* Don't hardcode OPENSSL_ROOT_DIR to /usr on Linux
* Run buildcheck with latest docker image
---------
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Remove unused variables from CI workflows
* Add missing OpenSSL guards
* Fix broken link and misplaced comment in common.c
---------
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Duplicate jobs from the CircleCI workflow as closely as possible in GitHub Actions. Remove Ubuntu Bionic / i386 support in CI.
---------
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
To ensure that there are no unwanted no side effects when the library config is printed.
---------
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Add support for LMS and XMSS. Key generation and signing are disabled behind a feature flag labelled "hazardous experimental."
---------
Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Norman Ashley <nashley@cisco.com>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Duc Tri Nguyen <dnguye69@gmu.edu>
Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Duc Nguyen <106774416+ducnguyen-sb@users.noreply.github.com>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
Co-authored-by: Duc Nguyen <ductri.nguyen@sandboxquantum.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Jason Goertzen <133878263+jgoertzen-sb@users.noreply.github.com>
* fix link in README.md
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* simplify linux and mac link in README.md
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* update Doxyfile
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* update CI to use /scripts/run_doxygen.sh
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
---------
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Refactor OQS OpenSSL SHA3 SHAKE to use new EVP_DigestSqueeze() #1539
* Add OpenSSL 3.3.0 test and conditional fix
* Update ref to use human readable commit tag
Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* sha2: Use EVP_MD_CTX_free instead of EVP_MD_CTX_destroy
According to the manual page, EVP_MD_CTX_destroy has been renamed to
EVP_MD_CTX_free in OpenSSL 1.1.0 and only provided as a compatibility
macro in later OpenSSL releases:
https://www.openssl.org/docs/man1.1.1/man3/EVP_MD_CTX_free.html
Signed-off-by: Daiki Ueno <dueno@redhat.com>
* ossl_helpers: Use pthread_once instead of CRYPTO_THREAD_run_once
Throughout the code base, liboqs uses pthread_once for one-shot
initialization and falls back to thread-unsafe code if it is not
supported nor enabled on the system. For consistency and to remove
additional dependency on OpenSSL, this switches the use of
CRYPTO_THREAD_run_once with that.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Make common algorithms pluggable
This allows applications to replace the implementation of common
cryptographic algorithms at runtime, by setting callback functions for
each operations with OQS_AES_set_callbacks, OQS_SHA2_set_callbacks,
OQS_SHA3_set_callbacks, and OQS_SHA3_x4_callbacks. Those functions
may be called once before OQS_init; otherwise the default
implementation will be used.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Add option to dynamically load libcrypto.so.*
This adds OQS_DLOPEN_OPENSSL build option to use OpenSSL through
dynamically loaded libcrypto.so.* with dlopen, instead of linking to
the library at build time.
That way the applications could use their favorite implementation of
common cryptographic primitives without pulling in the OpenSSL as a
hard dependency.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Add tests for OQS_*_set_callbacks
This adds tests that exercise OQS_*_set_callbacks by overriding one of
the function of each and ensuring the wrapper function is called.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---------
Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Ensure aliases are activated with cmake
* Updates alg_support fragments: ensure that dependencies (aliases and platform-specific code) are activated after applying filter_algs
* Adds bike_l5 to NIST_R4 algorithms
* add CI test for aliases
* remove ml_kem ipds from STD filter_algs
* decouple name and alias
* fixing vector tests
Create only a minimal Zephyr installation to run CI tests and increase timeout of the Signature test.
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
Add CI functionality to trigger the oqs-provider release test workflow on `release.published` events.
The workflow will also be triggered manually on commits whose message ends in "[trigger downstream]".
Run full KAT tests weekly. All should pass except Falcon-1024, which is pending upstream changes.
---------
Co-authored-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
* Zephyr RTOS support
This commit adds initial support for the zephyr operating system. Some
minor changes to the library build system have been made for it to be
compilable with zephyr. Furthermore, we added support for an embedded
build option to disable standard library methods for random number
generation.
* Zephyr: added algorithm selection
The algorithms can now be selected with Kconfig. Per default, we only
enable the algorithms selected by NIST to be standardized. However, all
supported algorithms can be enabled or disabled individually on a per
project basis.
* Zephyr: added testable samples
Added two sample applications within the zephyr directory for KEMs and
Signatures. These are also intended for CI testing.
* Zephyr: added CI tests
* Zephyr: Add documentation
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
* add test requirement to PR template
* add OpenSSL 1.1.1 caveat
* remove OQS-OpenSSL111 and OQS-BoringSSL from PR template checklist
* add link to documentation of OPENSSL_ROOT_DIR
