-
Notifications
You must be signed in to change notification settings - Fork 470
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Spencer Wilson <[email protected]>
- Loading branch information
Showing
1 changed file
with
76 additions
and
73 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -30,7 +30,9 @@ Release notes | |
|
|
||
| This is release candidate 1 of version 0.11.0 of liboqs. It was released on September 13, 2024. | ||
|
|
||
| This release updates ML-KEM implementations to their [final FIP 203](https://csrc.nist.gov/pubs/fips/203/final) versions (OQS continues to support NIST Round 3 version of Kyber for interoperability purposes). Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2). | ||
| This release updates ML-KEM implementations to their [final FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) versions (OQS continues to support NIST Round 3 version of Kyber for interoperability purposes). Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2). | ||
|
|
||
| LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in [CONFIGURE.md](https://github.com/open-quantum-safe/liboqs/blob/0.11.0-rc1/CONFIGURE.md#stateful-hash-based-signatures). | ||
|
|
||
| What's New | ||
| ---------- | ||
|
|
@@ -45,86 +47,87 @@ This release continues from the 0.10.1 release of liboqs. | |
|
|
||
| ### Digital signature schemes | ||
|
|
||
| - Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification. | ||
| - ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87. | ||
| - LMS/XMSS: Added implementations of stateful hash-based signature schemes: [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). | ||
| - MAYO: Added portable C and AVX2 implementations of MAYO signature scheme from NIST Additional Signatures Round 1. | ||
| - CROSS: Added portable C and AVX2 implementations of CROSS signature scheme from NIST Additional Signatures Round 1. | ||
|
|
||
| ### Other changes | ||
|
|
||
| - Improved thread safety. | ||
| - Added uninstall support via `ninja uninstall` | ||
| - Documented platforms by support tier in PLATFORMS.md. | ||
| - Added support for Zephyr RTOS. | ||
| - Improved support for macOS on Apple Silicon. | ||
| - Removed support for the "NIST-KAT" DRBG. | ||
| - Added extended KAT test programs. | ||
| - Added callback API to use custom implementations of AES, SHA2, and SHA3. | ||
| - Refactor SHA3 implementation to use OpenSSL's EVP_DigestSqueeze() API. | ||
|
|
||
| --- | ||
|
|
||
| Detailed changelog | ||
| ------------------ | ||
|
|
||
| * PR template update & OpenSSL clarification by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1582 | ||
| * Use CMAKE_USE_PTHREADS_INIT by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1576 | ||
| * Add section to CONFIGURE.md link by @iyanmv in https://github.com/open-quantum-safe/liboqs/pull/1578 | ||
| * Run copy_from_upstream and test by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1589 | ||
| * Support several pqclean upstream versions by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1595 | ||
| * Call Keccak_(X4_)Dispatch with pthread_once by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1549 | ||
| * minor updates by @vsoftco in https://github.com/open-quantum-safe/liboqs/pull/1600 | ||
| * Pull new HQC implementation from upstream by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1585 | ||
| * add uninstall support by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1604 | ||
| * Ensure generic OQS_OPT_TARGET in weekly CT tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1618 | ||
| * update .travis.yml by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1629 | ||
| * Pull latest Kyber version from upstream by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1631 | ||
| * platform support documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1605 | ||
| * Add support for Zephyr RTOS by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1621 | ||
| * Apply patch to Kyber aarch64 code from PQClean for variable-time division issue. by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1636 | ||
| * Fix BIKE constant-time errors by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1632 | ||
| * Fix falcon constant time check in Valgrind by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1646 | ||
| * Correct cmake version requirement by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1643 | ||
| * Pull Kyber division fixes from PQ-Crystals into main by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1649 | ||
| * Bump gitpython from 3.1.37 to 3.1.41 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1659 | ||
| * Zephyr: fixes for platform support by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1658 | ||
| * Bump jinja2 from 2.11.3 to 3.1.3 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1661 | ||
| * Riscv zephyr support by @trigpolynom in https://github.com/open-quantum-safe/liboqs/pull/1641 | ||
| * Zephyr: CMake fixes by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1664 | ||
| * Clarify that copyright is held by authors and not the project itself [skip ci] by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1668 | ||
| * Make internal API available to (only) test programs by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1667 | ||
| * Remove reference to old BIKE variants from CONFIGURE.md [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1669 | ||
