ed5c2ccff1
* draft for release notes Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * bumped version number for 0.15.0 release candidate 1 Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * example command Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Full release notes with every commit in git log Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * deprecated noregress scripts; open-quantum-safe/profiling has been deprecated; benchmarking is now done on GitHub Action Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * updated release notes to include latest PR Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Added "Release candidate 1" mentions where appropriate [full tests] [extended tests] Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * removed confusing pull request entry; nonam3e's association with Ingonyama Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> --------- Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
2.7 KiB
Security Policy
Supported Versions
We only support the most recent release.
Using any code prior to 0.12.0 is strongly discouraged due to a known security vulnerability in HQC.
| Version | Supported |
|---|---|
| 0.15.0 | ✅ |
| < 0.15 | ❌ |
Reporting a Vulnerability
Please follow this information to report a vulnerability.
Threat Model
Some timing-based side-channel attacks are within the scope of our threat model. OQS tests for secret-dependent branches and memory accesses on Linux on x86_64 for some algorithms. Where executed, all test failures are documented as either "passes," which we have assessed to be false positives, or "issues," which may constitute non–constant-time behaviour. The algorithm datasheets indicate whether or not an implementation passes our constant-time tests, as well as whether or not it is expected to pass; a no-pass expectation also encompasses the case that no constant-time analysis has been done and not just the case that the algorithm is expected/has been ascertained to not pass. Details about passes and issues are available in the tests/constant_time directory. These tests do not encompass all classes of non–constant-time behaviour; for example, they do not detect possible variable-time instructions, such as DIV. Reports of non–constant-time behaviour that fall outside this scope will be considered on a case-by-case basis, with a priority on Tier 1 platforms.
The following types of attacks are outside the scope of our threat model:
- same physical system side channel
- CPU / hardware flaws
- physical fault injection attacks (including Rowhammer-style attacks)
- physical observation side channels (such as power consumption, electromagnetic emissions)
Mitigations for security issues outside the stated threat model may still be applied depending on the nature of the issue and the mitigation.
(Based in part on https://openssl-library.org/policies/general/security-policy/index.html)
Security Response Process
Security reports for liboqs will be handled in accordance with the OQS security response process. Please also see the general support disclaimer for liboqs.