sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-07-04 00:01:27 -04:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: sharpetronics:30175de778a84001d90d42073334ee86895ba807
Branches Tags
sharpetronics:main
sharpetronics:sw-internal-api-doc
sharpetronics:gh-pages
sharpetronics:sw-test-cpu-exts
sharpetronics:sw-macos15-gcc14
sharpetronics:sw-benchmarks
sharpetronics:ds-benchmark-comments
sharpetronics:sw-ct-optimized
sharpetronics:ds-skip-failing-ci
sharpetronics:ps-poutine
sharpetronics:vacuas-main
sharpetronics:sw-alg-datasheet
sharpetronics:sw-disable-by-default
sharpetronics:ash_support_missing_ossl_api
sharpetronics:0.14.0-rc1
sharpetronics:0.13.0
sharpetronics:0.13.0-rc1
sharpetronics:0.12.0
sharpetronics:0.12.0-rc1
sharpetronics:0.11.0
sharpetronics:0.11.0-rc1
sharpetronics:0.10.1
sharpetronics:0.10.1-rc1
sharpetronics:0.10.0
sharpetronics:0.10.0-rc2
sharpetronics:0.10.0-rc1
sharpetronics:0.9.2
sharpetronics:0.9.2-rc1
sharpetronics:0.9.1
sharpetronics:0.9.1-rc1
sharpetronics:0.9.0
sharpetronics:0.9.0-rc1
sharpetronics:0.8.0
sharpetronics:0.8.0-rc1
sharpetronics:ietf116
sharpetronics:0.7.2
sharpetronics:0.7.2-rc2
sharpetronics:0.7.2-rc1
sharpetronics:0.7.1
sharpetronics:0.7.1-rc1
sharpetronics:0.7.0
sharpetronics:0.7.0-rc4
sharpetronics:0.7.0-rc3
sharpetronics:0.6.0
sharpetronics:0.6.0-rc3
sharpetronics:0.6.0-rc2
sharpetronics:0.6.0-rc1
sharpetronics:0.5.0
sharpetronics:0.4.0
sharpetronics:0.3.0
sharpetronics:0.2.0
sharpetronics:nist-branch-snapshot-2018-11
sharpetronics:master-0.1.0
sharpetronics:nist-branch-snapshot-2018-07
sharpetronics:nist-branch-snapshot-2018-05
sharpetronics:nist-branch-snapshot-2018-04
..
compare: sharpetronics:11ecc6a66fdc67aff9fb2fe0b25f5be67f91916e
Branches Tags
sharpetronics:sw-internal-api-doc
sharpetronics:main
sharpetronics:gh-pages
sharpetronics:sw-test-cpu-exts
sharpetronics:sw-macos15-gcc14
sharpetronics:sw-benchmarks
sharpetronics:ds-benchmark-comments
sharpetronics:sw-ct-optimized
sharpetronics:ds-skip-failing-ci
sharpetronics:ps-poutine
sharpetronics:vacuas-main
sharpetronics:sw-alg-datasheet
sharpetronics:sw-disable-by-default
sharpetronics:ash_support_missing_ossl_api
sharpetronics:0.14.0-rc1
sharpetronics:0.13.0
sharpetronics:0.13.0-rc1
sharpetronics:0.12.0
sharpetronics:0.12.0-rc1
sharpetronics:0.11.0
sharpetronics:0.11.0-rc1
sharpetronics:0.10.1
sharpetronics:0.10.1-rc1
sharpetronics:0.10.0
sharpetronics:0.10.0-rc2
sharpetronics:0.10.0-rc1
sharpetronics:0.9.2
sharpetronics:0.9.2-rc1
sharpetronics:0.9.1
sharpetronics:0.9.1-rc1
sharpetronics:0.9.0
sharpetronics:0.9.0-rc1
sharpetronics:0.8.0
sharpetronics:0.8.0-rc1
sharpetronics:ietf116
sharpetronics:0.7.2
sharpetronics:0.7.2-rc2
sharpetronics:0.7.2-rc1
sharpetronics:0.7.1
sharpetronics:0.7.1-rc1
sharpetronics:0.7.0
sharpetronics:0.7.0-rc4
sharpetronics:0.7.0-rc3
sharpetronics:0.6.0
sharpetronics:0.6.0-rc3
sharpetronics:0.6.0-rc2
sharpetronics:0.6.0-rc1
sharpetronics:0.5.0
sharpetronics:0.4.0
sharpetronics:0.3.0
sharpetronics:0.2.0
sharpetronics:nist-branch-snapshot-2018-11
sharpetronics:master-0.1.0
sharpetronics:nist-branch-snapshot-2018-07
sharpetronics:nist-branch-snapshot-2018-05
sharpetronics:nist-branch-snapshot-2018-04

