open-quantum-safe · praveksharma · Jun 17, 2025 · Jun 2, 2025 · Jun 2, 2025 · Jun 3, 2025
@@ -109,8 +109,8 @@ jobs:
 
       - name: Test curl and curl generic
         run: |
-          docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl perftest.sh &&
-          docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl-generic perftest.sh
+          docker run -e TEST_TIME=5 -e KEM_ALG=mlkem768 -e SIG_ALG=mldsa65 oqs-curl perftest.sh &&
+          docker run -e TEST_TIME=5 -e KEM_ALG=mlkem768 -e SIG_ALG=mldsa65 oqs-curl-generic perftest.sh
 
       - name: Push Docker image to registries
         if: env.push == 'true'

@@ -98,7 +98,7 @@ jobs:
         run: |
           docker network create h2load-test &&
           docker run --network h2load-test --detach --rm --name oqs-nginx oqs-nginx &&
-          docker run --network h2load-test oqs-h2load sh -c "h2load -n 100 -c 10 https://oqs-nginx:4433 --groups kyber512"
+          docker run --network h2load-test oqs-h2load sh -c "h2load -n 100 -c 10 https://oqs-nginx:4433 --groups mlkem512"
 
       - name: Push Docker image to registries
         if: env.push == 'true'

@@ -100,7 +100,7 @@ jobs:
           docker network create httpd-test &&
           docker run --network httpd-test --detach --rm --name oqs-httpd oqs-httpd &&
           sleep 2 &&
-          docker run --network httpd-test oqs-curl curl -k https://oqs-httpd:4433 --curves kyber768
+          docker run --network httpd-test oqs-curl curl -k https://oqs-httpd:4433 --curves mlkem768
 
       - name: Push Docker image to registries
         if: env.push == 'true'

@@ -1,14 +1,14 @@
 # Define build arguments for version tags, installation paths, and configurations.
 ARG ALPINE_VERSION=3.21
 ARG OPENSSL_TAG=openssl-3.4.0
-ARG LIBOQS_TAG=0.12.0
-ARG OQSPROVIDER_TAG=0.8.0
-ARG CURL_VERSION=8.13.0
+ARG LIBOQS_TAG=0.13.0
+ARG OQSPROVIDER_TAG=0.9.0
+ARG CURL_VERSION=8.14.0
 ARG INSTALLDIR=/opt/oqssa
 
 # Specify supported signature and key encapsulation mechanisms (KEM) algorithms.
-ARG SIG_ALG="dilithium3"
-ARG DEFAULT_GROUPS="x25519:x448:kyber512:p256_kyber512:kyber768:p384_kyber768:kyber1024:p521_kyber1024"
+ARG SIG_ALG="mldsa65"
+ARG DEFAULT_GROUPS="x25519:x448:mlkem512:p256_mlkem512:mlkem768:p384_mlkem768:mlkem1024:p521_mlkem1024"
 
 
 # Stage 1: Build - Compile and assemble all necessary components and dependencies.
@@ -21,7 +21,7 @@ ARG INSTALLDIR
 ARG SIG_ALG
 ARG DEFAULT_GROUPS
 
-LABEL version="6"
+LABEL version="7"
 
 # Install required build tools and system dependencies.
 RUN apk update && apk --no-cache add build-base linux-headers \

@@ -1,4 +1,4 @@
-ARG CURL_VERSION=8.13.0
+ARG CURL_VERSION=8.14.0
 ARG QUICHE_VERSION=0.24.2
 
 # Stage 1: Build - Compile and assemble all necessary components and dependencies.

@@ -5,8 +5,8 @@ ARG INSTALLDIR=/opt/oqssa
 
 # OpenSSL/OQS Versions
 ARG OPENSSL_TAG=openssl-3.4.0
-ARG LIBOQS_TAG=0.12.0
-ARG OQSPROVIDER_TAG=0.8.0
+ARG LIBOQS_TAG=0.13.0
+ARG OQSPROVIDER_TAG=0.9.0
 
