Fix release date in RELEASE.md

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

CMakeLists.txt

@@ -34,7 +34,7 @@ set(CMAKE_C_STANDARD 11)
 set(CMAKE_C_STANDARD_REQUIRED ON)
 set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 set(CMAKE_C_VISIBILITY_PRESET hidden)
-set(OQS_VERSION_TEXT "0.10.2-dev")
+set(OQS_VERSION_TEXT "0.11.0")
 set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}")
 set(OQS_MINIMAL_GCC_VERSION "7.1.0")
 set(CMAKE_EXPORT_COMPILE_COMMANDS ON)

RELEASE.md

@@ -1,4 +1,4 @@
-liboqs version 0.10.0
+liboqs version 0.11.0
 =====================
 
 About
@@ -14,117 +14,120 @@ liboqs can be used with the following Open Quantum Safe application integrations
 - **OQS-BoringSSL**: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
 - **OQS-OpenSSH**: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
 
-Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.  Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
+Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.
 
 liboqs can also be used in the following programming languages via language-specific wrappers:
 
 - C++, via https://github.com/open-quantum-safe/liboqs-cpp
 - Go, via https://github.com/open-quantum-safe/liboqs-go
 - Java, via https://github.com/open-quantum-safe/liboqs-java
-- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
 - Python 3, via https://github.com/open-quantum-safe/liboqs-python
 - Rust, via https://github.com/open-quantum-safe/liboqs-rust
 
 Release notes
 =============
 
-This is version 0.10.0 of liboqs. It was released on March 20, 2024.
+This is version 0.11.0 of liboqs. It was released on September 27, 2024.
 
-This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of [FIPS 203](https://csrc.nist.gov/pubs/fips/203/ipd) and [FIPS 204](https://csrc.nist.gov/pubs/fips/204/ipd), respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures.
+This release updates ML-KEM implementations to their [final FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) versions. This release still includes the NIST Round 3 version of Kyber for interoperability purposes, but we plan to remove Kyber Round 3 in a future release. Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2).
+
+LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in [CONFIGURE.md](https://github.com/open-quantum-safe/liboqs/blob/0.11.0/CONFIGURE.md#stateful-hash-based-signatures).
 
 What's New
 ----------
 
-This release continues from the 0.9.2 release of liboqs.
+This release continues from the 0.10.1 release of liboqs.
 
 ### Key encapsulation mechanisms
 
-- BIKE: Updated portable C implementation to include constant-time fixes from upstream.
+- Kyber: Added formally-verified portable C and AVX2 implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2).
-- HQC: Updated to NIST Round 4 version.
+- ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512, ML-KEM-768, and ML-KEM-1024 to FIP 203 version.
-- ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024.
+- Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and Kyber-1024 to work with AddressSanitizer.
 
 ### Digital signature schemes
 
-- Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification.
+- LMS/XMSS: Added implementations of stateful hash-based signature schemes: [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554).
-- ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87.
+- MAYO: Added portable C and AVX2 implementations of MAYO signature scheme from NIST Additional Signatures Round 1.
+- CROSS: Added portable C and AVX2 implementations of CROSS signature scheme from NIST Additional Signatures Round 1.
 
 ### Other changes
 
-- Improved thread safety.
+- Added callback API to use custom implementations of AES, SHA2, and SHA3.
-- Added uninstall support via `ninja uninstall`
+- Refactor SHA3 implementation to use OpenSSL's EVP_DigestSqueeze() API.
-- Documented platforms by support tier in PLATFORMS.md.
-- Added support for Zephyr RTOS.
-- Improved support for macOS on Apple Silicon.
-- Removed support for the "NIST-KAT" DRBG.
-- Added extended KAT test programs.
 
