Skip to content

Commit

Permalink
0.8.0 branch (#593)
Browse files Browse the repository at this point in the history
* Store generate.yml as generate.yml-0.12.0

Signed-off-by: Pravek Sharma <[email protected]>

* Bump OQSPROVIDER_VERSION_TEXT

Signed-off-by: Pravek Sharma <[email protected]>

* Update SECURITY.md

Signed-off-by: Pravek Sharma <[email protected]>

* Point CI to liboqs 0.12.0 and OpenSSL 3.4.0

Signed-off-by: Pravek Sharma <[email protected]>

* Update 0.8.0-rc1 release notes

Signed-off-by: Pravek Sharma <[email protected]>

* Update RELEASE.md

Signed-off-by: Pravek Sharma <[email protected]>

* remove rc1 tags

Signed-off-by: Michael Baentsch <[email protected]>

* also announce removal of Dilithium [skip ci]

Signed-off-by: Michael Baentsch <[email protected]>

---------

Signed-off-by: Pravek Sharma <[email protected]>
Signed-off-by: Michael Baentsch <[email protected]>
Co-authored-by: Michael Baentsch <[email protected]>
  • Loading branch information
praveksharma and baentsch authored Dec 24, 2024
1 parent f7228d2 commit ec1e843
Show file tree
Hide file tree
Showing 7 changed files with 1,729 additions and 14 deletions.
12 changes: 6 additions & 6 deletions .github/workflows/linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
image: openquantumsafe/ci-ubuntu-jammy:latest
env:
MAKE_PARAMS: "-j 18"
LIBOQS_BRANCH: "main"
LIBOQS_BRANCH: "0.12.0"
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
Expand All @@ -38,7 +38,7 @@ jobs:
strategy:
fail-fast: false
matrix:
ossl-branch: [openssl-3.3.2, master]
ossl-branch: [openssl-3.4.0, master]
libjade-build:
- "ON"
- "OFF"
Expand All @@ -59,7 +59,7 @@ jobs:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Full build
run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=main OQS_LIBJADE_BUILD=${{ matrix.libjade-build }} ./scripts/fullbuild.sh
run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=0.12.0 OQS_LIBJADE_BUILD=${{ matrix.libjade-build }} ./scripts/fullbuild.sh
- name: Enable sibling oqsprovider for testing
run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
- name: Test
Expand Down Expand Up @@ -103,7 +103,7 @@ jobs:
CXX: "clang++"
ASAN_C_FLAGS: "-fsanitize=address -fno-omit-frame-pointer"
ASAN_OPTIONS: "detect_stack_use_after_return=1,detect_leaks=1"
OPENSSL_BRANCH: "openssl-3.3.2"
OPENSSL_BRANCH: "openssl-3.4.0"
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
Expand All @@ -127,7 +127,7 @@ jobs:
- name: Clone and build liboqs with ASan
run: |
git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs
git clone --depth=1 --branch 0.12.0 https://github.com/open-quantum-safe/liboqs.git liboqs
cd liboqs
mkdir build install
cmake -GNinja -B build \
Expand Down Expand Up @@ -209,7 +209,7 @@ jobs:
- name: Clone and build liboqs for linux-aarch64
working-directory: /opt/
run: |
git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs
git clone --depth=1 --branch 0.12.0 https://github.com/open-quantum-safe/liboqs.git liboqs
cd liboqs
mkdir build install
cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/macos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ jobs:
with:
set-safe-directory: true
repository: open-quantum-safe/liboqs
ref: main
ref: 0.12.0
path: liboqs
- name: Retrieve OpenSSL32 from cache
id: cache-openssl32
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
with:
set-safe-directory: true
repository: open-quantum-safe/liboqs
ref: main
ref: 0.12.0
path: liboqs
- name: Install cygwin
uses: cygwin/cygwin-install-action@master
Expand Down Expand Up @@ -139,7 +139,7 @@ jobs:
with:
set-safe-directory: true
repository: open-quantum-safe/liboqs
ref: main
ref: 0.12.0
path: liboqs
- uses: ilammy/msvc-dev-cmd@v1
with:
Expand Down Expand Up @@ -253,7 +253,7 @@ jobs:
with:
set-safe-directory: true
repository: open-quantum-safe/liboqs
ref: main
ref: 0.12.0
path: liboqs
- uses: ilammy/msvc-dev-cmd@v1
with:
Expand Down
2 changes: 1 addition & 1 deletion CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ else()
cmake_minimum_required(VERSION 3.5 FATAL_ERROR)
endif()
project(oqs-provider LANGUAGES C)
set(OQSPROVIDER_VERSION_TEXT "0.7.1-dev")
set(OQSPROVIDER_VERSION_TEXT "0.8.0")
set(CMAKE_C_STANDARD 11)
set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON)
if(CMAKE_BUILD_TYPE STREQUAL "Debug")
Expand Down
44 changes: 42 additions & 2 deletions RELEASE.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# oqs-provider 0.7.1-dev
# oqs-provider 0.8.0

