head	1.8;
access;
symbols
	pkgsrc-2026Q1:1.8.0.2
	pkgsrc-2026Q1-base:1.8
	pkgsrc-2025Q4:1.7.0.4
	pkgsrc-2025Q4-base:1.7
	pkgsrc-2025Q3:1.7.0.2
	pkgsrc-2025Q3-base:1.7
	pkgsrc-2025Q2:1.6.0.2
	pkgsrc-2025Q2-base:1.6
	pkgsrc-2025Q1:1.5.0.2
	pkgsrc-2025Q1-base:1.5
	pkgsrc-2024Q4:1.4.0.2
	pkgsrc-2024Q4-base:1.4
	pkgsrc-2024Q3:1.1.0.2
	pkgsrc-2024Q3-base:1.1;
locks; strict;
comment	@# @;


1.8
date	2026.02.24.16.26.27;	author triaxx;	state Exp;
branches;
next	1.7;
commitid	8dLkABbj4Fv1gEvG;

1.7
date	2025.07.13.06.08.54;	author kim;	state Exp;
branches;
next	1.6;
commitid	1WUL6usrfGgW4y2G;

1.6
date	2025.05.03.19.50.19;	author jschauma;	state Exp;
branches;
next	1.5;
commitid	stOCxw3JYFpfVuTF;

1.5
date	2025.03.11.12.44.47;	author nia;	state Exp;
branches;
next	1.4;
commitid	j6CX0PjggaSshEMF;

1.4
date	2024.12.18.21.30.34;	author jschauma;	state Exp;
branches;
next	1.3;
commitid	5Ym95e7ZGwDlQ1CF;

1.3
date	2024.10.14.15.24.03;	author nia;	state Exp;
branches;
next	1.2;
commitid	r1fWdlzMEdA0VDtF;

1.2
date	2024.10.10.19.32.27;	author jschauma;	state Exp;
branches;
next	1.1;
commitid	lmw1UGXJXaN1p9tF;

1.1
date	2024.09.13.18.02.44;	author jschauma;	state Exp;
branches;
next	;
commitid	0wCicTHHhcqeNFpF;


desc
@@


1.8
log
@liboqs: Update to 0.15.0

upstream changes:
-----------------
0.15.0 [Friday, Nov 14, 2025]
Deprecation notice
  * liboqs 0.15.0 is the last version to officially support SPHINCS+. SPHINCS+ will be removed in the 0.16.0 release and replaced by SLH-DSA. liboqs 0.15.0 also removes support for Dilithium.
Significant changes
  * Integrated SLH-DSA implementation from pq-code-package/slhdsa-c
      o SLH-DSA ACVP tests (#2237)
      o Integrate SLH-DSA-C Library (#2175)
  * Added NTRU back (#2176)
  * Removed all Dilithium implementations (#2275)
  * Replaced SPHINCS+ with SLH-DSA for CMake build option OQS_ALGS_ENABLED=STD (#2290)
  * Updated CROSS to version 2.2 (#2247)
  * Included DeriveEncapsulation functionality (#2221)
  * Integrated ML-KEM implementation from ICICLE-PQC (#2216)
Bug fixes
  * Fixed erroneously disabled LMS variants with build flag OQS_ENABLE_SIG_STFL_LMS (#2310)
  * Fixed incorrect import in OV-III-pkc_skc (#2299)
  * Fixed incorrect actual signature length in signature full-cycle speed test (#2293)
  * Fixed ICICLE ML-KEM integration (#2288)
  * Disabled strict aliasing on SPHINCS+-SHAKE (#2264)
  * Fixed typo in test_kem.c (#2281)
  * Fixed uninitialized length_encaps_seed for NTRU implementations (#2266)
  * Changed 64 bit add to 32 bit add to wrap on 32 bit counter for AES-CTR AES-NI implementation (#2252)
  * Improved random number generator security (#2225)
  * Avoided invalid compiler options for MSVC (#2239)
  * Added Classic McEliece sanitization patch (#2218)
Miscellaneous
  * Deprecated noregress scripts (#2295)
  * Updated no-pass explanation for constant-time testing (#2294)
  * Fixed weekly test failures in GitHub Action (#2285)
  * Improved algorithm support readability in README.md (#2286)
  * Re-enabled all ACVP tests (#2283)
  * Moved continuous benchmarking to weekly tests (#2276)
  * Linked to contribution wishlist from CONTRIBUTING.md (#2273)
  * Added content:read permission to scorecard workflow (#2261)
  * Added guidance and questions on generative AI use (#2269)
  * Moved linux_arm_emulated to extended tests (#2236)
  * Fixed pluralization in docs: "key encapsulation mechanisms (KEMs)" (#2255)
  * Fixed permissions for poutine_analysis job (#2246)
  * Disabled testing on Travis CI (#2248)
  * Upgraded Jinja to 3.1.6 (#2214)
  * Updated license info for ML-KEM (#2250)
  * Fixed typos across codebase (#2244)
  * Restructured basic checks (#2233)
  * Fixed code scanning workflow (#2217)
  * Changed Nix install action to verified (#2212)
  * Removed armel comment (#2231)
  * Removed armel support from PLATFORMS.md (#2232)
  * Added Poutine SASL (#2213)
  * Updated nixpkgs from 24.05 to 25.05 (#2187)
  * Added Custom Timeout to CI (#2189)
  * Updated ACVP to 1.1.0.40 (#2172)
  * Switched to dev mode for 0.14.1 (#2199)
@
text
@# $NetBSD: Makefile,v 1.7 2025/07/13 06:08:54 kim Exp $

