* Prefer arc4random_buf on Apple platforms
We swap from getentropy() to arc4random_buf on Apple
platforms as Apple's documentation discourages its use.
This also allows us to not have to use SecCopyRandomBytes
which can fail. arc4random_buf() however never fails.
* Remove linking to unused Security framework
Trigger the CI for liboqs-python using the GitHub API in the `trigger-downstream-ci` job. The API call is made using a personal access token for the oqs-bot machine user, which is stored in a CircleCI environment variable for the liboqs project.
* Add .DS_Store (macOS) to .gitignore
Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
* Correct path to built docs in README
Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
* Add Visual Studio Code .vscode & Jetbrains .idea to .gitignore
Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
---------
Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
Libdir is not always '/usr/lib' and its value is different between
distributions and architectures. Set it from CMAKE_INSTALL_LIBDIR.
Also, set includedir in a similar way.
Currently, this incorrect setting did not produce incorrect output by
pkg-config --libs because pkg-config strips 'system library paths' form
the output. But in non-standard build environments this may cause
incorrect linking.
Issue: https://github.com/open-quantum-safe/liboqs/issues/1495
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
* Switch to new PQClean commit for SPHINCS+ and remove old patch file
* Improve "compilability" on Apple M1 (ARM) (#1421)
* correct ARM SHA3 extension addition
* correct compile option for ARM SHA
* correct SHA3 enablement
* Remove SPHINCS+ robust and Haraka variants
* Fix SHA2 block sizes in OpenSSL wrapper
* enable Keccak for Sphincs even if OpenSSL shall provide SHA3
* properly handle xkcp enablement if only specific algorithms are selected
* correct conditional setting
* re-enable XKCP for other platforms
* Windows support
* alternate pqcrystals-AES removal
---------
Co-authored-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
* disable OpenSSL if neither AES, SHA2, or SHA3 are OSSL-provided
* Fixes faulty OpenSSL incremental SHA2 API integration
* guard OpenSSL3 initialization
* initialize all OSSL3 statics if OQS_USE_OPENSSL=ON
* Strawman version of one-time fetching MD objects from OpenSSL
We need init them and free them in one place to avoid threading
issues.
* Moving initialization of OpenSSL objects to a separate file
* Call OQS_init to ensure OpenSSL methods are cached
* Fix typo
* Use prefetch OpenSSL cipher object in rand_nist
---------
Co-authored-by: Douglas Stebila <beldmit@users.noreply.github.com>
Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Make decode function void to avoid ct issues
* Update test documentation
* add suppression files
* forgot to add the file
* typo fix
* Compute threshold without floating point operations
* Replace division by a constant with mul+shift
---------
Co-authored-by: dkostic <dkostic@amazon.com>
* Refactor update_cbom and update_docs_from_yaml, allow copy_from_upstream to import them.
Workaround for issue in GitPython, caused update_cbom to fail in Github CI.
* updates after copy_from_upstream