## About

Expand All @@ -14,7 +14,47 @@ Further details on building, testing and use can be found in [README.md](https:/

## Release notes

This is version 0.7.1-dev of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.12.0 of `liboqs` as and when released.
This is version 0.8.0 of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.12.0 of `liboqs`.

### Deprecation notice

This is to notify users of Kyber and Dilithium (Round 3 version) to switch to the ML-KEM (FIPS 203 final version) and ML-DSA (FIPS 204 final version), respectively, as support for both will be removed with the next release of oqsprovider.

### Security considerations

* CVE-2024-54137: The associated liboqs v0.12.0 release fixed a bug in HQC decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.

### What's New

In addition to improving testing, CI, and fixing platform specific build issues this release of oqs-provider:

* Updates IANA code points for ML-KEM and changes FrodoKEM code points.
* Adds support for ML-DSA (FIPS 204 final version).
* Adds support for context strings in OpenSSL versions >= 3.2.
* Updates the implementation of draft-ietf-lamps-pq-composite-sigs from version 01 to version 02.
* Adds a SBOM template in the CycloneDX 1.6 format.
* Adds support for DTLS 1.3 (pending support in OpenSSL).

## What's Changed
* Switch to dev mode again by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/535
* Add alexrow to CODEOWNERS by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/537
* Correct 0.7.0 release notes by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/540
* switch doc to release, add backlevel liboqs support by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/544
* fix file location error in P12 test by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/546
* update MLKEM code points by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/559
* Composite sigs update by @feventura in https://github.com/open-quantum-safe/oqs-provider/pull/549
* Remove macos-12 runner due to GitHub deprecation. by @SWilson4 in https://github.com/open-quantum-safe/oqs-provider/pull/563
* update IANA code points for ML-KEM by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/577
* Adding version-conditional context string support by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/583
* Tracker for FIPS204 / ML-DSA by @bhess in https://github.com/open-quantum-safe/oqs-provider/pull/568
* Add a SBOM template in CycloneDX format by @hughsie in https://github.com/open-quantum-safe/oqs-provider/pull/585
* Changes needed when building with a static libcrypto on Linux by @ashman-p in https://github.com/open-quantum-safe/oqs-provider/pull/584
* Add DTLS 1.3 support by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/586

## New Contributors
* @hughsie made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/585

**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.7.0...0.8.0

Previous Release Notes
======================
Expand Down
3 changes: 2 additions & 1 deletion SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ We only support the most recent release.

| Version | Supported |
| ------- | ------------------ |
| 0.7.0 | :white_check_mark: |
| 0.8.0 | :white_check_mark: |
| 0.7.0 | :x: |
| 0.6.1 | :x: |
| 0.6.0 | :x: |
| 0.5.3 | :x: |
Expand Down
Loading

0 comments on commit ec1e843

Please sign in to comment.