Disable Dilithium and SPHINCS+ sig algs by default

This fixes #399 With the current default enabled sig algs, some servers may fail to complete the TLS handshake. This is probably not an OpenSSL or oqsprovider bug but a buggy TLS implementation on the server side. I guess something similar to what is described in https://tldr.fail/. Until the issue is better understood, let's enable less sig algs by default so that the changes of users being affected by this issue are lower. The only file manually edited was oqs-template/generate.yml with ```shell sed -i -e 's/enable: true/enable: false/g' oqs-template/generate.yml sed -i -e '552,660s/enable: false/enable: true/g' oqs-template/generate.yml sed -i -e '661,763s/enable: false/enable: true/g' oqs-template/generate.yml ``` The rest of the files were generated with ```shell bash oqs-template/generate.sh ```
open-quantum-safe · May 1, 2024 · 33f0ba2 · 33f0ba2
1 parent 86605d7
commit 33f0ba2
Show file tree

Hide file tree

Showing 14 changed files with 355 additions and 1,932 deletions.
diff --git a/ALGORITHMS.md b/ALGORITHMS.md
@@ -65,13 +65,13 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
 | x448_hqc192 | 0x2FB1 | Yes | OQS_CODEPOINT_X448_HQC192 |
 | hqc256 | 0x0246 | Yes | OQS_CODEPOINT_HQC256 |
 | p521_hqc256 | 0x2F46 | Yes | OQS_CODEPOINT_P521_HQC256 |
-| dilithium2 | 0xfea0 |Yes| OQS_CODEPOINT_DILITHIUM2
-| p256_dilithium2 | 0xfea1 |Yes| OQS_CODEPOINT_P256_DILITHIUM2
-| rsa3072_dilithium2 | 0xfea2 |Yes| OQS_CODEPOINT_RSA3072_DILITHIUM2
-| dilithium3 | 0xfea3 |Yes| OQS_CODEPOINT_DILITHIUM3
-| p384_dilithium3 | 0xfea4 |Yes| OQS_CODEPOINT_P384_DILITHIUM3
-| dilithium5 | 0xfea5 |Yes| OQS_CODEPOINT_DILITHIUM5
-| p521_dilithium5 | 0xfea6 |Yes| OQS_CODEPOINT_P521_DILITHIUM5
+| dilithium2 | 0xfea0 |No| OQS_CODEPOINT_DILITHIUM2
+| p256_dilithium2 | 0xfea1 |No| OQS_CODEPOINT_P256_DILITHIUM2
+| rsa3072_dilithium2 | 0xfea2 |No| OQS_CODEPOINT_RSA3072_DILITHIUM2
+| dilithium3 | 0xfea3 |No| OQS_CODEPOINT_DILITHIUM3
+| p384_dilithium3 | 0xfea4 |No| OQS_CODEPOINT_P384_DILITHIUM3
+| dilithium5 | 0xfea5 |No| OQS_CODEPOINT_DILITHIUM5
+| p521_dilithium5 | 0xfea6 |No| OQS_CODEPOINT_P521_DILITHIUM5
 | mldsa44 | 0xfed0 |Yes| OQS_CODEPOINT_MLDSA44
 | p256_mldsa44 | 0xfed3 |Yes| OQS_CODEPOINT_P256_MLDSA44
 | rsa3072_mldsa44 | 0xfed4 |Yes| OQS_CODEPOINT_RSA3072_MLDSA44
@@ -89,23 +89,23 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
 | p521_falcon1024 | 0xfedb |Yes| OQS_CODEPOINT_P521_FALCON1024
 | falconpadded1024 | 0xfedf |Yes| OQS_CODEPOINT_FALCONPADDED1024
 | p521_falconpadded1024 | 0xfee0 |Yes| OQS_CODEPOINT_P521_FALCONPADDED1024
-| sphincssha2128fsimple | 0xfeb3 |Yes| OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE
-| p256_sphincssha2128fsimple | 0xfeb4 |Yes| OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE
-| rsa3072_sphincssha2128fsimple | 0xfeb5 |Yes| OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE
-| sphincssha2128ssimple | 0xfeb6 |Yes| OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE
-| p256_sphincssha2128ssimple | 0xfeb7 |Yes| OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE
-| rsa3072_sphincssha2128ssimple | 0xfeb8 |Yes| OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE
-| sphincssha2192fsimple | 0xfeb9 |Yes| OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE
-| p384_sphincssha2192fsimple | 0xfeba |Yes| OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE
+| sphincssha2128fsimple | 0xfeb3 |No| OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE
+| p256_sphincssha2128fsimple | 0xfeb4 |No| OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE
+| rsa3072_sphincssha2128fsimple | 0xfeb5 |No| OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE
+| sphincssha2128ssimple | 0xfeb6 |No| OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE
+| p256_sphincssha2128ssimple | 0xfeb7 |No| OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE
+| rsa3072_sphincssha2128ssimple | 0xfeb8 |No| OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE
+| sphincssha2192fsimple | 0xfeb9 |No| OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE
+| p384_sphincssha2192fsimple | 0xfeba |No| OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE
 | sphincssha2192ssimple | 0xfebb |No| OQS_CODEPOINT_SPHINCSSHA2192SSIMPLE
 | p384_sphincssha2192ssimple | 0xfebc |No| OQS_CODEPOINT_P384_SPHINCSSHA2192SSIMPLE
 | sphincssha2256fsimple | 0xfebd |No| OQS_CODEPOINT_SPHINCSSHA2256FSIMPLE
 | p521_sphincssha2256fsimple | 0xfebe |No| OQS_CODEPOINT_P521_SPHINCSSHA2256FSIMPLE
 | sphincssha2256ssimple | 0xfec0 |No| OQS_CODEPOINT_SPHINCSSHA2256SSIMPLE
 | p521_sphincssha2256ssimple | 0xfec1 |No| OQS_CODEPOINT_P521_SPHINCSSHA2256SSIMPLE
-| sphincsshake128fsimple | 0xfec2 |Yes| OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE
-| p256_sphincsshake128fsimple | 0xfec3 |Yes| OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE
-| rsa3072_sphincsshake128fsimple | 0xfec4 |Yes| OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE
+| sphincsshake128fsimple | 0xfec2 |No| OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE
+| p256_sphincsshake128fsimple | 0xfec3 |No| OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE
+| rsa3072_sphincsshake128fsimple | 0xfec4 |No| OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE
 | sphincsshake128ssimple | 0xfec5 |No| OQS_CODEPOINT_SPHINCSSHAKE128SSIMPLE
 | p256_sphincsshake128ssimple | 0xfec6 |No| OQS_CODEPOINT_P256_SPHINCSSHAKE128SSIMPLE
 | rsa3072_sphincsshake128ssimple | 0xfec7 |No| OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128SSIMPLE
@@ -142,13 +142,13 @@ adapting the OIDs of all supported signature algorithms as per the table below.
 <!--- OQS_TEMPLATE_FRAGMENT_OIDS_START -->
 |Algorithm name |    default OID    | enabled | environment variable |
 |---------------|:-----------------:|:-------:|----------------------|
-| dilithium2 | 1.3.6.1.4.1.2.267.7.4.4 |Yes| OQS_OID_DILITHIUM2
-| p256_dilithium2 | 1.3.9999.2.7.1 |Yes| OQS_OID_P256_DILITHIUM2
-| rsa3072_dilithium2 | 1.3.9999.2.7.2 |Yes| OQS_OID_RSA3072_DILITHIUM2
-| dilithium3 | 1.3.6.1.4.1.2.267.7.6.5 |Yes| OQS_OID_DILITHIUM3
-| p384_dilithium3 | 1.3.9999.2.7.3 |Yes| OQS_OID_P384_DILITHIUM3
-| dilithium5 | 1.3.6.1.4.1.2.267.7.8.7 |Yes| OQS_OID_DILITHIUM5
-| p521_dilithium5 | 1.3.9999.2.7.4 |Yes| OQS_OID_P521_DILITHIUM5
+| dilithium2 | 1.3.6.1.4.1.2.267.7.4.4 |No| OQS_OID_DILITHIUM2
+| p256_dilithium2 | 1.3.9999.2.7.1 |No| OQS_OID_P256_DILITHIUM2
+| rsa3072_dilithium2 | 1.3.9999.2.7.2 |No| OQS_OID_RSA3072_DILITHIUM2
+| dilithium3 | 1.3.6.1.4.1.2.267.7.6.5 |No| OQS_OID_DILITHIUM3
+| p384_dilithium3 | 1.3.9999.2.7.3 |No| OQS_OID_P384_DILITHIUM3
+| dilithium5 | 1.3.6.1.4.1.2.267.7.8.7 |No| OQS_OID_DILITHIUM5