| * Add a document describing our subproject governance by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1675 | ||
| * Set the correct compile flag for the memory sanitizer build by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1680 | ||
| * Test against all 100 KAT values by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1560 | ||
| * Update BIKE documentation to exclude x86 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1679 | ||
| * find_package(Threads) regardless of BUILD_ONLY_LIB by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1653 | ||
| * Call set_available_cpu_extensions using pthread_once by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1671 | ||
| * Discontinue AppVeyor CI testing by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1682 | ||
| * Run oqs-provider release tests in CI on release candidate branches by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1654 | ||
| * Fix link in GOVERNANCE.md by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1686 | ||
| * Rename weekly runs and skip Falcon-1024 [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1684 | ||
| * Update McEliece suppression files for generic config by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1677 | ||
| * Update SPHINCS+ "clean" suppression files by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1683 | ||
| * Update Sphincs+ Markdown documentation from YAML by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1690 | ||
| * properly document release support level [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1688 | ||
| * set(OQS_USE_PTHREADS OFF) on MinGW/Cygwin by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1695 | ||
| * Fix cross compilation and test in CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1696 | ||
| * update brew install instructions to use openssl@3 instead of [email protected] [skip ci] by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1701 | ||
| * Add ML-DSA-ipd and ML-KEM-ipd & NIST supplied test vectors by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1626 | ||
| * Small fixes after adding ML-\* by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1702 | ||
| * Move MacOS CI tests to GitHub Actions; add M1 CI tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1709 | ||
| * Update liboqs readme to point to oqs-provider instead of deprecated openssl1.1.1 fork [skip ci] by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1699 | ||
| * Fix for the Zephyr CI tests by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1714 | ||
| * remove references to unsupported openssh [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1713 | ||
| * fix documentation generation by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1715 | ||
| * Support Falcon PADDED format by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1710 | ||
| * Fix for alg_support.cmake by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1716 | ||
| * Fix SPHINCS+ naming in CT tests [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1720 | ||
| * improve algorithm documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1721 | ||
| * Always build "internal" library as static by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1725 | ||
| * [NFCI] Move Keccak rhotates tables to rodata by @aaupov in https://github.com/open-quantum-safe/liboqs/pull/1739 | ||
| * Document Fix by @pi-314159 in https://github.com/open-quantum-safe/liboqs/pull/1735 | ||
| * Add option to dynamically load libcrypto.so.* by @ueno in https://github.com/open-quantum-safe/liboqs/pull/1603 | ||
| * Allow windows linking of test programs by @matlimatli in https://github.com/open-quantum-safe/liboqs/pull/1751 | ||
| * Refactor OpenSSL Implementation of SHA3 SHAKE to use new Squeeze API by @Eddy-M-K in https://github.com/open-quantum-safe/liboqs/pull/1694 | ||
| * remove "maximum" words for most length fields by @wangweij in https://github.com/open-quantum-safe/liboqs/pull/1747 | ||
| * add compile_commands.json to .gitignore by @carsonRadtke in https://github.com/open-quantum-safe/liboqs/pull/1754 | ||
| * Fix linking of test programs on msys by @d0p1s4m4 in https://github.com/open-quantum-safe/liboqs/pull/1758 | ||
| * restrict Windows platform support documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1762 | ||
| * Add workflow dispatch to action by @ryjones in https://github.com/open-quantum-safe/liboqs/pull/1778 | ||
| * Bump jinja2 from 3.1.3 to 3.1.4 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1782 | ||
| * Algorithm selection clarification by @beldmit in https://github.com/open-quantum-safe/liboqs/pull/1784 | ||
| * Use OPENSSL_cleanse if OpenSSL is used by @bencemali in https://github.com/open-quantum-safe/liboqs/pull/1773 | ||
| * Errors not printed out when OPENSSL_NO_STDIO is set by @bencemali in https://github.com/open-quantum-safe/liboqs/pull/1774f | ||
| * Add Stateful Signature (XMSS and LMS) by @ashman-p in https://github.com/open-quantum-safe/liboqs/pull/1650 | ||
| * Forward-declare OQS_SIG in sig_stfl.h by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1820 | ||
| * Move Linux ARM64 "build" test from CircleCI to GitHub Actions by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1814 | ||
| * Fix test_alg_info.py on Windows platform by @qnfm in https://github.com/open-quantum-safe/liboqs/pull/1821 | ||
