* Check for NULL dereference before using secure free
Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
* Skip failing CI test (#2157)
* Skip failing CI test
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Fix typo
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------
Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
* Pull ML-DSA from pq-crystals upstream.
* Removes ML-DSA-ipd
* Adds support for context strings to OQS SIG API.
* Adding _with_ctx_str APIs, templating
* Adds ACVP tests for ML-DSA
* export symbols for acvp tests (dynamic linking)
* remove IPD intermediate values
* adds flag for ctx support
* Update constant-time passes after line nubmer and function name changes
* Update KATs
* API with checks for signatures without ctx support
* Additional test for signatures with ctx
* Change alg_version to FIPS204
* Update ML-DSA security claim to SUF-CMA, according to FIPS204
* Update src/sig/sig.h
* Fix test_alg_info
---------
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Add new API to clean up OpenSSL threads.
Signed-off-by: Norman Ashley <nashley@cisco.com>
* Updates per review comments.
Signed-off-by: Norman Ashley <nashley@cisco.com>
* Update format
Signed-off-by: Norman Ashley <nashley@cisco.com>
* Apply suggestions from code review
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Norman Ashley <nashley@cisco.com>
---------
Signed-off-by: Norman Ashley <nashley@cisco.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* [#1823] replace malloc/calloc/strdup/free with openssl allocator
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* [#1823] update memory allocator for copy_from_upstream
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* [#1823] Use OpenSSL Memory Allocator for BIKE, FrodoKEM, and NTRUPrime
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* [#1823] Add Comments for Doxygen
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* include openssl/crypto.h and resolve conflict varible for ntru
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Add openssl version check to fix build error
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Fix build for OQS_DLOPEN_OPENSSL
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* remove OQS_MEM_free
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Add allocator check in tests/test_code_conventions.py
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Add IGNORE memory-check
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Delect checked allocation functions
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Revert back p_param to p for sntrup
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Add allocator check for '.c', '.h', '.fragment'
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Add NULL for previous checked allocation
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Add fprintf error for abort cases
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* use OQS_EXIT_IF_NULLPTR for checked malloc cases
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
---------
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
Add support for LMS and XMSS. Key generation and signing are disabled behind a feature flag labelled "hazardous experimental."
---------
Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Norman Ashley <nashley@cisco.com>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Duc Tri Nguyen <dnguye69@gmu.edu>
Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Duc Nguyen <106774416+ducnguyen-sb@users.noreply.github.com>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
Co-authored-by: Duc Nguyen <ductri.nguyen@sandboxquantum.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Jason Goertzen <133878263+jgoertzen-sb@users.noreply.github.com>
* Strawman version of one-time fetching MD objects from OpenSSL
We need init them and free them in one place to avoid threading
issues.
* Moving initialization of OpenSSL objects to a separate file
* Call OQS_init to ensure OpenSSL methods are cached
* Fix typo
* Use prefetch OpenSSL cipher object in rand_nist
---------
Co-authored-by: Douglas Stebila <beldmit@users.noreply.github.com>
Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca>
* test_sig: Add canaries around malloc'd regions
* test_sig/kem: disable canary checks in test_constant_time
* test_kem: test canaries after testing malformed ciphertext
* Constant time checks using Valgrind and suppression files
* Suppression file for Kyber (ref+avx), HQC, SIKE, NTRUPrime, McEliece, SIDH, Falcon (ref+avx), SPHINCS, Dilithium r2+r3, picnic
* mark all BIKE implementations as vartime
* Set OQS_DEBUG_BUILD in oqsconfig.h if CMAKE_BUILD_TYPE=Debug
* Add OQS_ENABLE_TEST_CONSTANT_TIME to oqsconfig.h
* Check build options before running
* test_{kem,sig}: avoid direct call to OQS_randombytes_system
* Remove picnic3 issue based on review #889
* fix Kyber namespacing
* Missing BIKE error type, skip BIKE
* Resolve SIDH/SIKE bingcd issue as per #888
* Mark Falcon hash_to_point_vartime issue as resolved
* Disable CI tests
* Add SPDX-License-Identifier in src/common
* Add SPDX-License-Identifier in FrodoKEM
* Add SPDX-License-Identifier in SIKE
* Add SPDX-License-Identifier in BIKE
* Add SPDX-License-Identifier in OQS headers
* Add SPDX-License-Identifier in files generated during copy-from-pqclean
* Add SPDX-License-Identifier in Picnic
* Add SPDX-License-Identifier in qTesla
* Add SPDX-License-Identifier in CMake files
* Update license info in README
* Add SPDX-License-Identifier in scripts
* Add SPDX-License-Info to CMakeLists
* Add SPDX-License-Info in tests
* Add SPDX-License-Info to various files
* Prettyprint
* Add test for SPDX-License-Identifier headers
* Updated license identifiers for CPU extension detection code.
* Use conjunction for SPDX in file with two licenses
Co-authored-by: xvzcf <xvzcf@users.noreply.github.com>
* Fixed a typo in a comment
* Refactored sig API following nist-branch (also fixes issue 380)
* Fixed Windows compilation error in sig.c.
* Added Picnic to Windows' config, and changed defaul alg to Picnic (since qTesla is not yet supported on Windows)
* Moved sig_picnic and sig_qtesla under sig directory, to harmonize with kem api
* Use different default sig alg on Windows to fix Travis back-compat tests and platform gap.
* Further changes required for OQS to be properly used by applications
* Compare OQS functions's return values to OQS error codes in sig.c.
* Fixed typos in comments.
* Replaced minimal_oqs_sig with example_sig.
* Ensure travis tests fail on error
* Add try-catch block in all-tests.sh
* Ignore example_sig
* Point global-namespace-check to .libs/liboqs.a
* More precise error handling in global-namespace-check
* Warning colours in travis tests and error handling in free-check
* Error handling in style-check
* Clean up style-check
* Removed leftover minimal_sig_oqs ref and VS projects.
* Prettyprint
* Revert clang-format version check
* Re-revert clang-format style check
* Prettyprint
* Added speed_sig to master.
* Removed superfluous extern from sig schemes .h
* Removed the OQS_RAND object from the sig API, to harmonize with the KEM API (issue 374)
* Updated sig API to match nist-branch's (except for the sign/open functions).