 # architecture to build on
 ARG ARCH=x86_64
@@ -17,7 +17,7 @@ ARG KEM_ALGLIST="mlkem768:p384_mlkem768:x25519"
 
 # Stage 1: Build - Compile and assemble all necessary components and dependencies
 FROM ubuntu:${UBUNTU_VERSION} AS intermediate
-LABEL version="1"
+LABEL version="2"
 
 ARG OPENSSL_TAG
 ARG LIBOQS_TAG

@@ -1,17 +1,17 @@
 # Define build arguments for version tags, installation paths, and configurations.
 ARG ALPINE_VERSION=3.21
 ARG OPENSSL_TAG=openssl-3.4.0
-ARG LIBOQS_TAG=0.12.0
-ARG OQSPROVIDER_TAG=0.8.0
+ARG LIBOQS_TAG=0.13.0
+ARG OQSPROVIDER_TAG=0.9.0
 ARG HAPROXY_RELEASE=3.0
 ARG HAPROXY_MICRO=5
 ARG HAPROXY_VERSION=${HAPROXY_RELEASE}.${HAPROXY_MICRO}
 ARG INSTALLDIR=/opt/oqssa
 ARG HAPROXYDIR=/opt/haproxy
 
 # Specify supported signature and key encapsulation mechanisms (KEM) algorithms.
-ARG KEM_ALGLIST="kyber768:p384_kyber768"
-ARG SIG_ALG=dilithium3
+ARG KEM_ALGLIST="mlkem768:p384_mlkem768"
+ARG SIG_ALG=mldsa65
 
 # Stage 1: Build - Compile and assemble all necessary components and dependencies.
 FROM alpine:${ALPINE_VERSION} AS intermediate

@@ -3,7 +3,7 @@
 if [ "x$KEM_ALG" != "x" ]; then
    # kem name given, set it
    echo "Setting KEM alg $KEM_ALG"
-   sed -i "s/kyber768/$KEM_ALG/g" /opt/haproxy/conf/haproxy.cfg
+   sed -i "s/mlkem768/$KEM_ALG/g" /opt/haproxy/conf/haproxy.cfg
 fi
 
 cd /opt/haproxy

@@ -1,18 +1,18 @@
 # Define build arguments for version tags, installation paths, and configurations
 ARG ALPINE_VERSION=3.21
 ARG OPENSSL_TAG=openssl-3.4.0
-ARG LIBOQS_TAG=0.12.0
-ARG OQSPROVIDER_TAG=0.8.0
-ARG HTTPD_VERSION=2.4.62
-ARG APR_VERSION=1.7.5
+ARG LIBOQS_TAG=0.13.0
+ARG OQSPROVIDER_TAG=0.9.0
+ARG HTTPD_VERSION=2.4.63
+ARG APR_VERSION=1.7.6
 ARG APRU_VERSION=1.6.3
 ARG OPENSSL_PATH=/opt/openssl
 ARG HTTPD_PATH=/opt/httpd
 ARG APR_MIRROR="https://dlcdn.apache.org"
 
 # Specify supported signature and key encapsulation mechanisms (KEM) algorithms
-ARG SIG_ALG="dilithium3"
-ARG DEFAULT_GROUPS="kyber768:p384_kyber768"
+ARG SIG_ALG="mldsa65"
+ARG DEFAULT_GROUPS="mlkem768:p384_mlkem768"
 
 # Stage 1: Build - Compile and assemble all necessary components and dependencies
 FROM alpine:${ALPINE_VERSION} AS intermediate

@@ -5,10 +5,10 @@
 ARG OPENSSL_TAG=openssl-3.4.0
 
 # define the liboqs tag to be used
-ARG LIBOQS_TAG=0.12.0
+ARG LIBOQS_TAG=0.13.0
 
 # define the oqsprovider tag to be used
-ARG OQSPROVIDER_TAG=0.8.0
+ARG OQSPROVIDER_TAG=0.9.0
 
 # Default location where all binaries wind up:
 ARG INSTALLDIR=/opt/oqssa

@@ -1,9 +1,9 @@
 # Define build arguments for version tags, installation paths, and configurations
 ARG ALPINE_VERSION=3.21
 ARG OPENSSL_TAG=openssl-3.4.0
-ARG LIBOQS_TAG=0.12.0
-ARG OQSPROVIDER_TAG=0.8.0
-ARG NGINX_VERSION=1.27.4
+ARG LIBOQS_TAG=0.13.0
+ARG OQSPROVIDER_TAG=0.9.0
+ARG NGINX_VERSION=1.28.0
 ARG BASEDIR="/opt"
 ARG INSTALLDIR=${BASEDIR}/nginx
 

