reverting to dev (open-quantum-safe#327)

* reverting to dev * eliminate 0.5.3 release draft
EntrustCorporation · Jan 3, 2024 · eb80076 · eb80076
1 parent 8f6937c
commit eb80076
Show file tree

Hide file tree

Showing 7 changed files with 38 additions and 88 deletions.
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
@@ -50,23 +50,22 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v2
       - name: Full build
-        run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=0.9.1 ./scripts/fullbuild.sh
+        run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=main ./scripts/fullbuild.sh
       - name: Enable sibling oqsprovider for testing
         run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
       - name: Test
         run: ./scripts/runtests.sh -V
-# Need to disable due to missing HQC update cherry-pick in liboqs release:
-#      - name: Verify nothing changes on re-generate code
-#        run: |
-#          apt-get update && apt-get install -y clang-format && \
-#          git config --global user.name "ciuser" && \
-#          git config --global user.email "[email protected]" && \
-#          git config --global --add safe.directory `pwd` && \
-#          export LIBOQS_SRC_DIR=`pwd`/liboqs && \
-#          ! pip3 install -r oqs-template/requirements.txt 2>&1 | grep ERROR && \
-#          python3 oqs-template/generate.py && \
-#          find . -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs clang-format -i && \
-#          ! git status | grep modified
+      - name: Verify nothing changes on re-generate code
+        run: |
+          apt-get update && apt-get install -y clang-format && \
+          git config --global user.name "ciuser" && \
+          git config --global user.email "[email protected]" && \
+          git config --global --add safe.directory `pwd` && \
+          export LIBOQS_SRC_DIR=`pwd`/liboqs && \
+          ! pip3 install -r oqs-template/requirements.txt 2>&1 | grep ERROR && \
+          python3 oqs-template/generate.py && \
+          find . -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs clang-format -i && \
+          ! git status | grep modified
       - name: Build .deb install package
         run: cpack
         working-directory: _build
@@ -190,7 +189,7 @@ jobs:
       - name: Clone and build liboqs for linux-aarch64
         working-directory: /opt/
         run: |
-          git clone --depth=1 --branch 0.9.1 https://github.com/open-quantum-safe/liboqs.git liboqs
+          git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs
           cd liboqs
           mkdir build install
           cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \

diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
@@ -35,7 +35,7 @@ jobs:
         with:
           set-safe-directory: true
           repository: open-quantum-safe/liboqs
-          ref: 0.9.1
+          ref: main
           path: liboqs
       - name: Retrieve OpenSSL32 from cache
         id: cache-openssl32

diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
@@ -38,7 +38,7 @@ jobs:
         with:
           set-safe-directory: true
           repository: open-quantum-safe/liboqs
-          ref: 0.9.1
+          ref: main
           path: liboqs
       - name: Install cygwin
         uses: cygwin/cygwin-install-action@master
@@ -125,7 +125,7 @@ jobs:
         with:
           set-safe-directory: true
           repository: open-quantum-safe/liboqs
-          ref: 0.9.1
+          ref: main
           path: liboqs
       - uses: ilammy/msvc-dev-cmd@v1
         with:
@@ -238,7 +238,7 @@ jobs:
           with:
             set-safe-directory: true
             repository: open-quantum-safe/liboqs
-            ref: 0.9.1
+            ref: main
             path: liboqs
         - uses: ilammy/msvc-dev-cmd@v1
           with:

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -4,7 +4,7 @@ else()
 cmake_minimum_required(VERSION 3.0 FATAL_ERROR)
 endif()
 project(oqs-provider LANGUAGES C)
-set(OQSPROVIDER_VERSION_TEXT "0.5.3")
+set(OQSPROVIDER_VERSION_TEXT "0.5.3-dev")
 set(CMAKE_C_STANDARD 11)
 set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON)
 if(CMAKE_BUILD_TYPE STREQUAL "Debug")

diff --git a/GOVERNANCE.md b/GOVERNANCE.md
@@ -59,12 +59,10 @@ Current Maintainers and Committers are to be documented below by way of referenc
 ### Maintainers
 
 @baentsch
-@dstebila
 
 ### Committers
 
 @baentsch
 @bhess
-@dstebila
 @thb-sb
 @christianpaquin
diff --git a/README.md b/README.md
@@ -129,15 +129,28 @@ has not been not getting back-ported to OpenSSL3.0.
 Also not supported in this version are provider-based signature algorithms
 used during TLS1.3 operations as documented in https://github.com/openssl/openssl/issues/10512.
 
-## 3.2(-dev)
+## 3.2
 
-After https://github.com/openssl/openssl/pull/19312 landed, (also PQ) signature
-algorithms are working in TLS1.3 (handshaking); after https://github.com/openssl/openssl/pull/20486
-has landed, also algorithms with very long signatures are supported.
+This version has full support for all TLS1.3 operations using PQ algorithms
+when deploying `oqsprovider`.
+
+A final configuration limitation for provider-based signature algorithms exists
+as documented in https://github.com/openssl/openssl/issues/22761.
+
+## 3.3(-dev)
+
+When https://github.com/openssl/openssl/pull/22779 land, the last config-time limitation
+for provider-based signatures should be gone.
 