| * Increment version string to 0.10.2-dev by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1813 | ||
| * Add XMSS-SHA256_{10, 16, 20}_192 parameters by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1817 | ||
| * Add XMSS-SHAKE256_{10, 16, 20}_192 parameters by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1818 | ||
| * Add XMSS-SHAKE256_{10, 16, 20}_256 parameters by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1819 | ||
| * Create scorecard.yml (OpenSSF) by @planetf1 in https://github.com/open-quantum-safe/liboqs/pull/1708 | ||
| * Expose callback API for replacing low-level cryptographic primitives by @ueno in https://github.com/open-quantum-safe/liboqs/pull/1832 | ||
| * Add MAYO signature scheme from NIST onramp by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1707 | ||
| * Bump zipp from 3.4.0 to 3.19.1 in /scripts/copy_from_upstream in the pip group by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1836 | ||
| * Update and fix CI status badges by @anvega in https://github.com/open-quantum-safe/liboqs/pull/1844 | ||
| * Use `cmake -LA -N` instead of `cmake -LA` in CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1848 | ||
| * Fix passes.json entries for MAYO by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1852 | ||
| * ML-KEM NIST tests, fix order of d and z by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1854 | ||
| * Move from CircleCI to GitHub Actions by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1849 | ||
| * Add a convenience script for consistent astyle formatting by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1861 | ||
| * Quick fixes from Trail of Bits audit Week 1 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1869 | ||
| * Check return value of fscanf in LMS/XMSS KAT tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1874 | ||
| * Fix downstream CI trigger by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1857 | ||
| * Don't hardcode OPENSSL_ROOT_DIR to /usr on Linux by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1873 | ||
| * Fix overflow in stateful sigs tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1887 | ||
| * Integrate Kyber from libjade by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1745 | ||
| * Use explicit_memset if available. NetBSD has support for it: by @loganaden in https://github.com/open-quantum-safe/liboqs/pull/1872 | ||
| * Disable erroring TravisCI build by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1901 | ||
| * Update OpenSSH downstream branch to OQS-v9 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1898 | ||
| * Fix incorrect formatting in unix.yml by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1902 | ||
| * CMakeLists: add ppc case to known archs by @barracuda156 in https://github.com/open-quantum-safe/liboqs/pull/1816 | ||
| * Remove old ad hoc CI for Apple M1 by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1907 | ||
| * Add ML-KEM / FIPS203 final by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1899 | ||
| * Update checkout action in weekly.yml by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1908 | ||
| * Add CROSS by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/1881 | ||
| * Refactor liboqs CI and update Ubuntu images by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1909 | ||
| * Check workflows for issues during CI by @jplomas in https://github.com/open-quantum-safe/liboqs/pull/1916 | ||
| * Patch Kyber to fix ASAN error on ARM64 by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1922 | ||
|
|
||
| ## New Contributors | ||
| * @zxjtan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1576 | ||
| * @iyanmv made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1578 | ||
| * @Frauschi made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1621 | ||
| * @cothan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1646 | ||
| * @trigpolynom made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1641 | ||
|
|
||
| **Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.9.2...0.10.0 | ||
| * @aaupov made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1739 | ||
| * @pi-314159 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1735 | ||
| * @ueno made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1603 | ||
| * @matlimatli made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1751 | ||
| * @Eddy-M-K made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1694 | ||
| * @wangweij made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1747 | ||
| * @carsonRadtke made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1754 | ||
| * @d0p1s4m4 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1758 | ||
| * @ryjones made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1778 | ||
| * @bencemali made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1773 | ||
| * @qnfm made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1821 | ||
| * @anvega made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1844 | ||
| * @loganaden made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1872 | ||
| * @barracuda156 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1816 | ||
| * @rtjk made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1881 | ||
| * @jplomas made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1916 | ||
|
|
||
| **Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.10.1...0.11.0-rc1 | ||