DISTNAME=	liboqs-0.15.0
CATEGORIES=	security
MASTER_SITES=	${MASTER_SITE_GITHUB:=open-quantum-safe/}

MAINTAINER=	logan@@cyberstorm.mu
HOMEPAGE=	https://github.com/open-quantum-safe/liboqs/
COMMENT=	Post quantum crypto library
LICENSE=	mit

# Used only for tests, not for other parts of the build.
USE_TOOLS+=		bash:test
PYTHON_FOR_BUILD_ONLY=	test
TOOLS_CREATE+=		python3
TOOLS_PATH.python3=	${TOOL_PYTHONBIN:Q}

CMAKE_CONFIGURE_ARGS+=	-DOQS_PERMIT_UNSUPPORTED_ARCHITECTURE=ON

.include "../../mk/bsd.fast.prefs.mk"

PLIST_VARS+=		x86_64
.if ${MACHINE_ARCH} == "x86_64"
PLIST.x86_64=		yes
CMAKE_CONFIGURE_ARGS+=	-DOQS_ENABLE_KEM_BIKE=ON
.else
CMAKE_CONFIGURE_ARGS+=	-DOQS_ENABLE_KEM_BIKE=OFF
.endif

REPLACE_BASH+=	tests/run_astyle.sh
REPLACE_BASH+=	tests/test_spdx.sh
REPLACE_BASH+=	tests/test_vectors.sh

TEST_DEPENDS+=	astyle>=0:../../devel/astyle
TEST_DEPENDS+=	${PYPKGPREFIX}-test>=0:../../devel/py-test
TEST_DEPENDS+=	${PYPKGPREFIX}-test-xdist>=0:../../devel/py-test-xdist
TEST_DEPENDS+=	${PYPKGPREFIX}-yaml>=0:../../textproc/py-yaml

TEST_TARGET=	run_tests

.include "../../devel/cmake/build.mk"
.include "../../lang/python/pyversion.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
@


1.7
log
@liboqs: Update to 0.14.0

Release notes

   This is version 0.14.0 of liboqs. It was released on July 10, 2025.

   This release contains a security fix for secret-dependent branching in
   HQC. It introduces support for SNOVA, a NIST Additional Signatures
   Round 2 candidate, and a new optimized implementation of SHA3 using
   AVX-512VL instructions. Additionally, this is the first liboqs release
   to include the stable 1.0.0 version of PQ Code Package's
   mlkem-native.

   This release also introduces a number of improvements to testing and
   infrastructure. The OQS project is now publishing benchmarking data on
   https://openquantumsafe.org/benchmarking and code coverage data on
   https://coveralls.io/github/open-quantum-safe/liboqs.

Deprecation notice

   This will be the last release of liboqs to include Dilithium (that is,
   the NIST Round 3 version of Dilithium, prior to its standardization by
   NIST as ML-DSA in FIPS 204). Applications should switch to ML-DSA (FIPS
   204). Please contact us if you have any concerns.

Security issues

     * CVE-2025-52473: Disabled compiler optimizations for HQC to avoid
       secret-dependent branches. Thank you to Zhenzhi Lai and Zhiyuan
       Zhang from from the University of Melbourne and the Max Planck
       Institute for Security and Privacy for identifying the issue.

What's New

   This release continues from the 0.13.0 release of liboqs.

Key encapsulation mechanisms

     * HQC: Disabled compiler optimizations to avoid secret-dependent
       branching in certain configurations. HQC remains disabled by
       default.
     * ML-KEM: Updated the default ML-KEM implementation to PQCP's
       mlkem-native v1.0.0.

Digital signature schemes

     * New API: added an API function to check if a signature scheme
       supports signing with a context string.
     * SNOVA: added SNOVA from NIST Additional Signature Schemes
       Round 2.

Other changes

     * Added an AVX512VL-optimized backend for SHA3.
     * Improved memory management throughout the codebase.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.6 2025/05/03 19:50:19 jschauma Exp $
d3 1
a3 1
DISTNAME=	liboqs-0.14.0
@


1.6
log
@update to liboqs-0.13.0

Key encapsulation mechanisms
- New API: Added a deterministic key generation and API for KEMs
  (only ML-KEM supported at the moment).
- ML-KEM: Changed the default ML-KEM implementation to PQCP's mlkem-native.
  There are three variants: Portable C, AVX2, and AArch64. Large parts
  of these implementations are formally verified: all of the C code is
  verified for memory and type safety using CBMC and the functional
  correctness of the core AArch64 assembly routines is verified using HOL-Light.
- ML-KEM: Added support for the ML-KEM implementation from Nvidia cuPQC,
  a GPU accelerated cryptography library.
- ML-KEM: Implementation from mlkem-native upstream updated to add Pair-wise
  Consistency Test (PCT) and Intel CET support.
- ML-KEM: Improved testing of ML-KEM keys.
- HQC: Disabled HQC by default until a new security flaw is fixed.

