From 4bfbab58932fa94ce6f6c3363dabc72653b7f5d9 Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Fri, 13 Sep 2024 22:17:16 +0200 Subject: [PATCH 1/9] Bump version string; update release and security notes. Signed-off-by: Pravek Sharma Signed-off-by: Spencer Wilson --- CMakeLists.txt | 2 +- RELEASE.md | 14 +++++++------- SECURITY.md | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 6973fbc5c..19b3cbc3f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,7 +34,7 @@ set(CMAKE_C_STANDARD 11) set(CMAKE_C_STANDARD_REQUIRED ON) set(CMAKE_POSITION_INDEPENDENT_CODE ON) set(CMAKE_C_VISIBILITY_PRESET hidden) -set(OQS_VERSION_TEXT "0.10.2-dev") +set(OQS_VERSION_TEXT "0.11.0-rc1") set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}") set(OQS_MINIMAL_GCC_VERSION "7.1.0") set(CMAKE_EXPORT_COMPILE_COMMANDS ON) diff --git a/RELEASE.md b/RELEASE.md index 6d022bb3b..7201e1c61 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,4 +1,4 @@ -liboqs version 0.10.0 +liboqs version 0.11.0-rc1 ===================== About @@ -28,20 +28,20 @@ liboqs can also be used in the following programming languages via language-spec Release notes ============= -This is version 0.10.0 of liboqs. It was released on March 20, 2024. +This is release candidate 1 of version 0.11.0 of liboqs. It was released on September 13, 2024. -This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of [FIPS 203](https://csrc.nist.gov/pubs/fips/203/ipd) and [FIPS 204](https://csrc.nist.gov/pubs/fips/204/ipd), respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures. +This release updates ML-KEM implementations to their [final FIP 203](https://csrc.nist.gov/pubs/fips/203/final) versions (OQS continues to support NIST Round 3 version of Kyber for interoperability purposes). Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2). What's New ---------- -This release continues from the 0.9.2 release of liboqs. +This release continues from the 0.10.1 release of liboqs. ### Key encapsulation mechanisms -- BIKE: Updated portable C implementation to include constant-time fixes from upstream. -- HQC: Updated to NIST Round 4 version. -- ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024. +- Kyber: Added formally-verified portable C and AVX2 implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2). +- ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512, ML-KEM-768, and ML-KEM-1024 to FIP 203 version. +- Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and Kyber-1024 to work with AddressSanitizer. ### Digital signature schemes diff --git a/SECURITY.md b/SECURITY.md index 27f816db3..ae4c0e983 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,12 +4,12 @@ We only support the most recent release. -Using any code prior to 0.9.2 is strongly discouraged due to a [known security vulnerability in Kyber](https://github.com/open-quantum-safe/liboqs/releases/tag/0.9.2). +Using any code prior to 0.10.1 is strongly discouraged due to a [known security vulnerability in Kyber](https://github.com/open-quantum-safe/liboqs/releases/tag/0.10.1). | Version | Supported | | ------- | ------------------ | -| 0.10.0 | :white_check_mark: | -| < 0.10 | :x: | +| 0.11.0 | :white_check_mark: | +| < 0.11 | :x: | ## Reporting a Vulnerability Please follow [this information to report a vulnerability](https://openquantumsafe.org/liboqs/security.html#reporting-security-bugs). From fe3404aeb7b2a06be2851a2f9cac9d48b780d295 Mon Sep 17 00:00:00 2001 From: Spencer Wilson Date: Fri, 13 Sep 2024 18:57:35 -0400 Subject: [PATCH 2/9] Complete release notes Signed-off-by: Spencer Wilson --- RELEASE.md | 149 +++++++++++++++++++++++++++-------------------------- 1 file changed, 76 insertions(+), 73 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 7201e1c61..07ee07082 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -30,7 +30,9 @@ Release notes This is release candidate 1 of version 0.11.0 of liboqs. It was released on September 13, 2024. -This release updates ML-KEM implementations to their [final FIP 203](https://csrc.nist.gov/pubs/fips/203/final) versions (OQS continues to support NIST Round 3 version of Kyber for interoperability purposes). Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2). +This release updates ML-KEM implementations to their [final FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) versions (OQS continues to support NIST Round 3 version of Kyber for interoperability purposes). Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2). + +LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in [CONFIGURE.md](https://github.com/open-quantum-safe/liboqs/blob/0.11.0-rc1/CONFIGURE.md#stateful-hash-based-signatures). What's New ---------- @@ -45,86 +47,87 @@ This release continues from the 0.10.1 release of liboqs. ### Digital signature schemes -- Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification. -- ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87. +- LMS/XMSS: Added implementations of stateful hash-based signature schemes: [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). +- MAYO: Added portable C and AVX2 implementations of MAYO signature scheme from NIST Additional Signatures Round 1. +- CROSS: Added portable C and AVX2 implementations of CROSS signature scheme from NIST Additional Signatures Round 1. ### Other changes -- Improved thread safety. -- Added uninstall support via `ninja uninstall` -- Documented platforms by support tier in PLATFORMS.md. -- Added support for Zephyr RTOS. -- Improved support for macOS