- updated to 0.9.0:
- Adds support for UOV (NIST Additional Signatures Round 2)
- Adds support for Mayo (NIST Additional Signatures Round 2)
- Adds support for CROSS (NIST Additional Signatures Round 2)
- Disables HQC KEM by default, following liboqs v0.13.0, until a security flaw is fixed.
- Disables default support for Kyber (Round 3 version).
- Disables default support for Dilithium (Round 3 version).
- Restricts non-standard TLS group code points to IANA private use range.
- Updates TLS group code point and name for ML-KEM 1024 hybrid SecP384r1MLKEM1024.
- Disables ML-KEM (along with certain hybrid variants) and ML-DSA
(along with all composite/hybrid variants) when oqs-provider is loaded
with OpenSSL (version >= 3.5.0) which offers native support for some
of these algorithms. Please see README.md for detailed information.
- fixes build with openssl 3.5 (bsc#1244617) (forwarded request 1285892 from msmeissn)
OBS-URL: https://build.opensuse.org/request/show/1285893
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/oqs-provider?expand=0&rev=9
- Adds support for UOV (NIST Additional Signatures Round 2)
- Adds support for Mayo (NIST Additional Signatures Round 2)
- Adds support for CROSS (NIST Additional Signatures Round 2)
- Disables HQC KEM by default, following liboqs v0.13.0, until a security flaw is fixed.
- Disables default support for Kyber (Round 3 version).
- Disables default support for Dilithium (Round 3 version).
- Restricts non-standard TLS group code points to IANA private use range.
- Updates TLS group code point and name for ML-KEM 1024 hybrid SecP384r1MLKEM1024.
- Disables ML-KEM (along with certain hybrid variants) and ML-DSA
(along with all composite/hybrid variants) when oqs-provider is loaded
with OpenSSL (version >= 3.5.0) which offers native support for some
of these algorithms. Please see README.md for detailed information.
- fixes build with openssl 3.5 (bsc#1244617)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=20
- updated to 0.8.0:
* Updates IANA code points for ML-KEM and changes FrodoKEM code points.
* Adds support for ML-DSA (FIPS 204 final version).
* Adds support for context strings in OpenSSL versions >= 3.2.
* Updates the implementation of draft-ietf-lamps-pq-composite-sigs from version 01 to version 02.
* Adds a SBOM template in the CycloneDX 1.6 format.
* Adds support for DTLS 1.3 (pending support in OpenSSL). (forwarded request 1246637 from adrianSuSE)
OBS-URL: https://build.opensuse.org/request/show/1246647
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/oqs-provider?expand=0&rev=8
* Updates IANA code points for ML-KEM and changes FrodoKEM code points.
* Adds support for ML-DSA (FIPS 204 final version).
* Adds support for context strings in OpenSSL versions >= 3.2.
* Updates the implementation of draft-ietf-lamps-pq-composite-sigs from version 01 to version 02.
* Adds a SBOM template in the CycloneDX 1.6 format.
* Adds support for DTLS 1.3 (pending support in OpenSSL).
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=18
- updated to 0.7.0:
- Adds support for MAYO from Round 1 of NIST’s Post-Quantum Signature On-Ramp process.
- Adds support for CROSS from Round 1 of NIST’s Post-Quantum Signature On-Ramp process.
- Updates ML-KEM's code points in line with internet draft draft-kwiatkowski-tls-ecdhe-mlkem-02.
- Reverses keyshares for X25519MLKEM768 and X448-ML-KEM-768 TLS hybrids in line with draft-kwiatkowski-tls-ecdhe-mlkem-02. (forwarded request 1231843 from msmeissn)
OBS-URL: https://build.opensuse.org/request/show/1231844
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/oqs-provider?expand=0&rev=6
- Adds support for MAYO from Round 1 of NIST’s Post-Quantum Signature On-Ramp process.
- Adds support for CROSS from Round 1 of NIST’s Post-Quantum Signature On-Ramp process.
- Updates ML-KEM's code points in line with internet draft draft-kwiatkowski-tls-ecdhe-mlkem-02.
- Reverses keyshares for X25519MLKEM768 and X448-ML-KEM-768 TLS hybrids in line with draft-kwiatkowski-tls-ecdhe-mlkem-02.
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=12
- updated to 0.6.0
- First availability of standardized PQ algorithms, e.g., ML-KEM, ML-DSA
- Support for Composite PQ operations
- Alignment with PQ algorithm implementations as provided by liboqs 0.10.0, most notably updating HQC and Falcon.
- Implementation of security code review recommendations
- Support for more hybrid operations as fully documented here.