1 Commits
30175de778 ... 11ecc6a66f

Author SHA1 Message Date
Abhinav Saxena
11ecc6a66f
Merge 325286187fe076994e7d9862fdf00d7a9ccbcbbc into 4215362acbf69b88fe1777c4c052f154e29f9897 2025-06-23 14:37:33 -04:00
4 changed files with 71 additions and 60 deletions
Show Stats Expand all files Collapse all files

6
CMakeLists.txt
View File

@ -42,9 +42,9 @@ set(CMAKE_C_STANDARD_REQUIRED ON)
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set(CMAKE_C_VISIBILITY_PRESET hidden)
set(OQS_VERSION_MAJOR 0)
set(OQS_VERSION_MINOR 14)
set(OQS_VERSION_PATCH 0)
set(OQS_VERSION_PRE_RELEASE "-rc1")
set(OQS_VERSION_MINOR 13)
set(OQS_VERSION_PATCH 1)
set(OQS_VERSION_PRE_RELEASE "-dev")
set(OQS_VERSION_TEXT "${OQS_VERSION_MAJOR}.${OQS_VERSION_MINOR}.${OQS_VERSION_PATCH}${OQS_VERSION_PRE_RELEASE}")
set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}")
set(OQS_MINIMAL_GCC_VERSION "7.1.0")

