diff --git a/CMakeLists.txt b/CMakeLists.txt index 06e5bd193..0e700c0d5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,7 +34,7 @@ set(CMAKE_C_STANDARD 11) set(CMAKE_C_STANDARD_REQUIRED ON) set(CMAKE_POSITION_INDEPENDENT_CODE ON) set(CMAKE_C_VISIBILITY_PRESET hidden) -set(OQS_VERSION_TEXT "0.10.0-dev") +set(OQS_VERSION_TEXT "0.10.0") set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}") set(OQS_MINIMAL_GCC_VERSION "7.1.0") set(CMAKE_EXPORT_COMPILE_COMMANDS ON) diff --git a/RELEASE.md b/RELEASE.md index 40cc02e13..6d022bb3b 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,5 +1,5 @@ -liboqs version 0.9.0 -==================== +liboqs version 0.10.0 +===================== About ----- @@ -28,78 +28,103 @@ liboqs can also be used in the following programming languages via language-spec Release notes ============= -This is version 0.9.0 of liboqs. It was released on October 12, 2023. +This is version 0.10.0 of liboqs. It was released on March 20, 2024. -This release features an update to the Classic McEliece KEM, bringing it in line with NIST Round 4. It also adds or updates ARM implementations for Kyber, Dilithium, and Falcon. +This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of [FIPS 203](https://csrc.nist.gov/pubs/fips/203/ipd) and [FIPS 204](https://csrc.nist.gov/pubs/fips/204/ipd), respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures. What's New ---------- -This release continues from the 0.8.0 release of liboqs. +This release continues from the 0.9.2 release of liboqs. ### Key encapsulation mechanisms -- Classic McEliece: updated to Round 4 version. -- Kyber: aarch64 implementation updated. +- BIKE: Updated portable C implementation to include constant-time fixes from upstream. +- HQC: Updated to NIST Round 4 version. +- ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024. ### Digital signature schemes -- Dilithium: aarch64 implementation updated. -- Falcon: aarch64 implementation added. +- Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification. +- ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87. ### Other changes -- Update algorithm documentation -- Support compilation for Windows on ARM64, Apple mobile, and Android platforms -- Improve resilience of randombytes on Apple systems - -Release call -============ - -Users of liboqs are invited to join a webinar on Thursday, November 2, 2023, from 12-1pm US Eastern time for information on this release, plans for the next release cycle, and to provide feedback on OQS usage and features. - -The Zoom link for the webinar is: https://uwaterloo.zoom.us/j/98288698086 +- Improved thread safety. +- Added uninstall support via `ninja uninstall` +- Documented platforms by support tier in PLATFORMS.md. +- Added support for Zephyr RTOS. +- Improved support for macOS on Apple Silicon. +- Removed support for the "NIST-KAT" DRBG. +- Added extended KAT test programs. --- Detailed changelog ------------------ -* Fix libdir value in liboqs.pc by @vt-alt in https://github.com/open-quantum-safe/liboqs/pull/1496 -* update version and remove CCI triggers by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1498 -* create deb package and retain as artifact by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1501 -* README correction to docs path & additional gitignore to macos + vscode by @planetf1 in https://github.com/open-quantum-safe/liboqs/pull/1503 -* Trigger liboqs-python CI via GitHub API by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1507 -* Update Classic McEliece by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1470 -* update BIKE documentation by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1509 -* kyber/dilithium aarch64 pull from pqclean + patches by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1512 -* Pull Falcon updates from PQClean by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1523 -* Bump XCode by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1526 -* Update Classic McEliece supression files by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1527 -* Bump gitpython from 3.1.30 to 3.1.32 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1524 -* ci: add CI for android by @res0nance in https://github.com/open-quantum-safe/liboqs/pull/1531 -* re-enable armhf speed testing by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1535 -* Bump gitpython from 3.1.32 to 3.1.34 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1538 -* Prefer arc4random on Apple platforms by @res0nance in https://github.com/open-quantum-safe/liboqs/pull/1544 -* Bump gitpython from 3.1.34 to 3.1.35 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1551 -* Update Classic McEliece suppression files by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1541 -* Pull Neon implementation of Falcon from PQClean by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1547 -* ci: add CI for apple mobile platforms by @res0nance in https://github.com/open-quantum-safe/liboqs/pull/1546 -* Add Windows ARM64 support by @res0nance in https://github.com/open-quantum-safe/liboqs/pull/1545 -* Document Falcon constant time errors by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1552 -* ci: github actions CI for Windows x86 and x64 by @res0nance in https://github.com/open-quantum-safe/liboqs/pull/1554 -* build: Align VS test folder with all other Generators by @res0nance in https://github.com/open-quantum-safe/liboqs/pull/1557 -* Fix weekly.yml to skip McEliece by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1562 -* Enable extensions in constant-time tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1567 -* Update Classic McEliece supression files by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1568 -* liboqs 0.9.0 release candidate 1 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1570 -* add community standard documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1565 -* Bump gitpython from 3.1.35 to 3.1.37 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1575 +* PR template update & OpenSSL clarification by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1582 +* Use CMAKE_USE_PTHREADS_INIT by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1576 +* Add section to CONFIGURE.md link by @iyanmv in https://github.com/open-quantum-safe/liboqs/pull/1578 +* Run copy_from_upstream and test by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1589 +* Support several pqclean upstream versions by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1595 +* Call Keccak_(X4_)Dispatch with pthread_once by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1549 +* minor updates by @vsoftco in https://github.com/open-quantum-safe/liboqs/pull/1600 +* Pull new HQC implementation from upstream