0.8.0 branch

.github/workflows/linux.yml

@@ -21,7 +21,7 @@ jobs:
       image: openquantumsafe/ci-ubuntu-jammy:latest
     env:
       MAKE_PARAMS: "-j 18"
-      LIBOQS_BRANCH: "main"
+      LIBOQS_BRANCH: "0.12.0"
     steps:
       - name: Checkout code
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
@@ -38,7 +38,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ossl-branch: [openssl-3.3.2, master]
+        ossl-branch: [openssl-3.4.0, master]
         libjade-build:
           - "ON" 
           - "OFF"
@@ -59,7 +59,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
       - name: Full build
-        run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=main OQS_LIBJADE_BUILD=${{ matrix.libjade-build }} ./scripts/fullbuild.sh
+        run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=0.12.0 OQS_LIBJADE_BUILD=${{ matrix.libjade-build }} ./scripts/fullbuild.sh
       - name: Enable sibling oqsprovider for testing
         run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
       - name: Test
@@ -103,7 +103,7 @@ jobs:
       CXX: "clang++"
       ASAN_C_FLAGS: "-fsanitize=address -fno-omit-frame-pointer"
       ASAN_OPTIONS: "detect_stack_use_after_return=1,detect_leaks=1"
-      OPENSSL_BRANCH: "openssl-3.3.2"
+      OPENSSL_BRANCH: "openssl-3.4.0"
     steps:
       - name: Checkout code
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
@@ -127,7 +127,7 @@ jobs:
 
       - name: Clone and build liboqs with ASan
         run: |
-          git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs
+          git clone --depth=1 --branch 0.12.0 https://github.com/open-quantum-safe/liboqs.git liboqs
           cd liboqs
           mkdir build install
           cmake -GNinja -B build \
@@ -209,7 +209,7 @@ jobs:
       - name: Clone and build liboqs for linux-aarch64
         working-directory: /opt/
         run: |
-          git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs
+          git clone --depth=1 --branch 0.12.0 https://github.com/open-quantum-safe/liboqs.git liboqs
           cd liboqs
           mkdir build install
           cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \

.github/workflows/macos.yml

@@ -39,7 +39,7 @@ jobs:
         with:
           set-safe-directory: true
           repository: open-quantum-safe/liboqs
-          ref: main
+          ref: 0.12.0
           path: liboqs
       - name: Retrieve OpenSSL32 from cache
         id: cache-openssl32

.github/workflows/windows.yml

@@ -44,7 +44,7 @@ jobs:
         with:
           set-safe-directory: true
           repository: open-quantum-safe/liboqs
-          ref: main
+          ref: 0.12.0
           path: liboqs
       - name: Install cygwin
         uses: cygwin/cygwin-install-action@master
@@ -139,7 +139,7 @@ jobs:
         with:
           set-safe-directory: true
           repository: open-quantum-safe/liboqs
-          ref: main
+          ref: 0.12.0
           path: liboqs
       - uses: ilammy/msvc-dev-cmd@v1
         with:
@@ -253,7 +253,7 @@ jobs:
           with:
             set-safe-directory: true
             repository: open-quantum-safe/liboqs
-            ref: main
+            ref: 0.12.0
             path: liboqs
         - uses: ilammy/msvc-dev-cmd@v1
           with:

CMakeLists.txt

@@ -4,7 +4,7 @@ else()
 cmake_minimum_required(VERSION 3.5 FATAL_ERROR)
 endif()
 project(oqs-provider LANGUAGES C)
-set(OQSPROVIDER_VERSION_TEXT "0.7.1-dev")
+set(OQSPROVIDER_VERSION_TEXT "0.8.0-rc1")
 set(CMAKE_C_STANDARD 11)
 set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON)
 if(CMAKE_BUILD_TYPE STREQUAL "Debug")

RELEASE.md

@@ -1,4 +1,4 @@
-# oqs-provider 0.7.1-dev
+# oqs-provider 0.8.0 release candidate 1
 
 ## About
 
@@ -14,7 +14,48 @@ Further details on building, testing and use can be found in [README.md](https:/
 
 ## Release notes
 
-This is version 0.7.1-dev of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.12.0 of `liboqs` as and when released.
+This is version 0.8.0-rc1 of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.12.0 of `liboqs`.
+
+### Deprecation notice
+
+This is to notify users of Kyber (Round 3 version) to switch to the ML-KEM (FIPS 203 final version) as support for Kyber will be removed with the next release of liboqs and oqsprovider.
+
+The addition of ML-DSA FIPS 204 final version to liboqs v0.12.0 has introduced a new signature API which includes a context string parameter. The liboqs team is planning to remove the old version of the API without a context string in the next release to streamline the API and bring it in line with NIST specifications. Users who have an opinion on this removal are invited to provide input at [liboqs #2001](https://github.com/open-quantum-safe/liboqs/issues/2001).
+
+### Security considerations
+
+* CVE-2024-54137: The associated liboqs v0.12.0 release fixed a bug in HQC decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.
+
+### What's New
+
+In addition to improving testing, CI, and fixing platform specific build issues this release of oqs-provider:
+
+* Updates IANA code points for ML-KEM.
+* Adds support for ML-DSA (FIPS 204 final version).
+* Adds support for context strings (when built against an OpenSSL version also supporting that feature).
+* Updates the implementation of draft-ietf-lamps-pq-composite-sigs from version 01 to version 02.
+* Adds a SBOM template in the CycloneDX 1.6 format.
+
+## What's Changed
+* Switch to dev mode again by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/535
+* Add alexrow to CODEOWNERS by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/537
+* Correct 0.7.0 release notes by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/540
+* switch doc to release, add backlevel liboqs support by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/544
+* fix file location error in P12 test by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/546
+* update MLKEM code points by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/559
+* Composite sigs update by @feventura in https://github.com/open-quantum-safe/oqs-provider/pull/549
+* Remove macos-12 runner due to GitHub deprecation. by @SWilson4 in https://github.com/open-quantum-safe/oqs-provider/pull/563
+* update IANA code points for ML-KEM by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/577
+* Adding version-conditional context string support by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/583
+* Tracker for FIPS204 / ML-DSA by @bhess in https://github.com/open-quantum-safe/oqs-provider/pull/568
+* Add a SBOM template in CycloneDX format by @hughsie in https://github.com/open-quantum-safe/oqs-provider/pull/585
+* Changes needed when building with a static libcrypto on Linux by @ashman-p in https://github.com/open-quantum-safe/oqs-provider/pull/584
+* Add DTLS 1.3 support by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/586
+
+## New Contributors
+* @hughsie made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/585
+
+**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.7.0...0.8.0-rc1
 
 Previous Release Notes
 ======================

SECURITY.md

@@ -6,7 +6,8 @@ We only support the most recent release.
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.7.0   | :white_check_mark: |
+| 0.8.0-rc1   | :white_check_mark: |
+| 0.7.0   | :x:                |
 | 0.6.1   | :x:                |
 | 0.6.0   | :x:                |
 | 0.5.3   | :x:                |