- support of all QSC KEM algorithms contained in liboqs (v.0.7.1) including hybrid classic/QSC algorithm pairs
- integration of all QSC KEM algorithms into TLS 1.3 using the groups interface
- support of all QSC signature algorithms contained in liboqs (v.0.7.1) including hybrid classic/QSC algorithm pairs
- integration for persistent data structures (X.509) of all QSC signature algorithms using the standard OpenSSL toolset
- This code is not meant to be used in productive deployments
- Currently, only Linux is supported and only Ubuntu 20/x64 is tested
- Full TLS1.3 support for QSC signatures is missing (see openssl/openssl#10512)