Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

liboqs 0.12.0 #200625

Merged
merged 2 commits into from
Dec 10, 2024
Merged

liboqs 0.12.0 #200625

merged 2 commits into from
Dec 10, 2024

Conversation

BrewTestBot
Copy link
Member

Created by brew bump

Created with brew bump-formula-pr.

release notes 
liboqs version 0.12.0
=====================

About


The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography.  More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.


liboqs is an open source C library for quantum-resistant cryptographic algorithms.  Details about liboqs can be found in README.md.  See in particular limitations on intended use.


liboqs can be used with the following Open Quantum Safe application integrations:


    

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
    • 

  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
    • 

  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
    • 



Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.


liboqs can also be used in the following programming languages via language-specific wrappers:



Release notes


This is version 0.12.0 of liboqs. It was released on December 9, 2024.


This release updates the ML-DSA implementation to the final FIPS 204 version. This release still includes the NIST Round 3 version of Dilithium for interoperability purposes, but we plan to remove Dilithium Round 3 in a future release.


Deprecation notice


This will be the last release of liboqs to include Kyber (that is, the NIST Round 3 version of Kyber, prior to its standardization by NIST as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203).


The addition of ML-DSA FIPS 204 final version to liboqs has introduced a new signature API which includes a context string parameter. We are planning to remove the old version of the API without a context string in the next release to streamline the API and bring it in line with NIST specifications. Users who have an opinion on this removal are invited to provide input at open-quantum-safe/liboqs#2001.


Security issues


    

  • CVE-2024-54137: Fixed bug in HQC decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.
    • 



What's New


This release continues from the 0.11.0 release of liboqs.


Key encapsulation mechanisms


    

  • HQC: Fixed bug in decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.
    • 

  • Kyber: This is the last release of liboqs to include Kyber.
    • 

  • ML-KEM: Improved testing of ML-KEM.
    • 



Digital signature schemes


    

  • LMS: Fixed crashing bug.
    • 

  • ML-DSA: Removed FIPS 204-ipd (initial public draft) and replaced it with FIPS 204 final version.
    • 

  • Added new API for digital signatures with context strings; see Deprecate signature API without context string? open-quantum-safe/liboqs#2001 for plan to remove old API without context string.
    • 

  • Added fuzzing tests for signature schemes.
    • 

  • Added benchmarking for stateful hash-based signature schemes.
    • 



Other changes


    

  • Updated CBOM format to version 1.6.
    • 

  • Added a function OQS_thread_stop to be called by multi-threaded applications to properly deallocate resources in a threaded execution.
    • 

  • Added preprocessor macros conveying liboqs version information.
    • 





Detailed changelog


What's Changed



New Contributors



Full Changelog: open-quantum-safe/liboqs@0.11.0...0.12.0

@github-actions github-actions bot added the bump-formula-pr PR was created using `brew bump-formula-pr` label Dec 10, 2024
@github-actions GitHub Actions
Copy link
Contributor

🤖 An automated task has requested bottles to be published to this PR.

@github-actions github-actions bot added the CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. label Dec 10, 2024
@BrewTestBot BrewTestBot added this pull request to the merge queue Dec 10, 2024
Merged via the queue into master with commit 7a45cab Dec 10, 2024
15 checks passed
@BrewTestBot BrewTestBot deleted the bump-liboqs-0.12.0 branch December 10, 2024 03:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@chenrui333 chenrui333 chenrui333 approved these changes

Assignees
No one assigned
Labels
bump-formula-pr PR was created using `brew bump-formula-pr` CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BrewTestBot @chenrui333