+| p521_dilithium5 | 1.3.9999.2.7.4 |No| OQS_OID_P521_DILITHIUM5
 | mldsa44 | 1.3.6.1.4.1.2.267.12.4.4 |Yes| OQS_OID_MLDSA44
 | p256_mldsa44 | 1.3.9999.7.1 |Yes| OQS_OID_P256_MLDSA44
 | rsa3072_mldsa44 | 1.3.9999.7.2 |Yes| OQS_OID_RSA3072_MLDSA44
@@ -179,23 +179,23 @@ adapting the OIDs of all supported signature algorithms as per the table below.
 | p521_falcon1024 | 1.3.9999.3.15 |Yes| OQS_OID_P521_FALCON1024
 | falconpadded1024 | 1.3.9999.3.19 |Yes| OQS_OID_FALCONPADDED1024
 | p521_falconpadded1024 | 1.3.9999.3.20 |Yes| OQS_OID_P521_FALCONPADDED1024
-| sphincssha2128fsimple | 1.3.9999.6.4.13 |Yes| OQS_OID_SPHINCSSHA2128FSIMPLE
-| p256_sphincssha2128fsimple | 1.3.9999.6.4.14 |Yes| OQS_OID_P256_SPHINCSSHA2128FSIMPLE
-| rsa3072_sphincssha2128fsimple | 1.3.9999.6.4.15 |Yes| OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE
-| sphincssha2128ssimple | 1.3.9999.6.4.16 |Yes| OQS_OID_SPHINCSSHA2128SSIMPLE
-| p256_sphincssha2128ssimple | 1.3.9999.6.4.17 |Yes| OQS_OID_P256_SPHINCSSHA2128SSIMPLE
-| rsa3072_sphincssha2128ssimple | 1.3.9999.6.4.18 |Yes| OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE
-| sphincssha2192fsimple | 1.3.9999.6.5.10 |Yes| OQS_OID_SPHINCSSHA2192FSIMPLE
-| p384_sphincssha2192fsimple | 1.3.9999.6.5.11 |Yes| OQS_OID_P384_SPHINCSSHA2192FSIMPLE
+| sphincssha2128fsimple | 1.3.9999.6.4.13 |No| OQS_OID_SPHINCSSHA2128FSIMPLE
+| p256_sphincssha2128fsimple | 1.3.9999.6.4.14 |No| OQS_OID_P256_SPHINCSSHA2128FSIMPLE
+| rsa3072_sphincssha2128fsimple | 1.3.9999.6.4.15 |No| OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE
+| sphincssha2128ssimple | 1.3.9999.6.4.16 |No| OQS_OID_SPHINCSSHA2128SSIMPLE
+| p256_sphincssha2128ssimple | 1.3.9999.6.4.17 |No| OQS_OID_P256_SPHINCSSHA2128SSIMPLE
+| rsa3072_sphincssha2128ssimple | 1.3.9999.6.4.18 |No| OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE
+| sphincssha2192fsimple | 1.3.9999.6.5.10 |No| OQS_OID_SPHINCSSHA2192FSIMPLE
+| p384_sphincssha2192fsimple | 1.3.9999.6.5.11 |No| OQS_OID_P384_SPHINCSSHA2192FSIMPLE
 | sphincssha2192ssimple | 1.3.9999.6.5.12 |No| OQS_OID_SPHINCSSHA2192SSIMPLE
 | p384_sphincssha2192ssimple | 1.3.9999.6.5.13 |No| OQS_OID_P384_SPHINCSSHA2192SSIMPLE
 | sphincssha2256fsimple | 1.3.9999.6.6.10 |No| OQS_OID_SPHINCSSHA2256FSIMPLE
 | p521_sphincssha2256fsimple | 1.3.9999.6.6.11 |No| OQS_OID_P521_SPHINCSSHA2256FSIMPLE
 | sphincssha2256ssimple | 1.3.9999.6.6.12 |No| OQS_OID_SPHINCSSHA2256SSIMPLE
 | p521_sphincssha2256ssimple | 1.3.9999.6.6.13 |No| OQS_OID_P521_SPHINCSSHA2256SSIMPLE
-| sphincsshake128fsimple | 1.3.9999.6.7.13 |Yes| OQS_OID_SPHINCSSHAKE128FSIMPLE
-| p256_sphincsshake128fsimple | 1.3.9999.6.7.14 |Yes| OQS_OID_P256_SPHINCSSHAKE128FSIMPLE
-| rsa3072_sphincsshake128fsimple | 1.3.9999.6.7.15 |Yes| OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE
+| sphincsshake128fsimple | 1.3.9999.6.7.13 |No| OQS_OID_SPHINCSSHAKE128FSIMPLE
+| p256_sphincsshake128fsimple | 1.3.9999.6.7.14 |No| OQS_OID_P256_SPHINCSSHAKE128FSIMPLE
+| rsa3072_sphincsshake128fsimple | 1.3.9999.6.7.15 |No| OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE
 | sphincsshake128ssimple | 1.3.9999.6.7.16 |No| OQS_OID_SPHINCSSHAKE128SSIMPLE
 | p256_sphincsshake128ssimple | 1.3.9999.6.7.17 |No| OQS_OID_P256_SPHINCSSHAKE128SSIMPLE
 | rsa3072_sphincsshake128ssimple | 1.3.9999.6.7.18 |No| OQS_OID_RSA3072_SPHINCSSHAKE128SSIMPLE

