Marcus Meissner
9e03635170
- CVE-2024-37305: Fixed buffer overflow in deserialization of hybrid
keys and signatures (bsc#1226468)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/oqs-provider?expand=0&rev=10
104 lines
4.1 KiB
Plaintext
104 lines
4.1 KiB
Plaintext
-------------------------------------------------------------------
|
|
Tue Jun 18 12:44:27 UTC 2024 - Marcus Meissner <meissner@suse.com>
|
|
|
|
- updated to 0.6.1
|
|
- CVE-2024-37305: Fixed buffer overflow in deserialization of hybrid
|
|
keys and signatures (bsc#1226468)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 11 08:56:30 UTC 2024 - Marcus Meissner <meissner@suse.com>
|
|
|
|
- updated to 0.6.0
|
|
- First availability of standardized PQ algorithms, e.g., ML-KEM, ML-DSA
|
|
- Support for Composite PQ operations
|
|
- Alignment with PQ algorithm implementations as provided by liboqs 0.10.0, most notably updating HQC and Falcon.
|
|
- Implementation of security code review recommendations
|
|
- Support for more hybrid operations as fully documented here.
|
|
- Support for extraction of classical and hybrid key material
|
|
- updated to 0.5.3
|
|
- only tracking parallel liboqs security update
|
|
- updated to 0.5.2
|
|
- Algorithm updates as documented in the liboqs 0.9.0 release notes
|
|
- Standard coding style
|
|
- Enhanced memory leak protection
|
|
- Added community cooperation documentation
|
|
- (optional) KEM algorithm en-/decoder feature
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 19 12:16:31 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
|
|
|
- updated to 0.5.1
|
|
- Documentation update
|
|
- document specs
|
|
- General documentation overhaul
|
|
- change TLS demo to use QSC alg
|
|
- Build a module instead of a shared library.
|
|
- explain groups in USAGE
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 13 09:19:27 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
|
|
|
- updated to 0.5.0:
|
|
|
|
- oqs-provider now also enables use of QSC algorithms during TLS1.3
|
|
handshake. The required OpenSSL code updates are contained in
|
|
openssl/openssl#19312.
|
|
|
|
* Algorithm updates
|
|
|
|
All algorithms no longer supported in the NIST PQC competition
|
|
and not under consideration for standardization by ISO have been
|
|
removed. All remaining algorithms with the exception of McEliece
|
|
have been lifted to their final round 3 variants as documented in
|
|
liboqs. Most notably, algorithm names for Sphincs+ have been changed
|
|
to the naming chosen by its authors.
|
|
|
|
* Functional updates
|
|
|
|
- Enablement of oqs-provider as a (first) dynamically fetchable OpenSSL3 TLS1.3 signature provider.
|
|
- OSX support
|
|
- Full support for CA functionality
|
|
- Algorithms can now be selected by their respective bit strength using the property string "oqsprovider.security_bits"
|
|
- Documentation of (O)IDs used by the different PQC algorithms used and supported in current and past releases of oqs-openssl and oqs-provider
|
|
- Graceful handling (by way of functional degradation) of the feature sets contained in different OpenSSL releases; all oqsprovider capabilities are only available when using a version > than OpenSSL3.1.
|
|
- A bug regarding handling of hybrid algorithms has been fixed as well as some memory leaks.
|
|
|
|
* Misc updates
|
|
|
|
- Dynamic code point and OID changes via environment variables. See ALGORITHMS.md.
|
|
- Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See ALGORITHMS.md.
|
|
|
|
- oqs-provider-shared-liboqs.patch: removed, not needed anymore
|
|
|
|
- updated to 0.4.0:
|
|
|
|
* Security considerations
|
|
|
|
- This release removes Rainbow level 1 and all variants of SIDH and
|
|
SIKE due to cryptanalytic breaks of those algorithms. Users are advised
|
|
to move away from use of those algorithms immediately.
|
|
|
|
* Algorithm updates
|
|
|
|
- Removal of SIKE/SIDH and Rainbow level I due to cryptographic breaks
|
|
|
|
* Functional updates
|
|
|
|
- Addition of quantum-safe CMS operations via the OpenSSL interface
|
|
- Addition of quantum-safe dgst operations via the OpenSSL interface
|
|
|
|
* Misc updates
|
|
|
|
- Additional testing
|
|
- Integration with and of OpenSSL test harness
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 15 17:04:53 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
- Update descriptions
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 14 15:43:52 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
|
|
|
- initial import of openssl-3 plugin for liboqs
|