Merge 325286187fe076994e7d9862fdf00d7a9ccbcbbc into b5d3dac4ebdfbbc5de1f6ab9fc6a94c3fd47d13d

* Prepare 0.14.0 release candidate 1 [full tests] [extended tests]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Update release notes with deprecation and security info [skip ci]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

CMakeLists.txt

@@ -42,9 +42,9 @@ set(CMAKE_C_STANDARD_REQUIRED ON)
 set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 set(CMAKE_C_VISIBILITY_PRESET hidden)
 set(OQS_VERSION_MAJOR 0)
-set(OQS_VERSION_MINOR 13)
-set(OQS_VERSION_PATCH 1)
-set(OQS_VERSION_PRE_RELEASE "-dev")
+set(OQS_VERSION_MINOR 14)
+set(OQS_VERSION_PATCH 0)
+set(OQS_VERSION_PRE_RELEASE "-rc1")
 set(OQS_VERSION_TEXT "${OQS_VERSION_MAJOR}.${OQS_VERSION_MINOR}.${OQS_VERSION_PATCH}${OQS_VERSION_PRE_RELEASE}")
 set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}")
 set(OQS_MINIMAL_GCC_VERSION "7.1.0")

RELEASE.md

@@ -1,5 +1,5 @@
-liboqs version 0.13.0
-=====================
+liboqs version 0.14.0-rc1
+=========================
 
 About
 -----
@@ -27,36 +27,41 @@ liboqs can also be used in the following programming languages via language-spec
 Release notes
 =============
 
-This is version 0.13.0 of liboqs. It was released on April 16, 2025.
+This is release candidate 1 for version 0.14.0 of liboqs. It was released on June 25, 2025.
 
-This release improves support for NIST Additional Signatures Round 2 candidates: CROSS and MAYO implementations are updated and support is added for UOV. This release also adds a new KEM API for deterministic key generation (only supported by ML-KEM at the moment). Finally, this release adds support for ML-KEM implementations from 2 new sources: formally verified portable C, AVX2, and AArch64 implementations from [PQCP's mlkem-native](https://github.com/pq-code-package/mlkem-native) and a GPU accelerated CUDA implementation from [Nvidia cuPQC](https://developer.nvidia.com/cupqc). 
+This release contains a security fix for secret-dependent branching in HQC. It introduces support for SNOVA, a NIST Additional Signatures Round 2 candidate, and a new optimized implementation of SHA3 using AVX-512VL instructions. Additionally, this is the first liboqs release to include the [stable 1.0.0 version of PQ Code Package's mlkem-native](https://github.com/pq-code-package/mlkem-native/releases/tag/v1.0.0).
 
-OQS is running a survey to better understand our community. We would like to hear from organizations and individuals about their interest in and use of the Open Quantum Safe project. Please take a few minutes to fill out the survey: https://linuxfoundation.surveymonkey.com/r/oqssurvey
+This release also introduces a number of improvements to testing and infrastructure. The OQS project is now publishing benchmarking data on https://openquantumsafe.org/benchmarking and code coverage data on https://coveralls.io/github/open-quantum-safe/liboqs.
+
+Deprecation notice
+==================
+
+This will be the last release of liboqs to include Dilithium (that is, the NIST Round 3 version of Dilithium, prior to its standardization by NIST as ML-DSA in FIPS 204). Applications should switch to ML-DSA (FIPS 204). Please contact us if you have any concerns.
+
+Security issues
+===============
+
+- CVE-2025-52473: Disabled compiler optimizations for HQC to avoid secret-dependent branches. Thank you to Zhenzhi Lai and Zhiyuan Zhang from from the University of Melbourne and the Max Planck Institute for Security and Privacy for identifying the issue.
 
 What's New
 ----------
 
-This release continues from the 0.12.0 release of liboqs.
+This release continues from the 0.13.0 release of liboqs.
 