diff --git a/README.md b/README.md
@@ -45,12 +45,12 @@ This implementation makes available the following quantum safe algorithms:
 
 ### Signature algorithms
 
-- **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium5`\*, `p521_dilithium5`\*
+- **CRYSTALS-Dilithium**:`dilithium2`, `p256_dilithium2`, `rsa3072_dilithium2`, `dilithium3`, `p384_dilithium3`, `dilithium5`, `p521_dilithium5`
 - **ML-DSA**:`mldsa44`\*, `p256_mldsa44`\*, `rsa3072_mldsa44`\*, `mldsa44_pss2048`\*, `mldsa44_rsa2048`\*, `mldsa44_ed25519`\*, `mldsa44_p256`\*, `mldsa44_bp256`\*, `mldsa65`\*, `p384_mldsa65`\*, `mldsa65_pss3072`\*, `mldsa65_rsa3072`\*, `mldsa65_p256`\*, `mldsa65_bp256`\*, `mldsa65_ed25519`\*, `mldsa87`\*, `p521_mldsa87`\*, `mldsa87_p384`\*, `mldsa87_bp384`\*, `mldsa87_ed448`\*
 - **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falconpadded512`\*, `p256_falconpadded512`\*, `rsa3072_falconpadded512`\*, `falcon1024`\*, `p521_falcon1024`\*, `falconpadded1024`\*, `p521_falconpadded1024`\*
 