on Apple Silicon. -- Removed support for the "NIST-KAT" DRBG. -- Added extended KAT test programs. +- Added callback API to use custom implementations of AES, SHA2, and SHA3. +- Refactor SHA3 implementation to use OpenSSL's EVP_DigestSqueeze() API. --- Detailed changelog ------------------ -* PR template update & OpenSSL clarification by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1582 -* Use CMAKE_USE_PTHREADS_INIT by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1576 -* Add section to CONFIGURE.md link by @iyanmv in https://github.com/open-quantum-safe/liboqs/pull/1578 -* Run copy_from_upstream and test by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1589 -* Support several pqclean upstream versions by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1595 -* Call Keccak_(X4_)Dispatch with pthread_once by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1549 -* minor updates by @vsoftco in https://github.com/open-quantum-safe/liboqs/pull/1600 -* Pull new HQC implementation from upstream by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1585 -* add uninstall support by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1604 -* Ensure generic OQS_OPT_TARGET in weekly CT tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1618 -* update .travis.yml by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1629 -* Pull latest Kyber version from upstream by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1631 -* platform support documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1605 -* Add support for Zephyr RTOS by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1621 -* Apply patch to Kyber aarch64 code from PQClean for variable-time division issue. by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1636 -* Fix BIKE constant-time errors by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1632 -* Fix falcon constant time check in Valgrind by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1646 -* Correct cmake version requirement by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1643 -* Pull Kyber division fixes from PQ-Crystals into main by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1649 -* Bump gitpython from 3.1.37 to 3.1.41 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1659 -* Zephyr: fixes for platform support by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1658 -* Bump jinja2 from 2.11.3 to 3.1.3 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1661 -* Riscv zephyr support by @trigpolynom in https://github.com/open-quantum-safe/liboqs/pull/1641 -* Zephyr: CMake fixes by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1664 -* Clarify that copyright is held by authors and not the project itself [skip ci] by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1668 -* Make internal API available to (only) test programs by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1667 -* Remove reference to old BIKE variants from CONFIGURE.md [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1669 -* Add a document describing our subproject governance by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1675 -* Set the correct compile flag for the memory sanitizer build by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1680 -* Test against all 100 KAT values by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1560 -* Update BIKE documentation to exclude x86 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1679 -* find_package(Threads) regardless of BUILD_ONLY_LIB by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1653 -* Call set_available_cpu_extensions using pthread_once by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1671 -* Discontinue AppVeyor CI testing by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1682 -* Run oqs-provider release tests in CI on release candidate branches by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1654 -* Fix link in GOVERNANCE.md by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1686 -* Rename weekly runs and skip Falcon-1024 [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1684 -* Update McEliece suppression files for generic config by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1677 -* Update SPHINCS+ "clean" suppression files by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1683 -* Update Sphincs+ Markdown documentation from YAML by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1690 -* properly document release support level [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1688 -* set(OQS_USE_PTHREADS OFF) on MinGW/Cygwin by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1695 -* Fix cross compilation and test in CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1696 -* update brew install instructions to use openssl@3 instead of openssl@1.1.1 [skip ci] by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1701 -* Add ML-DSA-ipd and ML-KEM-ipd & NIST supplied test vectors by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1626 -* Small fixes after adding ML-\* by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1702 -* Move MacOS CI tests to GitHub Actions; add M1 CI tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1709 -* Update liboqs readme to point to oqs-provider instead of deprecated openssl1.1.1 fork [skip ci] by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1699 -* Fix for the Zephyr CI tests by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1714 -* remove