119
RELEASE.md
View File

@ -1,5 +1,5 @@
liboqs version 0.14.0-rc1
=========================
liboqs version 0.13.0
=====================
About
-----
@ -27,41 +27,36 @@ liboqs can also be used in the following programming languages via language-spec
Release notes
=============
This is release candidate 1 for version 0.14.0 of liboqs. It was released on June 25, 2025.
This is version 0.13.0 of liboqs. It was released on April 16, 2025.
This release contains a security fix for secret-dependent branching in HQC. It introduces support for SNOVA, a NIST Additional Signatures Round 2 candidate, and a new optimized implementation of SHA3 using AVX-512VL instructions. Additionally, this is the first liboqs release to include the [stable 1.0.0 version of PQ Code Package's mlkem-native](https://github.com/pq-code-package/mlkem-native/releases/tag/v1.0.0).
This release improves support for NIST Additional Signatures Round 2 candidates: CROSS and MAYO implementations are updated and support is added for UOV. This release also adds a new KEM API for deterministic key generation (only supported by ML-KEM at the moment). Finally, this release adds support for ML-KEM implementations from 2 new sources: formally verified portable C, AVX2, and AArch64 implementations from [PQCP's mlkem-native](https://github.com/pq-code-package/mlkem-native) and a GPU accelerated CUDA implementation from [Nvidia cuPQC](https://developer.nvidia.com/cupqc).
This release also introduces a number of improvements to testing and infrastructure. The OQS project is now publishing benchmarking data on https://openquantumsafe.org/benchmarking and code coverage data on https://coveralls.io/github/open-quantum-safe/liboqs.
Deprecation notice
==================
This will be the last release of liboqs to include Dilithium (that is, the NIST Round 3 version of Dilithium, prior to its standardization by NIST as ML-DSA in FIPS 204). Applications should switch to ML-DSA (FIPS 204). Please contact us if you have any concerns.
Security issues
===============
- CVE-2025-52473: Disabled compiler optimizations for HQC to avoid secret-dependent branches. Thank you to Zhenzhi Lai and Zhiyuan Zhang from from the University of Melbourne and the Max Planck Institute for Security and Privacy for identifying the issue.
OQS is running a survey to better understand our community. We would like to hear from organizations and individuals about their interest in and use of the Open Quantum Safe project. Please take a few minutes to fill out the survey: https://linuxfoundation.surveymonkey.com/r/oqssurvey
What's New
----------
This release continues from the 0.13.0 release of liboqs.
This release continues from the 0.12.0 release of liboqs.
### Key encapsulation mechanisms
- HQC: Disabled compiler optimizations to avoid secret-dependent branching in certain configurations. HQC remains disabled by default.
- ML-KEM: Updated the default ML-KEM implementation to [PQCP's mlkem-native v1.0.0](https://github.com/pq-code-package/mlkem-native/releases/tag/v1.0.0).
- New API: Added a deterministic key generation and API for KEMs (only ML-KEM supported at the moment).
- ML-KEM: Changed the default ML-KEM implementation to [PQCP's mlkem-native](https://github.com/pq-code-package/mlkem-native). There are three variants: Portable C, AVX2, and AArch64. Large parts of these implementations are formally verified: all of the C code is verified for memory and type safety using [CBMC](https://github.com/diffblue/cbmc) and the functional correctness of the core AArch64 assembly routines is verified using [HOL-Light](https://github.com/jrh13/hol-light).
- ML-KEM: Added support for the ML-KEM implementation from [Nvidia cuPQC](https://developer.nvidia.com/cupqc), a GPU accelerated cryptography library.
- ML-KEM: Implementation from mlkem-native upstream updated to add Pair-wise Consistency Test (PCT) and Intel CET support.
- ML-KEM: Improved testing of ML-KEM keys.
- HQC: Disabled HQC by default until [a new security flaw](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/Wiu4ZQo3fP8) is fixed.
### Digital signature schemes
- New API: added an API function to check if a signature scheme supports signing with a context string.
- SNOVA: added [SNOVA](https://snova.pqclab.org/) from NIST Additional Signature Schemes Round 2.
- ML-DSA: Improved testing for ML-DSA.
- CROSS: Updated to NIST Additional Signatures Round 2 version.
- MAYO: Updated to NIST Additional Signatures Round 2 version.
- UOV: Added support for UOV algorithm from NIST Additional Signatures Round 2.
### Other changes
- Added an AVX512VL-optimized backend for SHA3.
- Improved memory management throughout the codebase.
- Added support for loongarch64 architecture.
---
@ -69,38 +64,54 @@ Detailed changelog
------------------
## What's Changed
* Switch to dev mode after 0.13.0 release by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/2125
* Restrict -Wno-maybe-uninitialized to GCC and fix stack size typo by @alraddady in https://github.com/open-quantum-safe/liboqs/pull/2111
* Promote @SWilson4 from Committer to Maintainer [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2120
* Update Nix flake inputs by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/2126
* Change cuPQC upstream repo by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/2115
* Integrate SNOVA into liboqs by @vacuas in https://github.com/open-quantum-safe/liboqs/pull/2109
* Update ACVP vectors to latest release by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2131
* Add a function to check if context string is supported by @M-AlNoaimi in https://github.com/open-quantum-safe/liboqs/pull/2142
* Skip failing CI test by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2157
* Use OQS_MEM_cleanse() instead of memset() by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2158
* Check for NULL dereference before using secure free by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2151
* Update mlkem-native to v1.0.0 by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2146
* test: Use secure free for freeing secret key objects by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2149
* tests: Remove unused variables by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2152
* Wycheproof by @h2parson in https://github.com/open-quantum-safe/liboqs/pull/2145
* tests: Check OQS_STATUS of RNG and fstore functions by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2153
* Adjust constant-time test exception for mlkem-native by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2162
* Continuous Benchmarking using Github Actions by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2134