@@ -5,11 +5,11 @@ ARG INSTALLDIR=/opt/oqssa
 
 # OpenSSL/OQS Versions
 ARG OPENSSL_TAG=openssl-3.4.0
-ARG LIBOQS_TAG=0.12.0
-ARG OQSPROVIDER_TAG=0.8.0
+ARG LIBOQS_TAG=0.13.0
+ARG OQSPROVIDER_TAG=0.9.0
 
 # Nodejs specific versions, Always use an LTS version for nodejs
-ARG NODEJS_VERSION=v22.14.0
+ARG NODEJS_VERSION=v22.16.0
 ARG CARES_VERSION=1.28.0
 ARG LIBUV_VERSION=v1.50.0
 
@@ -18,7 +18,7 @@ ARG KEM_ALGLIST="mlkem768:p384_mlkem768"
 
 # Stage 1: Build - Compile and assemble all necessary components and dependencies
 FROM ubuntu:${UBUNTU_VERSION} AS intermediate
-LABEL version="1"
+LABEL version="3"
 
 ARG OPENSSL_TAG
 ARG LIBOQS_TAG

@@ -1,7 +1,7 @@
 # Define build arguments for version tags, installation paths, and configurations
 # Note: Changing LIBOQS_TAG may require updates in sshd_config and ssh_config
 ARG ALPINE_VERSION=3.21
-ARG LIBOQS_TAG=0.12.0
+ARG LIBOQS_TAG=0.13.0
 ARG OQS_OPENSSH_RELEASE="OQS-v9"
 ARG DEFAULT_INSTALL_DIR=/opt/oqs-ssh
 ARG INSTALL_DIR=${DEFAULT_INSTALL_DIR}

@@ -9,7 +9,7 @@ rc-service oqs-sshd stop
 OPTIONS=${OPTIONS:="-q -o BatchMode=yes -o StrictHostKeyChecking=no"}
 
 SIG=${SIG_ALG:="ecdsa-nistp384-mldsa65"}
-KEM=${KEM_ALG:="ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org"}
+KEM=${KEM_ALG:="mlkem768nistp256-sha256"}
 
 # Generate new identity keys, overwrite old keys
 SSH_DIR="/home/${OQS_USER}/.ssh"

@@ -5,7 +5,7 @@
 OPTIONS=${OPTIONS:=""}
 
 SIG=${SIG_ALG:="ecdsa-nistp384-mldsa65"}
-KEM=${KEM_ALG:="ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org"}
+KEM=${KEM_ALG:="mlkem768nistp256-sha256"}
 
 # Optionally set port
 # if left empty, the options defined in sshd_config will be used

@@ -22,7 +22,7 @@
 ###############################################################################
 
 # Key-exchange algorithms
-KexAlgorithms ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org
+KexAlgorithms mlkem768nistp256-sha256
 
 # The host key algorithms ssh accepts
 HostKeyAlgorithms ssh-ecdsa-nistp384-mldsa65

@@ -15,7 +15,7 @@
 ###############################################################################
 
 # Key-exchange algorithms
-KexAlgorithms ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org
+KexAlgorithms mlkem768nistp256-sha256
 
 # Host key algorithms, these determine the generated host keys
 HostKeyAlgorithms ssh-ecdsa-nistp384-mldsa65

@@ -1,8 +1,8 @@
 # Define build arguments for version tags, installation paths, and configurations
 ARG UBUNTU_VERSION=24.04
 ARG OPENSSL_TAG=openssl-3.4.0
-ARG LIBOQS_TAG=0.12.0
-ARG OQSPROVIDER_TAG=0.8.0
+ARG LIBOQS_TAG=0.13.0
+ARG OQSPROVIDER_TAG=0.9.0
 ARG OPENVPN_TAG=v2.6.14
 ARG INSTALLDIR=/opt/oqssa
 ARG OPENVPNDIR=/home/openvpn