- Support for extraction of classical and hybrid key material
- updated to 0.5.3
- only tracking parallel liboqs security update
- updated to 0.5.2
- Algorithm updates as documented in the liboqs 0.9.0 release notes
- Standard coding style
- Enhanced memory leak protection
- Added community cooperation documentation
- (optional) KEM algorithm en-/decoder feature (forwarded request 1179956 from msmeissn)
OBS-URL: https://build.opensuse.org/request/show/1179957
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/oqs-provider?expand=0&rev=4
- updated to 0.6.0
- First availability of standardized PQ algorithms, e.g., ML-KEM, ML-DSA
- Support for Composite PQ operations
- Alignment with PQ algorithm implementations as provided by liboqs 0.10.0, most notably updating HQC and Falcon.
- Implementation of security code review recommendations
- Support for more hybrid operations as fully documented here.
- Support for extraction of classical and hybrid key material
- updated to 0.5.3
- only tracking parallel liboqs security update
- updated to 0.5.2
- Algorithm updates as documented in the liboqs 0.9.0 release notes
- Standard coding style
- Enhanced memory leak protection
- Added community cooperation documentation
- (optional) KEM algorithm en-/decoder feature
OBS-URL: https://build.opensuse.org/request/show/1179956
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=8
- updated to 0.5.0:
- oqs-provider now also enables use of QSC algorithms during TLS1.3
handshake. The required OpenSSL code updates are contained in
openssl/openssl#19312.
* Algorithm updates
All algorithms no longer supported in the NIST PQC competition
and not under consideration for standardization by ISO have been
removed. All remaining algorithms with the exception of McEliece
have been lifted to their final round 3 variants as documented in
liboqs. Most notably, algorithm names for Sphincs+ have been changed
to the naming chosen by its authors.
* Functional updates
- Enablement of oqs-provider as a (first) dynamically fetchable OpenSSL3 TLS1.3 signature provider.
- OSX support
- Full support for CA functionality
- Algorithms can now be selected by their respective bit strength using the property string "oqsprovider.security_bits"
- Documentation of (O)IDs used by the different PQC algorithms used and supported in current and past releases of oqs-openssl and oqs-provider
- Graceful handling (by way of functional degradation) of the feature sets contained in different OpenSSL releases; all oqsprovider capabilities are only available when using a version > than OpenSSL3.1.
- A bug regarding handling of hybrid algorithms has been fixed as well as some memory leaks.
* Misc updates
- Dynamic code point and OID changes via environment variables. See ALGORITHMS.md.
- Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See ALGORITHMS.md.
- oqs-provider-shared-liboqs.patch: removed, not needed anymore
- updated to 0.4.0:
* Security considerations
- This release removes Rainbow level 1 and all variants of SIDH and
SIKE due to cryptanalytic breaks of those algorithms. Users are advised
to move away from use of those algorithms immediately.
* Algorithm updates
- Removal of SIKE/SIDH and Rainbow level I due to cryptographic breaks (forwarded request 1092833 from msmeissn)
OBS-URL: https://build.opensuse.org/request/show/1092835
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/oqs-provider?expand=0&rev=2
- updated to 0.5.0:
- oqs-provider now also enables use of QSC algorithms during TLS1.3
handshake. The required OpenSSL code updates are contained in
openssl/openssl#19312.
* Algorithm updates
All algorithms no longer supported in the NIST PQC competition
and not under consideration for standardization by ISO have been
removed. All remaining algorithms with the exception of McEliece
have been lifted to their final round 3 variants as documented in
liboqs. Most notably, algorithm names for Sphincs+ have been changed
to the naming chosen by its authors.
* Functional updates
- Enablement of oqs-provider as a (first) dynamically fetchable OpenSSL3 TLS1.3 signature provider.
- OSX support
- Full support for CA functionality
- Algorithms can now be selected by their respective bit strength using the property string "oqsprovider.security_bits"
- Documentation of (O)IDs used by the different PQC algorithms used and supported in current and past releases of oqs-openssl and oqs-provider
- Graceful handling (by way of functional degradation) of the feature sets contained in different OpenSSL releases; all oqsprovider capabilities are only available when using a version > than OpenSSL3.1.
- A bug regarding handling of hybrid algorithms has been fixed as well as some memory leaks.
* Misc updates
- Dynamic code point and OID changes via environment variables. See ALGORITHMS.md.
- Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See ALGORITHMS.md.
- oqs-provider-shared-liboqs.patch: removed, not needed anymore
- updated to 0.4.0:
* Security considerations
- This release removes Rainbow level 1 and all variants of SIDH and
SIKE due to cryptanalytic breaks of those algorithms. Users are advised
to move away from use of those algorithms immediately.
* Algorithm updates
- Removal of SIKE/SIDH and Rainbow level I due to cryptographic breaks
OBS-URL: https://build.opensuse.org/request/show/1092833
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=4