Digital signature schemes
- ML-DSA: Improved testing for ML-DSA.
- CROSS: Updated to NIST Additional Signatures Round 2 version.
- MAYO: Updated to NIST Additional Signatures Round 2 version.
- UOV: Added support for UOV algorithm from NIST Additional Signatures Round 2.

Other changes
- Added support for loongarch64 architecture.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.5 2025/03/11 12:44:47 nia Exp $
d3 1
a3 1
DISTNAME=	liboqs-0.13.0
@


1.5
log
@liboqs: Fix PLIST on LP32 archs.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.4 2024/12/18 21:30:34 jschauma Exp $
d3 1
a3 1
DISTNAME=	liboqs-0.12.0
@


1.4
log
@update to liboqs-0.12.0

Release notes:
https://github.com/open-quantum-safe/liboqs/releases/tag/0.12.0

This release updates the ML-DSA implementation to the
final FIPS 204 version. This release still includes
the NIST Round 3 version of Dilithium for
interoperability purposes, but we plan to remove
Dilithium Round 3 in a future release.

Deprecation  notice

This will be the last release of liboqs to include
Kyber (that is, the NIST Round 3 version of Kyber,
prior to its standardization by NIST as ML-KEM in FIPS
203). Applications should switch to ML-KEM (FIPS 203).

The addition of ML-DSA FIPS 204 final version to
liboqs has introduced a new signature API which
includes a context string parameter. We are planning
to remove the old version of the API without a context
string in the next release to streamline the API and
bring it in line with NIST specifications. Users who
have an opinion on this removal are invited to provide
input at #2001.

Security issues

CVE-2024-54137: Fixed bug in HQC decapsulation that
leads to incorrect shared secret value during
decapsulation when called with an invalid ciphertext.
Thank you to Célian Glénaz and Dahmun Goudarzi from
Quarkslab for identifying the issue.

What's New

This release continues from the 0.11.0 release of liboqs.

Key encapsulation mechanisms

HQC: Fixed bug in decapsulation that leads to
incorrect shared secret value during decapsulation
when called with an invalid ciphertext. Thank you to
Célian Glénaz and Dahmun Goudarzi from Quarkslab for
identifying the issue.

Kyber: This is the last release of liboqs to include Kyber.

ML-KEM: Improved testing of ML-KEM.

Digital signature schemes

LMS: Fixed crashing bug.

ML-DSA: Removed FIPS 204-ipd (initial public draft)
and replaced it with FIPS 204 final version.

Added new API for digital signatures with context
strings; see #2001 for plan to remove old API without
context string.

Added fuzzing tests for signature schemes.

Added benchmarking for stateful hash-based signature schemes.

Other changes

Updated CBOM format to version 1.6.

Added a function OQS_thread_stop to be called by
multi-threaded applications to properly deallocate
resources in a threaded execution.

Added preprocessor macros conveying liboqs version
information.
@
text
@d1 1
a1 1
# $NetBSD$
d20 10
@


1.3
log
@liboqs: Stop build system from rejecting "unsupported" archs.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.2 2024/10/10 19:32:27 jschauma Exp $
d3 1
a3 1
DISTNAME=	liboqs-0.11.0
@


1.2
log
@update to liboqs-0.11.0

What's New

Key encapsulation mechanisms

Kyber: Added formally-verified portable C and AVX2 implementations of Kyber-512 and Kyber-768 from libjade.
ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512, ML-KEM-768, and ML-KEM-1024 to FIP 203 version.
Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and Kyber-1024 to work with AddressSanitizer.

Digital signature schemes

LMS/XMSS: Added implementations of stateful hash-based signature schemes: XMSS and LMS.
MAYO: Added portable C and AVX2 implementations of MAYO signature scheme from NIST Additional Signatures Round 1.
CROSS: Added portable C and AVX2 implementations of CROSS signature scheme from NIST Additional Signatures Round 1.

Other changes

Added callback API to use custom implementations of AES, SHA2, and SHA3.
Refactor SHA3 implementation to use OpenSSL's EVP_DigestSqueeze() API.

Detailed changelog at https://github.com/open-quantum-safe/liboqs/releases/tag/0.11.0
@
text
@d1 1
a1 1
# $NetBSD$
d18 2
@


1.1
log
@add security/liboqs version 0.10.1

liboqs is an open source C library for quantum-safe cryptographic
algorithms.  It provides a collection of open-source implementations of
quantum-safe key encapsulation mechanism (KEM) and digital signature
algorithms, a common API for these algorithms, and a test harness and
benchmarking routines.

`liboqs` is part of the Open Quantum Safe (OQS) project.

This package is largely based on work done by logan@@cyberstorm.mu in
pkgsrc-wip with minor modifications by myself.
@
text
@d3 1
a3 1
DISTNAME=	liboqs-0.10.1
@