by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1585 +* add uninstall support by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1604 +* Ensure generic OQS_OPT_TARGET in weekly CT tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1618 +* update .travis.yml by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1629 +* Pull latest Kyber version from upstream by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1631 +* platform support documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1605 +* Add support for Zephyr RTOS by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1621 +* Apply patch to Kyber aarch64 code from PQClean for variable-time division issue. by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1636 +* Fix BIKE constant-time errors by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1632 +* Fix falcon constant time check in Valgrind by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1646 +* Correct cmake version requirement by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1643 +* Pull Kyber division fixes from PQ-Crystals into main by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1649 +* Bump gitpython from 3.1.37 to 3.1.41 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1659 +* Zephyr: fixes for platform support by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1658 +* Bump jinja2 from 2.11.3 to 3.1.3 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1661 +* Riscv zephyr support by @trigpolynom in https://github.com/open-quantum-safe/liboqs/pull/1641 +* Zephyr: CMake fixes by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1664 +* Clarify that copyright is held by authors and not the project itself [skip ci] by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1668 +* Make internal API available to (only) test programs by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1667 +* Remove reference to old BIKE variants from CONFIGURE.md [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1669 +* Add a document describing our subproject governance by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1675 +* Set the correct compile flag for the memory sanitizer build by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1680 +* Test against all 100 KAT values by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1560 +* Update BIKE documentation to exclude x86 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1679 +* find_package(Threads) regardless of BUILD_ONLY_LIB by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1653 +* Call set_available_cpu_extensions using pthread_once by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1671 +* Discontinue AppVeyor CI testing by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1682 +* Run oqs-provider release tests in CI on release candidate branches by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1654 +* Fix link in GOVERNANCE.md by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1686 +* Rename weekly runs and skip Falcon-1024 [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1684 +* Update McEliece suppression files for generic config by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1677 +* Update SPHINCS+ "clean" suppression files by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1683 +* Update Sphincs+ Markdown documentation from YAML by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1690 +* properly document release support level [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1688 +* set(OQS_USE_PTHREADS OFF) on MinGW/Cygwin by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1695 +* Fix cross compilation and test in CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1696 +* update brew install instructions to use openssl@3 instead of openssl@1.1.1 [skip ci] by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1701 +* Add ML-DSA-ipd and ML-KEM-ipd & NIST supplied test vectors by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1626 +* Small fixes after adding ML-\* by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1702 +* Move MacOS CI tests to GitHub Actions; add M1 CI tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1709 +* Update liboqs readme to point to oqs-provider instead of deprecated openssl1.1.1 fork [skip ci] by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1699 +* Fix for the Zephyr CI tests by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1714 +* remove references to unsupported openssh [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1713 +* fix documentation generation by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1715 +* Support Falcon PADDED format by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1710 +* Fix for alg_support.cmake by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1716 +* Fix SPHINCS+ naming in CT tests [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1720 +* improve algorithm documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1721 +* Always build "internal" library as static by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1725 ## New Contributors -* @planetf1 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1503 -* @SWilson4 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1507 -* @praveksharma made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1470 -* @res0nance made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1531 +* @zxjtan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1576 +* @iyanmv made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1578 +* @Frauschi made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1621 +* @cothan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1646 +* @trigpolynom made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1641 -**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.8.0...0.9.0 +**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.9.2...0.10.0 diff --git a/SECURITY.md b/SECURITY.md index 3bc1208aa..27f816db3 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,15 +4,12 @@ We only support the most recent release. -Using any prior code is strongly discouraged due to a [known security vulnerability in Kyber](https://github.com/open-quantum-safe/liboqs/releases/tag/0.9.2). +Using any code prior to 0.9.2 is strongly discouraged due to a [known security vulnerability in Kyber](https://github.com/open-quantum-safe/liboqs/releases/tag/0.9.2). | Version | Supported | | ------- | ------------------ | -| 0.9.2 | :white_check_mark: | -| 0.9.1 | :x: | -| 0.9.0 | :x: | -| 0.8.0 | :x: | -| < 0.8 | :x: | +| 0.10.0 | :white_check_mark: | +| < 0.10 | :x: | ## Reporting a Vulnerability Please follow [this information to report a vulnerability](https://openquantumsafe.org/liboqs/security.html#reporting-security-bugs).