references to unsupported openssh [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1713 -* fix documentation generation by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1715 -* Support Falcon PADDED format by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1710 -* Fix for alg_support.cmake by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1716 -* Fix SPHINCS+ naming in CT tests [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1720 -* improve algorithm documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1721 -* Always build "internal" library as static by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1725 +* [NFCI] Move Keccak rhotates tables to rodata by @aaupov in https://github.com/open-quantum-safe/liboqs/pull/1739 +* Document Fix by @pi-314159 in https://github.com/open-quantum-safe/liboqs/pull/1735 +* Add option to dynamically load libcrypto.so.* by @ueno in https://github.com/open-quantum-safe/liboqs/pull/1603 +* Allow windows linking of test programs by @matlimatli in https://github.com/open-quantum-safe/liboqs/pull/1751 +* Refactor OpenSSL Implementation of SHA3 SHAKE to use new Squeeze API by @Eddy-M-K in https://github.com/open-quantum-safe/liboqs/pull/1694 +* remove "maximum" words for most length fields by @wangweij in https://github.com/open-quantum-safe/liboqs/pull/1747 +* add compile_commands.json to .gitignore by @carsonRadtke in https://github.com/open-quantum-safe/liboqs/pull/1754 +* Fix linking of test programs on msys by @d0p1s4m4 in https://github.com/open-quantum-safe/liboqs/pull/1758 +* restrict Windows platform support documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1762 +* Add workflow dispatch to action by @ryjones in https://github.com/open-quantum-safe/liboqs/pull/1778 +* Bump jinja2 from 3.1.3 to 3.1.4 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1782 +* Algorithm selection clarification by @beldmit in https://github.com/open-quantum-safe/liboqs/pull/1784 +* Use OPENSSL_cleanse if OpenSSL is used by @bencemali in https://github.com/open-quantum-safe/liboqs/pull/1773 +* Errors not printed out when OPENSSL_NO_STDIO is set by @bencemali in https://github.com/open-quantum-safe/liboqs/pull/1774f +* Add Stateful Signature (XMSS and LMS) by @ashman-p in https://github.com/open-quantum-safe/liboqs/pull/1650 +* Forward-declare OQS_SIG in sig_stfl.h by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1820 +* Move Linux ARM64 "build" test from CircleCI to GitHub Actions by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1814 +* Fix test_alg_info.py on Windows platform by @qnfm in https://github.com/open-quantum-safe/liboqs/pull/1821 +* Increment version string to 0.10.2-dev by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1813 +* Add XMSS-SHA256_{10, 16, 20}_192 parameters by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1817 +* Add XMSS-SHAKE256_{10, 16, 20}_192 parameters by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1818 +* Add XMSS-SHAKE256_{10, 16, 20}_256 parameters by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1819 +* Create scorecard.yml (OpenSSF) by @planetf1 in https://github.com/open-quantum-safe/liboqs/pull/1708 +* Expose callback API for replacing low-level cryptographic primitives by @ueno in https://github.com/open-quantum-safe/liboqs/pull/1832 +* Add MAYO signature scheme from NIST onramp by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1707 +* Bump zipp from 3.4.0 to 3.19.1 in /scripts/copy_from_upstream in the pip group by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1836 +* Update and fix CI status badges by @anvega in https://github.com/open-quantum-safe/liboqs/pull/1844 +* Use `cmake -LA -N` instead of `cmake -LA` in CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1848 +* Fix passes.json entries for MAYO by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1852 +* ML-KEM NIST tests, fix order of d and z by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1854 +* Move from CircleCI to GitHub Actions by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1849 +* Add a convenience script for consistent astyle formatting by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1861 +* Quick fixes from Trail of Bits audit Week 1 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1869 +* Check return value of fscanf in LMS/XMSS KAT tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1874 +* Fix downstream CI trigger by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1857 +* Don't hardcode OPENSSL_ROOT_DIR to /usr on Linux by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1873 +* Fix overflow in stateful sigs tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1887 +* Integrate Kyber from libjade by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1745 +* Use explicit_memset if available. NetBSD has support for it: by @loganaden in https://github.com/open-quantum-safe/liboqs/pull/1872 +* Disable erroring TravisCI build by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1901 +* Update OpenSSH downstream branch to OQS-v9 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1898 +* Fix incorrect formatting in unix.yml by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1902 +* CMakeLists: add ppc case to known archs by @barracuda156 in https://github.com/open-quantum-safe/liboqs/pull/1816 +* Remove old ad hoc CI for Apple M1 by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1907 +* Add ML-KEM / FIPS203 final