* test: Add basic kem fuzz testing by @nathaniel-brough in https://github.com/open-quantum-safe/liboqs/pull/2133
* Increase alert threshold for continuous benchmarking by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2166
* Benchmarking comments only on alerts by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2168
* Adding code coverage by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/2148
* Add AVX512VL-Optimized SHA3/SHAKE Implementations by @mdcornu in https://github.com/open-quantum-safe/liboqs/pull/2167
* Zeroize memory in SHA3 implementation by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/2171
* Disable compiler optimizations for HQC by @SWilson4 in https://github.com/open-quantum-safe/liboqs/commit/4215362acbf69b88fe1777c4c052f154e29f9897
* Bump version to 0.12.1-dev by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2015
* Add loongarch64 support by @zhaixiaojuan in https://github.com/open-quantum-safe/liboqs/pull/2010
* Minor changes to ML_DSA ACVP tests by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2007
* Update upload-artifact action to v4 by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2017
* Remove hardcoded build paths & modify basic workflow to build in random path by @iyanmv in https://github.com/open-quantum-safe/liboqs/pull/2019
* Trigger liboqs-java and liboqs-rust downstream CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2021
* #1830 update scorecard to v5 (gh action 2.4.0) by @planetf1 in https://github.com/open-quantum-safe/liboqs/pull/1890
* Update PQClean commit and delete patch for HQC by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2026
* Bump jinja2 from 3.1.4 to 3.1.5 in /scripts/copy_from_upstream in the pip group by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/2036
* Avoid unresolved symbols from libcrypto when compiled with OQS_DLOPEN_OPENSSL by @ueno in https://github.com/open-quantum-safe/liboqs/pull/2043
* Update to public Ubuntu 24.04 ARM runner by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2050
* NVIDIA: Adding cuPQC as a backend for ML-KEM. by @stevenireeves in https://github.com/open-quantum-safe/liboqs/pull/2044
* Update ACVP vectors for KEM and DSA by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2051
* CI: Check unresolved symbols when compiled with OQS_DLOPEN_OPENSSL by @ueno in https://github.com/open-quantum-safe/liboqs/pull/2058
* Fix failing zephyr CI workflows, pinning v0.27.4 by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2063
* Update sig_stfl Doxygen documentation by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2059
* Import ML-KEM from mlkem-native/PQ code package by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2041
* Update example files by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2071
* GitHub runner updates by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2069
* Disable cupqc-buildcheck by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/2075
* Add threat model by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2033
* Update CROSS to version 2.0 by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/2078
* improving CONTRIBUTING.md for maintainability [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/2081
* Ensure that building against liboqs build directory works by @levitte in https://github.com/open-quantum-safe/liboqs/pull/2086
* Added alg_version details to test output by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2080
* Add checks for ML-KEM keys by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2009
* Update actions/cache to v4.2.2 by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2093
* Add Nix flake by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/1970
* Update MAYO to NIST round 2 by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2095
* Update mlkem-native to v1.0.0-beta by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2092
* Add references to security response process by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2077
* Bump version to 0.13.0-dev [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2099
* Add UOV by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2094
* Add bitflip test for trivial SUF-CMA forgeries by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/2090
* Update MAYO version in algorithm datasheet by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2103
* Add DeriveKeyPair API by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2070
* Update nist-round in UOV and MAYO data sheet by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2105
* build: search unistd.h separately from sys/random.h for getentropy by @mkroening in https://github.com/open-quantum-safe/liboqs/pull/2104
* Add support caveat by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2114
* Temporarily disable HQC by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2122
* Fix PR workflow runs by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2123
## New Contributors
* @alraddady made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2111
* @vacuas made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2109
* @M-AlNoaimi made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2142
* @Hussain1811 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2158
* @h2parson made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2145
* @mdcornu made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2167
* @zhaixiaojuan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2010
* @stevenireeves made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2044
* @pablo-gf made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2059
* @levitte made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2086
* @mkannwischer made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2093
* @mkroening made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2104
**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.13.0...0.14.0-rc1
**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.12.0...0.13.0

4
SECURITY.md
View File

@ -8,8 +8,8 @@ Using any code prior to 0.12.0 is strongly discouraged due to a [known security
| Version | Supported |
| ------- | ------------------ |
| 0.14.0 | :white_check_mark: |
| < 0.14 | :x: |
| 0.13.0 | :white_check_mark: |
| < 0.13 | :x: |
## Reporting a Vulnerability

2
src/CMakeLists.txt
View File

@ -134,7 +134,7 @@ set_target_properties(oqs
ARCHIVE_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/lib"
LIBRARY_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/lib"
VERSION ${OQS_VERSION_TEXT}
SOVERSION 8
SOVERSION 7
# For Windows DLLs
RUNTIME_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/bin")