 ### Key encapsulation mechanisms
 
-- New API: Added a deterministic key generation and API for KEMs (only ML-KEM supported at the moment).
-- ML-KEM: Changed the default ML-KEM implementation to [PQCP's mlkem-native](https://github.com/pq-code-package/mlkem-native). There are three variants: Portable C, AVX2, and AArch64. Large parts of these implementations are formally verified: all of the C code is verified for memory and type safety using [CBMC](https://github.com/diffblue/cbmc) and the functional correctness of the core AArch64 assembly routines is verified using [HOL-Light](https://github.com/jrh13/hol-light). 
-- ML-KEM: Added support for the ML-KEM implementation from [Nvidia cuPQC](https://developer.nvidia.com/cupqc), a GPU accelerated cryptography library.
-- ML-KEM: Implementation from mlkem-native upstream updated to add Pair-wise Consistency Test (PCT) and Intel CET support.
-- ML-KEM: Improved testing of ML-KEM keys.
-- HQC: Disabled HQC by default until [a new security flaw](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/Wiu4ZQo3fP8) is fixed.
+- HQC: Disabled compiler optimizations to avoid secret-dependent branching in certain configurations. HQC remains disabled by default.
+- ML-KEM: Updated the default ML-KEM implementation to [PQCP's mlkem-native v1.0.0](https://github.com/pq-code-package/mlkem-native/releases/tag/v1.0.0).
 
 ### Digital signature schemes
 
-- ML-DSA: Improved testing for ML-DSA.
-- CROSS: Updated to NIST Additional Signatures Round 2 version.
-- MAYO: Updated to NIST Additional Signatures Round 2 version.
-- UOV: Added support for UOV algorithm from NIST Additional Signatures Round 2.
+- New API: added an API function to check if a signature scheme supports signing with a context string.
+- SNOVA: added [SNOVA](https://snova.pqclab.org/) from NIST Additional Signature Schemes Round 2.
 
 ### Other changes
 
-- Added support for loongarch64 architecture.
+- Added an AVX512VL-optimized backend for SHA3.
+- Improved memory management throughout the codebase.
 