 For [general OpenSSL implementation limitations, e.g., regarding provider feature usage and support,
 see here](https://wiki.openssl.org/index.php/OpenSSL_3.0#STATUS_of_current_development).
 
+Governance & Contributions
+--------------------------
+
+Project governance is documented in [GOVERNANCE.md](GOVERNANCE.md) and contribution
+policy is documented in [CONTRIBUTING.md](CONTRIBUTING.md).
+
 Team
 ----
 
@@ -163,17 +176,17 @@ the separate file [RELEASE.md](RELEASE.md).
 Acknowledgments
 ---------------
 
-The `oqsprovider` project is supported through the [NGI Assure Fund](https://nlnet.nl/assure),
+The `oqsprovider` project had been supported through the [NGI Assure Fund](https://nlnet.nl/assure),
 a fund established by [NLnet](https://nlnet.nl) with financial
 support from the European Commission's [Next Generation Internet programme](https://www.ngi.eu),
 under the aegis of DG Communications Networks, Content and Technology
 under grant agreement No 957073.
 
-Financial support for the development of Open Quantum Safe has been provided
+Financial support for the development of Open Quantum Safe had been provided
 by Amazon Web Services and the Tutte Institute for Mathematics and Computing.
 
 The OQS project would like to make a special acknowledgement to the companies who
-have dedicated programmer time to contribute source code to OQS, including
+had dedicated programmer time to contribute source code to OQS, including
 Amazon Web Services, evolutionQ, Microsoft Research, Cisco Systems, and IBM Research.
 
 Research projects which developed specific components of OQS have been

diff --git a/RELEASE.md b/RELEASE.md
@@ -1,63 +1,3 @@
-# oqs-provider 0.5.3
-
-## About
-
-The **Open Quantum Safe (OQS) project** has the goal of developing and prototyping quantum-resistant cryptography.  More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
-
-**oqs-provider** is a standalone [OpenSSL 3](https://github.com/openssl/openssl) [provider](https://www.openssl.org/docs/manmaster/man7/provider.html) enabling [liboqs](https://github.com/open-quantum-safe/liboqs)-based quantum-safe and [hybrid key exchange](https://datatracker.ietf.org/doc/draft-ietf-pquip-pqt-hybrid-terminology) for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and `dgst` (signature) operations.
-
-When deployed, the `oqs-provider` binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all `openssl` functionality shall be [PQC-enabled](https://csrc.nist.gov/projects/post-quantum-cryptography).
-
-In general, the oqs-provider `main` branch is meant to be usable in conjunction with the `main` branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and the `master` branch of [OpenSSL](https://github.com/openssl/openssl).
-
-Further details on building, testing and use can be found in [README.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/README.md). See in particular limitations on intended use.
-
-## Release notes
-
-This is version 0.5.3 of oqs-provider.
-
-### Security considerations
-
-This improves a non-constant time issue in previous releases for Kyber.
-
-### What's New
-
-This release continues from the 0.5.2 release of oqs-provider and is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs). This release is functionally guaranteed to be in sync with v0.9.1 of `liboqs` (see note below),
-
-This release also makes available ready-to-run binaries for Linux (.so), Windows (.dll) and MacOS (.dylib) compiled for `x64` CPUs. Activation and use is documented in [USAGE.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/USAGE.md).
-
-### Additional new feature highlights
-
-- Kyber code update addressing constant time property
-- Code point updates for HQC following code updates in `liboqs`
-- Document project governance
-
-## What's Changed
-* Clarify liboqs_DIR naming convention by @ajbozarth in https://github.com/open-quantum-safe/oqs-provider/pull/292
-* check empty params lists passed by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/296
-* Fix minor typos in documentation by @johnma14 in https://github.com/open-quantum-safe/oqs-provider/pull/304
-* HQC code point update by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/306
-* Fix broken circleci job for macOS by @johnma14 in https://github.com/open-quantum-safe/oqs-provider/pull/305
-* Contribution policy by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/286
-* Fix link in GOVERNANCE.md [skip ci] by @pi-314159 in https://github.com/open-quantum-safe/oqs-provider/pull/309
-* Add a example of how to load oqsprovider using `OSSL_PROVIDER_add_builtin`. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/308
-* Get Windows CI to work again by @qnfm in https://github.com/open-quantum-safe/oqs-provider/pull/310
-* correct upstream and Windows CI snafus by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/322
-
-## Release-specific note
-
-Due to an incomplete cherry-pick in `liboqs`, the code-generator logic in `oqsprovider` does produce incorrect documentation when used in conjunction with `liboqs` release 0.9.1. The corresponding CI test therefore is disabled for this `oqsprovider` release and this note has been created to warn users of this inconsistency in `liboqs` v0.9.1. It has no functional implications.
-
-## New Contributors
-* @ajbozarth made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/292
-* @johnma14 made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/304
-* @pi-314159 made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/309
-
-**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.5.2...0.5.3
-
-Previous Release Notes
-======================
-
 # oqs-provider 0.5.2
 
 ## About