 ---
 
 Detailed changelog
 ------------------
 
-* PR template update & OpenSSL clarification by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1582
+* [NFCI] Move Keccak rhotates tables to rodata by @aaupov in https://github.com/open-quantum-safe/liboqs/pull/1739
-* Use CMAKE_USE_PTHREADS_INIT by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1576
+* Document Fix by @pi-314159 in https://github.com/open-quantum-safe/liboqs/pull/1735
-* Add section to CONFIGURE.md link by @iyanmv in https://github.com/open-quantum-safe/liboqs/pull/1578
+* Add option to dynamically load libcrypto.so.* by @ueno in https://github.com/open-quantum-safe/liboqs/pull/1603
-* Run copy_from_upstream and test by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1589
+* Allow windows linking of test programs by @matlimatli in https://github.com/open-quantum-safe/liboqs/pull/1751
-* Support several pqclean upstream versions by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1595
+* Refactor OpenSSL Implementation of SHA3 SHAKE to use new Squeeze API by @Eddy-M-K in https://github.com/open-quantum-safe/liboqs/pull/1694
-* Call Keccak_(X4_)Dispatch with pthread_once by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1549
+* remove "maximum" words for most length fields by @wangweij in https://github.com/open-quantum-safe/liboqs/pull/1747
-* minor updates by @vsoftco in https://github.com/open-quantum-safe/liboqs/pull/1600
+* add compile_commands.json to .gitignore by @carsonRadtke in https://github.com/open-quantum-safe/liboqs/pull/1754
-* Pull new HQC implementation from upstream by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1585
+* Fix linking of test programs on msys by @d0p1s4m4 in https://github.com/open-quantum-safe/liboqs/pull/1758
-* add uninstall support by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1604
+* restrict Windows platform support documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1762
-* Ensure generic OQS_OPT_TARGET in weekly CT tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1618
+* Add workflow dispatch to action by @ryjones in https://github.com/open-quantum-safe/liboqs/pull/1778
-* update .travis.yml by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1629
+* Bump jinja2 from 3.1.3 to 3.1.4 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1782
-* Pull latest Kyber version from upstream by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1631
+* Algorithm selection clarification by @beldmit in https://github.com/open-quantum-safe/liboqs/pull/1784
-* platform support documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1605
+* Use OPENSSL_cleanse if OpenSSL is used by @bencemali in https://github.com/open-quantum-safe/liboqs/pull/1773
-* Add support for Zephyr RTOS by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1621
+* Errors not printed out when OPENSSL_NO_STDIO is set by @bencemali in https://github.com/open-quantum-safe/liboqs/pull/1774
-* Apply patch to Kyber aarch64 code from PQClean for variable-time division issue. by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1636
+* Add Stateful Signature (XMSS and LMS) by @ashman-p in https://github.com/open-quantum-safe/liboqs/pull/1650
-* Fix BIKE constant-time errors by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1632
+* Forward-declare OQS_SIG in sig_stfl.h by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1820
-* Fix falcon constant time check in Valgrind by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1646
+* Move Linux ARM64 "build" test from CircleCI to GitHub Actions by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1814
-* Correct cmake version requirement by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1643
+* Fix test_alg_info.py on Windows platform by @qnfm in https://github.com/open-quantum-safe/liboqs/pull/1821
-* Pull Kyber division fixes from PQ-Crystals into main by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1649
+* Increment version string to 0.10.2-dev by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1813
-* Bump gitpython from 3.1.37 to 3.1.41 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1659
+* Add XMSS-SHA256_{10, 16, 20}_192 parameters by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1817
-* Zephyr: fixes for platform support by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1658
+* Add XMSS-SHAKE256_{10, 16, 20}_192 parameters by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1818
-* Bump jinja2 from 2.11.3 to 3.1.3 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1661
+* Add XMSS-SHAKE256_{10, 16, 20}_256 parameters by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1819
-* Riscv zephyr support by @trigpolynom in https://github.com/open-quantum-safe/liboqs/pull/1641
+* Create scorecard.yml (OpenSSF) by @planetf1 in https://github.com/open-quantum-safe/liboqs/pull/1708
-* Zephyr: CMake fixes by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1664
+* Expose callback API for replacing low-level cryptographic primitives by @ueno in https://github.com/open-quantum-safe/liboqs/pull/1832
-* Clarify that copyright is held by authors and not the project itself [skip ci] by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1668
+* Add MAYO signature scheme from NIST onramp by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1707
-* Make internal API available to (only) test programs by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1667
+* Bump zipp from 3.4.0 to 3.19.1 in /scripts/copy_from_upstream in the pip group by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1836
-* Remove reference to old BIKE variants from CONFIGURE.md [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1669
+* Update and fix CI status badges by @anvega in https://github.com/open-quantum-safe/liboqs/pull/1844
-* Add a document describing our subproject governance by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1675
+* Use `cmake -LA -N` instead of `cmake -LA` in CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1848
-* Set the correct compile flag for the memory sanitizer build by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1680
+* Fix passes.json entries for MAYO by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1852
-* Test against all 100 KAT values by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1560
+* ML-KEM NIST tests, fix order of d and z by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1854
-* Update BIKE documentation to exclude x86 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1679
+* Move from CircleCI to GitHub Actions by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1849
-* find_package(Threads) regardless of BUILD_ONLY_LIB by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1653
+* Add a convenience script for consistent astyle formatting by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1861
-* Call set_available_cpu_extensions using pthread_once by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1671
+* Quick fixes from Trail of Bits audit Week 1 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1869
-* Discontinue AppVeyor CI testing by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1682
+* Check return value of fscanf in LMS/XMSS KAT tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1874
-* Run oqs-provider release tests in CI on release candidate branches by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1654
+* Fix downstream CI trigger by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1857
-* Fix link in GOVERNANCE.md by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1686
+* Don't hardcode OPENSSL_ROOT_DIR to /usr on Linux by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1873
-* Rename weekly runs and skip Falcon-1024 [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1684
+* Fix overflow in stateful sigs tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1887
-* Update McEliece suppression files for generic config by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1677
+* Integrate Kyber from libjade  by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1745
-* Update SPHINCS+ "clean" suppression files by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1683
+* Use explicit_memset if available. NetBSD has support for it: by @loganaden in https://github.com/open-quantum-safe/liboqs/pull/1872
-* Update Sphincs+ Markdown documentation from YAML by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1690
+* Disable erroring TravisCI build by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1901
-* properly document release support level [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1688
+* Update OpenSSH downstream branch to OQS-v9 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1898
-* set(OQS_USE_PTHREADS OFF) on MinGW/Cygwin by @zxjtan in https://github.com/open-quantum-safe/liboqs/pull/1695
+* Fix incorrect formatting in unix.yml by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1902
-* Fix cross compilation and test in CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1696
+* CMakeLists: add ppc case to known archs by @barracuda156 in https://github.com/open-quantum-safe/liboqs/pull/1816
-* update brew install instructions to use openssl@3 instead of openssl@1.1.1 [skip ci] by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1701
+* Remove old ad hoc CI for Apple M1 by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1907
-* Add ML-DSA-ipd and ML-KEM-ipd & NIST supplied test vectors by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1626
+* Add ML-KEM / FIPS203 final by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1899
-* Small fixes after adding ML-\* by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1702
+* Update checkout action in weekly.yml by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1908
-* Move MacOS CI tests to GitHub Actions; add M1 CI tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1709
+* Add CROSS by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/1881
-* Update liboqs readme to point to oqs-provider instead of deprecated openssl1.1.1 fork [skip ci] by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1699
+* Refactor liboqs CI and update Ubuntu images by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1909
-* Fix for the Zephyr CI tests by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1714
+* Check workflows for issues during CI by @jplomas in https://github.com/open-quantum-safe/liboqs/pull/1916
-* remove references to unsupported openssh [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1713
+* Patch Kyber to fix ASAN error on ARM64 by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1922
-* fix documentation generation by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1715
+* Change README links to be doxygen-friendly by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1927
-* Support Falcon PADDED format by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1710
-* Fix for alg_support.cmake by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1716
-* Fix SPHINCS+ naming in CT tests [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1720
-* improve algorithm documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1721
-* Always build "internal" library as static by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1725
 