by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1899 +* Update checkout action in weekly.yml by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1908 +* Add CROSS by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/1881 +* Refactor liboqs CI and update Ubuntu images by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1909 +* Check workflows for issues during CI by @jplomas in https://github.com/open-quantum-safe/liboqs/pull/1916 +* Patch Kyber to fix ASAN error on ARM64 by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1922 ## New Contributors -* @zxjtan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1576 -* @iyanmv made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1578 -* @Frauschi made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1621 -* @cothan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1646 -* @trigpolynom made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1641 - -**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.9.2...0.10.0 +* @aaupov made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1739 +* @pi-314159 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1735 +* @ueno made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1603 +* @matlimatli made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1751 +* @Eddy-M-K made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1694 +* @wangweij made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1747 +* @carsonRadtke made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1754 +* @d0p1s4m4 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1758 +* @ryjones made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1778 +* @bencemali made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1773 +* @qnfm made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1821 +* @anvega made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1844 +* @loganaden made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1872 +* @barracuda156 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1816 +* @rtjk made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1881 +* @jplomas made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1916 + +**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.10.1...0.11.0-rc1 From 28e6f1ce695426715879297e7b126ed5e8a38445 Mon Sep 17 00:00:00 2001 From: Spencer Wilson Date: Fri, 13 Sep 2024 18:59:03 -0400 Subject: [PATCH 3/9] Remove references to profiling, liboqs-java, and liboqs-dotnet Signed-off-by: Spencer Wilson --- RELEASE.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 07ee07082..39b57448b 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -14,14 +14,12 @@ liboqs can be used with the following Open Quantum Safe application integrations - **OQS-BoringSSL**: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl. - **OQS-OpenSSH**: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh. -Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/. +Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. liboqs can also be used in the following programming languages via language-specific wrappers: - C++, via https://github.com/open-quantum-safe/liboqs-cpp - Go, via https://github.com/open-quantum-safe/liboqs-go -- Java, via https://github.com/open-quantum-safe/liboqs-java -- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet - Python 3, via https://github.com/open-quantum-safe/liboqs-python - Rust, via https://github.com/open-quantum-safe/liboqs-rust From e30c70d42bf6d685da8912cc1d676af50c530e55 Mon Sep 17 00:00:00 2001 From: Spencer Wilson Date: Fri, 13 Sep 2024 19:03:10 -0400 Subject: [PATCH 4/9] Bump SOVERSION Signed-off-by: Spencer Wilson --- src/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index debc9c59a..947d3757e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -121,7 +121,7 @@ set_target_properties(oqs ARCHIVE_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/lib" LIBRARY_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/lib" VERSION ${OQS_VERSION_TEXT} - SOVERSION 5 + SOVERSION 6 # For Windows DLLs RUNTIME_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/bin") From a995354e730df1f938547ae637720ddc3898d51a Mon Sep 17 00:00:00 2001 From: Spencer Wilson Date: Thu, 26 Sep 2024 14:03:23 -0400 Subject: [PATCH 5/9] Remove "rc1" Signed-off-by: Spencer Wilson --- RELEASE.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 39b57448b..8cf9c235e 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,4 +1,4 @@ -liboqs version 0.11.0-rc1 +liboqs version 0.11.0 ===================== About @@ -26,11 +26,11 @@ liboqs can also be used in the following programming languages via language-spec Release notes ============= -This is release candidate 1 of version 0.11.0 of liboqs. It was released on September 13, 2024. +This is version 0.11.0 of liboqs. It was released on September 26, 2024. This release updates ML-KEM implementations to their [final FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) versions (OQS continues to support NIST Round 3 version of Kyber for interoperability purposes). Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2). -LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in [CONFIGURE.md](https://github.com/open-quantum-safe/liboqs/blob/0.11.0-rc1/CONFIGURE.md#stateful-hash-based-signatures). +LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in [CONFIGURE.md](https://github.com/open-quantum-safe/liboqs/blob/0.11.0/CONFIGURE.md#stateful-hash-based-signatures). What's New ---------- From 5d93bd9b9bea187578352b746af92b3586addf0e Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Thu, 26 Sep 2024 14:24:54 -0400 Subject: [PATCH 6/9] fixup! Remove "rc1" Signed-off-by: Pravek Sharma --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 19b3cbc3f..9fa330033 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,7 +34,7 @@ set(CMAKE_C_STANDARD 11) set(CMAKE_C_STANDARD_REQUIRED ON) set(CMAKE_POSITION_INDEPENDENT_CODE ON) set(CMAKE_C_VISIBILITY_PRESET hidden) -set(OQS_VERSION_TEXT "0.11.0-rc1") +set(OQS_VERSION_TEXT "0.11.0") set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}") set(OQS_MINIMAL_GCC_VERSION "7.1.0") set(CMAKE_EXPORT_COMPILE_COMMANDS ON) From fe205255ac79e38d9e1b853b112a1cf0f23193cf Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Thu, 26 Sep 2024 14:42:51 -0400 Subject: [PATCH 7/9] Update README.md Signed-off-by: Pravek Sharma --- RELEASE.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/RELEASE.md b/RELEASE.md index 8cf9c235e..fdee47e21 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -20,6 +20,7 @@ liboqs can also be used in the following programming languages via language-spec - C++, via https://github.com/open-quantum-safe/liboqs-cpp - Go, via https://github.com/open-quantum-safe/liboqs-go +- Java, via https://github.com/open-quantum-safe/liboqs-java - Python 3, via https://github.com/open-quantum-safe/liboqs-python - Rust, via https://github.com/open-quantum-safe/liboqs-rust @@ -28,7 +29,7 @@ Release notes This is version 0.11.0 of liboqs. It was released on September 26, 2024. -This release updates ML-KEM implementations to their [final FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) versions (OQS continues to support NIST Round 3 version of Kyber for interoperability purposes). Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2). +This release updates ML-KEM implementations to their [final FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) versions. This release still includes the NIST Round 3 version of Kyber for interoperability purposes, but we plan to remove Kyber Round 3 in a future release. Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2). LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in [CONFIGURE.md](https://github.com/open-quantum-safe/liboqs/blob/0.11.0/CONFIGURE.md#stateful-hash-based-signatures). From 8a5a175beac9a0440ec61ba1a38ceb2196aff904 Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Thu, 26 Sep 2024 16:46:22 -0400 Subject: [PATCH 8/9] fixup! Update README.md Signed-off-by: Pravek Sharma --- RELEASE.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index fdee47e21..2ef5134ab 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -73,7 +73,7 @@ Detailed changelog * Bump jinja2 from 3.1.3 to 3.1.4 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1782 * Algorithm selection clarification by @beldmit in https://github.com/open-quantum-safe/liboqs/pull/1784 * Use OPENSSL_cleanse if OpenSSL is used by @bencemali in https://github.com/open-quantum-safe/liboqs/pull/1773 -* Errors not printed out when OPENSSL_NO_STDIO is set by @bencemali in https://github.com/open-quantum-safe/liboqs/pull/1774f +* Errors not printed out when OPENSSL_NO_STDIO is set by @bencemali in https://github.com/open-quantum-safe/liboqs/pull/1774 * Add Stateful Signature (XMSS and LMS) by @ashman-p in https://github.com/open-quantum-safe/liboqs/pull/1650 * Forward-declare OQS_SIG in sig_stfl.h by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1820 * Move Linux ARM64 "build" test from CircleCI to GitHub Actions by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1814 @@ -110,6 +110,7 @@ Detailed changelog * Refactor liboqs CI and update Ubuntu images by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1909 * Check workflows for issues during CI by @jplomas in https://github.com/open-quantum-safe/liboqs/pull/1916 * Patch Kyber to fix ASAN error on ARM64 by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1922 +* Change README links to be doxygen-friendly by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1927 ## New Contributors * @aaupov made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1739 @@ -129,4 +130,4 @@ Detailed changelog * @rtjk made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1881 * @jplomas made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1916 -**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.10.1...0.11.0-rc1 +**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.10.1...0.11.0 \ No newline at end of file From 6f30d7ef49ca590979d7a085cd662f00bb6855fe Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Fri, 27 Sep 2024 11:13:21 -0400 Subject: [PATCH 9/9] Fix release date in RELEASE.md Co-authored-by: Spencer Wilson Signed-off-by: Pravek Sharma --- RELEASE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE.md b/RELEASE.md index 2ef5134ab..e8a7273a7 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -27,7 +27,7 @@ liboqs can also be used in the following programming languages via language-spec Release notes ============= -This is version 0.11.0 of liboqs. It was released on September 26, 2024. +This is version 0.11.0 of liboqs. It was released on September 27, 2024. This release updates ML-KEM implementations to their [final FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) versions. This release still includes the NIST Round 3 version of Kyber for interoperability purposes, but we plan to remove Kyber Round 3 in a future release. Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2).