-- **SPHINCS-SHA2**:`sphincssha2128fsimple`\*, `p256_sphincssha2128fsimple`\*, `rsa3072_sphincssha2128fsimple`\*, `sphincssha2128ssimple`\*, `p256_sphincssha2128ssimple`\*, `rsa3072_sphincssha2128ssimple`\*, `sphincssha2192fsimple`\*, `p384_sphincssha2192fsimple`\*, `sphincssha2192ssimple`, `p384_sphincssha2192ssimple`, `sphincssha2256fsimple`, `p521_sphincssha2256fsimple`, `sphincssha2256ssimple`, `p521_sphincssha2256ssimple`
-- **SPHINCS-SHAKE**:`sphincsshake128fsimple`\*, `p256_sphincsshake128fsimple`\*, `rsa3072_sphincsshake128fsimple`\*, `sphincsshake128ssimple`, `p256_sphincsshake128ssimple`, `rsa3072_sphincsshake128ssimple`, `sphincsshake192fsimple`, `p384_sphincsshake192fsimple`, `sphincsshake192ssimple`, `p384_sphincsshake192ssimple`, `sphincsshake256fsimple`, `p521_sphincsshake256fsimple`, `sphincsshake256ssimple`, `p521_sphincsshake256ssimple`
+- **SPHINCS-SHA2**:`sphincssha2128fsimple`, `p256_sphincssha2128fsimple`, `rsa3072_sphincssha2128fsimple`, `sphincssha2128ssimple`, `p256_sphincssha2128ssimple`, `rsa3072_sphincssha2128ssimple`, `sphincssha2192fsimple`, `p384_sphincssha2192fsimple`, `sphincssha2192ssimple`, `p384_sphincssha2192ssimple`, `sphincssha2256fsimple`, `p521_sphincssha2256fsimple`, `sphincssha2256ssimple`, `p521_sphincssha2256ssimple`
+- **SPHINCS-SHAKE**:`sphincsshake128fsimple`, `p256_sphincsshake128fsimple`, `rsa3072_sphincsshake128fsimple`, `sphincsshake128ssimple`, `p256_sphincsshake128ssimple`, `rsa3072_sphincsshake128ssimple`, `sphincsshake192fsimple`, `p384_sphincsshake192fsimple`, `sphincsshake192ssimple`, `p384_sphincsshake192ssimple`, `sphincsshake256fsimple`, `p521_sphincsshake256fsimple`, `sphincsshake256ssimple`, `p521_sphincsshake256ssimple`
 
 <!--- OQS_TEMPLATE_FRAGMENT_ALGS_END -->
 

diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml
@@ -414,7 +414,7 @@ sigs:
     #    oqs_meth: 'OQS_SIG_alg_default'
     #    oid: '1.3.9999.1.1'
     #    code_point: '0xfe00'
-    #    enable: true
+    #    enable: false
     #    mix_with: [{'name': 'p256',
     #                'pretty_name': 'ECDSA p256',
     #                'oid': '1.3.9999.1.2',
@@ -466,7 +466,7 @@ sigs:
         oid: '1.3.6.1.4.1.2.267.7.4.4'
         code_point: '0xfea0'
         supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
-        enable: true
+        enable: false
         mix_with: [{'name': 'p256',
                     'pretty_name': 'ECDSA p256',
                     'oid': '1.3.9999.2.7.1',
@@ -482,7 +482,7 @@ sigs:
         oid: '1.3.6.1.4.1.2.267.7.6.5'
         code_point: '0xfea3'
         supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
-        enable: true
+        enable: false
         mix_with: [{'name': 'p384',
                     'pretty_name': 'ECDSA p384',
                     'oid': '1.3.9999.2.7.3',
@@ -494,7 +494,7 @@ sigs:
         oid: '1.3.6.1.4.1.2.267.7.8.7'
         code_point: '0xfea5'
         supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
-        enable: true
+        enable: false
         mix_with: [{'name': 'p521',
                     'pretty_name': 'ECDSA p521',
                     'oid': '1.3.9999.2.7.4',
@@ -988,7 +988,7 @@ sigs:
         oid: '1.3.9999.6.4.13'
         code_point: '0xfeb3'
         supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
-        enable: true
+        enable: false
         mix_with: [{'name': 'p256',
                     'pretty_name': 'ECDSA p256',
                     'oid': '1.3.9999.6.4.14',
@@ -1038,7 +1038,7 @@ sigs:
         oid: '1.3.9999.6.4.16'
         code_point: '0xfeb6'
         supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
-        enable: true
+        enable: false
         mix_with: [{'name': 'p256',
                     'pretty_name': 'ECDSA p256',
                     'oid': '1.3.9999.6.4.17',
@@ -1084,7 +1084,7 @@ sigs:
         oid: '1.3.9999.6.5.10'
         code_point: '0xfeb9'
         supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
-        enable: true
+        enable: false
         mix_with: [{'name': 'p384',
                     'pretty_name': 'ECDSA p384',
                     'oid': '1.3.9999.6.5.11',
@@ -1243,7 +1243,7 @@ sigs:
         oid: '1.3.9999.6.7.13'
         code_point: '0xfec2'
         supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
-        enable: true
+        enable: false
         mix_with: [{'name': 'p256',
                     'pretty_name': 'ECDSA p256',
                     'oid': '1.3.9999.6.7.14',

diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c
@@ -689,21 +689,6 @@ MAKE_DECODER(_ecp, "p521_hqc256", p521_hqc256, oqsx, PrivateKeyInfo);
 MAKE_DECODER(_ecp, "p521_hqc256", p521_hqc256, oqsx, SubjectPublicKeyInfo);
 #endif /* OQS_KEM_ENCODERS */
 
-MAKE_DECODER(, "dilithium2", dilithium2, oqsx, PrivateKeyInfo);
-MAKE_DECODER(, "dilithium2", dilithium2, oqsx, SubjectPublicKeyInfo);
-MAKE_DECODER(, "p256_dilithium2", p256_dilithium2, oqsx, PrivateKeyInfo);
-MAKE_DECODER(, "p256_dilithium2", p256_dilithium2, oqsx, SubjectPublicKeyInfo);
-MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, PrivateKeyInfo);
-MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx,
-             SubjectPublicKeyInfo);
-MAKE_DECODER(, "dilithium3", dilithium3, oqsx, PrivateKeyInfo);
-MAKE_DECODER(, "dilithium3", dilithium3, oqsx, SubjectPublicKeyInfo);
-MAKE_DECODER(, "p384_dilithium3", p384_dilithium3, oqsx, PrivateKeyInfo);
-MAKE_DECODER(, "p384_dilithium3", p384_dilithium3, oqsx, SubjectPublicKeyInfo);
-MAKE_DECODER(, "dilithium5", dilithium5, oqsx, PrivateKeyInfo);
-MAKE_DECODER(, "dilithium5", dilithium5, oqsx, SubjectPublicKeyInfo);
-MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, PrivateKeyInfo);
-MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, SubjectPublicKeyInfo);
 MAKE_DECODER(, "mldsa44", mldsa44, oqsx, PrivateKeyInfo);
 MAKE_DECODER(, "mldsa44", mldsa44, oqsx, SubjectPublicKeyInfo);
 MAKE_DECODER(, "p256_mldsa44", p256_mldsa44, oqsx, PrivateKeyInfo);
@@ -772,48 +757,4 @@ MAKE_DECODER(, "p521_falconpadded1024", p521_falconpadded1024, oqsx,
              PrivateKeyInfo);
 MAKE_DECODER(, "p521_falconpadded1024", p521_falconpadded1024, oqsx,
              SubjectPublicKeyInfo);
-MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx,
-             PrivateKeyInfo);
-MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx,
-             SubjectPublicKeyInfo);
-MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx,
-             PrivateKeyInfo);
-MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx,
-             SubjectPublicKeyInfo);
-MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple,
-             oqsx, PrivateKeyInfo);
-MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple,
-             oqsx, SubjectPublicKeyInfo);
-MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx,
-             PrivateKeyInfo);
-MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx,
-             SubjectPublicKeyInfo);
-MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx,
-             PrivateKeyInfo);
-MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx,
-             SubjectPublicKeyInfo);
-MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple,
-             oqsx, PrivateKeyInfo);
-MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple,
-             oqsx, SubjectPublicKeyInfo);
-MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx,
-             PrivateKeyInfo);
-MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx,
-             SubjectPublicKeyInfo);
-MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx,
-             PrivateKeyInfo);
-MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx,
-             SubjectPublicKeyInfo);
-MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx,
-             PrivateKeyInfo);
-MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx,
-             SubjectPublicKeyInfo);
-MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx,
-             PrivateKeyInfo);
-MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx,
-             SubjectPublicKeyInfo);
-MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple,
-             oqsx, PrivateKeyInfo);
-MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple,
-             oqsx, SubjectPublicKeyInfo);
 ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END