Skip to content

0.9.0-rc1

Pre-release
Pre-release

Choose a tag to compare

View all tags
@praveksharma praveksharma released this 20 May 19:40
0.9.0-rc1
afd1eab
This commit was signed with the committer’s verified signature.
praveksharma Pravek Sharma
SSH Key Fingerprint: cUFz/t771C/kRArjwpuxGCI5BuZVfnCXJrMw5R4dMEo
Verified
Learn about vigilant mode.

oqs-provider 0.9.0-rc1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on the website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

oqs-provider is a standalone OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and dgst (signature) operations.

When deployed, the oqs-provider binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all openssl functionality shall be PQC-enabled.

In general, the oqs-provider main branch is meant to be usable in conjunction with the main branch of liboqs and the master branch of OpenSSL.

Further details on building, testing and use can be found in README.md. See in particular limitations on intended use.

Release notes

This is release candidate 1 of version 0.9.0 of oqs-provider which continues from the earlier 0.8.0 release. This release is fully tested to be used in conjunction with the main branch of liboqs and is guaranteed to be in sync with v0.13.0 of liboqs.

Deprecation notice

This release of oqsprovider removes default support for Kyber and Dilithium (Round 3 version).

What's New

In addition to improving CI and testing, fixing platform specific build issues and bugs, and updating build dependencies this release of oqs-provider:

  • Adds support for UOV (NIST Additional Signatures Round 2)
  • Adds support for Mayo (NIST Additional Signatures Round 2)
  • Adds support for CROSS (NIST Additional Signatures Round 2)
  • Disables HQC KEM by default, following liboqs v0.13.0, until a security flaw is fixed.
  • Disables default support for Kyber (Round 3 version).
  • Disables default support for Dilithium (Round 3 version).
  • Restricts non-standard TLS group code points to IANA private use range.
  • Updates TLS group code point and name for ML-KEM 1024 hybrid SecP384r1MLKEM1024.
  • Disables ML-KEM (along with certain hybrid variants) and ML-DSA (along with all composite/hybrid variants) when oqs-provider is loaded with OpenSSL (version >= 3.5.0) which offers native support for some of these algorithms. Please see README.md for detailed information.

What's Changed

New Contributors

Full Changelog: 0.8.0...0.9.0-rc1

Contributors

bhess, Lekensteyn, and 12 other contributors
Assets 2
Loading