 ## New Contributors
-* @zxjtan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1576
+* @aaupov made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1739
-* @iyanmv made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1578
+* @pi-314159 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1735
-* @Frauschi made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1621
+* @ueno made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1603
-* @cothan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1646
+* @matlimatli made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1751
-* @trigpolynom made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1641
+* @Eddy-M-K made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1694
+* @wangweij made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1747
+* @carsonRadtke made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1754
+* @d0p1s4m4 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1758
+* @ryjones made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1778
+* @bencemali made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1773
+* @qnfm made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1821
+* @anvega made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1844
+* @loganaden made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1872
+* @barracuda156 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1816
+* @rtjk made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1881
+* @jplomas made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1916
 
-**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.9.2...0.10.0
+**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.10.1...0.11.0

SECURITY.md

@@ -4,12 +4,12 @@
 
 We only support the most recent release.
 
-Using any code prior to 0.9.2 is strongly discouraged due to a [known security vulnerability in Kyber](https://github.com/open-quantum-safe/liboqs/releases/tag/0.9.2).
+Using any code prior to 0.10.1 is strongly discouraged due to a [known security vulnerability in Kyber](https://github.com/open-quantum-safe/liboqs/releases/tag/0.10.1).
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.10.0  | :white_check_mark: |
+| 0.11.0  | :white_check_mark: |
-| < 0.10  | :x:                |
+| < 0.11  | :x:                |
 
 ## Reporting a Vulnerability
 Please follow [this information to report a vulnerability](https://openquantumsafe.org/liboqs/security.html#reporting-security-bugs).

src/CMakeLists.txt

@@ -121,7 +121,7 @@ set_target_properties(oqs
     ARCHIVE_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/lib"
     LIBRARY_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/lib"
     VERSION ${OQS_VERSION_TEXT}
-    SOVERSION 5
+    SOVERSION 6
     # For Windows DLLs
     RUNTIME_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/bin")