 ---
 
@@ -64,54 +69,38 @@ Detailed changelog
 ------------------
 
 ## What's Changed
-* Bump version to 0.12.1-dev by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2015
-* Add loongarch64 support by @zhaixiaojuan in https://github.com/open-quantum-safe/liboqs/pull/2010
-* Minor changes to ML_DSA ACVP tests by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2007
-* Update upload-artifact action to v4 by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2017
-* Remove hardcoded build paths & modify basic workflow to build in random path by @iyanmv in https://github.com/open-quantum-safe/liboqs/pull/2019
-* Trigger liboqs-java and liboqs-rust downstream CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2021
-* #1830 update scorecard to v5 (gh action 2.4.0) by @planetf1 in https://github.com/open-quantum-safe/liboqs/pull/1890
-* Update PQClean commit and delete patch for HQC by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2026
-* Bump jinja2 from 3.1.4 to 3.1.5 in /scripts/copy_from_upstream in the pip group by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/2036
-* Avoid unresolved symbols from libcrypto when compiled with OQS_DLOPEN_OPENSSL by @ueno in https://github.com/open-quantum-safe/liboqs/pull/2043
-* Update to public Ubuntu 24.04 ARM runner by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2050
-* NVIDIA: Adding cuPQC as a backend for ML-KEM. by @stevenireeves in https://github.com/open-quantum-safe/liboqs/pull/2044
-* Update ACVP vectors for KEM and DSA by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2051
-* CI: Check unresolved symbols when compiled with OQS_DLOPEN_OPENSSL by @ueno in https://github.com/open-quantum-safe/liboqs/pull/2058
-* Fix failing zephyr CI workflows, pinning v0.27.4 by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2063
-* Update sig_stfl Doxygen documentation by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2059
-* Import ML-KEM from mlkem-native/PQ code package by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2041
-* Update example files by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2071
-* GitHub runner updates by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2069
-* Disable cupqc-buildcheck by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/2075
-* Add threat model by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2033
-* Update CROSS to version 2.0 by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/2078
-* improving CONTRIBUTING.md for maintainability [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/2081
-* Ensure that building against liboqs build directory works by @levitte in https://github.com/open-quantum-safe/liboqs/pull/2086
-* Added alg_version details to test output by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2080
-* Add checks for ML-KEM keys by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2009
-* Update actions/cache to v4.2.2 by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2093
-* Add Nix flake by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/1970
-* Update MAYO to NIST round 2 by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2095
-* Update mlkem-native to v1.0.0-beta by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2092
-* Add references to security response process by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2077
-* Bump version to 0.13.0-dev [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2099
-* Add UOV  by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2094
-* Add bitflip test for trivial SUF-CMA forgeries by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/2090
-* Update MAYO version in algorithm datasheet by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2103
-* Add DeriveKeyPair API by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2070
-* Update nist-round in UOV and MAYO data sheet by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2105
-* build: search unistd.h separately from sys/random.h for getentropy by @mkroening in https://github.com/open-quantum-safe/liboqs/pull/2104
-* Add support caveat by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2114
-* Temporarily disable HQC by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2122
-* Fix PR workflow runs by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2123
+* Switch to dev mode after 0.13.0 release by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/2125
+* Restrict -Wno-maybe-uninitialized to GCC and fix stack size typo by @alraddady in https://github.com/open-quantum-safe/liboqs/pull/2111
+* Promote @SWilson4 from Committer to Maintainer [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2120
+* Update Nix flake inputs by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/2126
+* Change cuPQC upstream repo by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/2115
+* Integrate SNOVA into liboqs by @vacuas in https://github.com/open-quantum-safe/liboqs/pull/2109
+* Update ACVP vectors to latest release by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2131
+* Add a function to check if context string is supported by @M-AlNoaimi in https://github.com/open-quantum-safe/liboqs/pull/2142
+* Skip failing CI test by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2157
+* Use OQS_MEM_cleanse() instead of memset() by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2158
+* Check for NULL dereference before using secure free by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2151
+* Update mlkem-native to v1.0.0 by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2146
+* test: Use secure free for freeing secret key objects by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2149
+* tests: Remove unused variables by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2152
+* Wycheproof by @h2parson in https://github.com/open-quantum-safe/liboqs/pull/2145
+* tests: Check OQS_STATUS of RNG and fstore functions by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2153
+* Adjust constant-time test exception for mlkem-native by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2162
+* Continuous Benchmarking using Github Actions by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2134
+* test: Add basic kem fuzz testing by @nathaniel-brough in https://github.com/open-quantum-safe/liboqs/pull/2133
+* Increase alert threshold for continuous benchmarking by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2166
+* Benchmarking comments only on alerts by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2168
+* Adding code coverage by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/2148
+* Add AVX512VL-Optimized SHA3/SHAKE Implementations by @mdcornu in https://github.com/open-quantum-safe/liboqs/pull/2167
+* Zeroize memory in SHA3 implementation by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/2171
+* Disable compiler optimizations for HQC by @SWilson4 in https://github.com/open-quantum-safe/liboqs/commit/4215362acbf69b88fe1777c4c052f154e29f9897
 
 ## New Contributors
-* @zhaixiaojuan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2010
-* @stevenireeves made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2044
-* @pablo-gf made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2059
-* @levitte made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2086
-* @mkannwischer made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2093
-* @mkroening made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2104
+* @alraddady made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2111
+* @vacuas made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2109
+* @M-AlNoaimi made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2142
+* @Hussain1811 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2158
+* @h2parson made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2145
+* @mdcornu made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2167
 
-**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.12.0...0.13.0
+**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.13.0...0.14.0-rc1

SECURITY.md

@@ -8,8 +8,8 @@ Using any code prior to 0.12.0 is strongly discouraged due to a [known security
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.13.0  | :white_check_mark: |
-| < 0.13  | :x:                |
+| 0.14.0  | :white_check_mark: |
+| < 0.14  | :x:                |
 
 ## Reporting a Vulnerability
 

src/CMakeLists.txt

@@ -134,7 +134,7 @@ set_target_properties(oqs
     ARCHIVE_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/lib"
     LIBRARY_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/lib"
     VERSION ${OQS_VERSION_TEXT}
-    SOVERSION 7
+    SOVERSION 8
     # For Windows DLLs
     RUNTIME_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/bin")