From 8b0539654cd1a7c0f4702d9952907eea6faaa4e4 Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Sat, 14 Dec 2024 09:18:19 +0100 Subject: [PATCH] Update 0.8.0-rc1 release notes Signed-off-by: Pravek Sharma --- RELEASE.md | 44 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 35b2ac1b..3e891d65 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,4 +1,4 @@ -# oqs-provider 0.7.1-dev +# oqs-provider 0.8.0 release candidate 1 ## About @@ -14,7 +14,47 @@ Further details on building, testing and use can be found in [README.md](https:/ ## Release notes -This is version 0.7.1-dev of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.12.0 of `liboqs` as and when released. +This is version 0.8.0-rc1 of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.12.0 of `liboqs` as and when released. + +### Deprecation notice + +The associated liboqs v0.12.0 release will be the last liboqs release to include Kyber (that is, the NIST Round 3 version of Kyber, prior to its standardization by NIST as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203). + +The addition of ML-DSA FIPS 204 final version to liboqs v0.12.0 has introduced a new signature API which includes a context string parameter. The liboqs team is planning to remove the old version of the API without a context string in the next release to streamline the API and bring it in line with NIST specifications. Users who have an opinion on this removal are invited to provide input at [liboqs #2001](https://github.com/open-quantum-safe/liboqs/issues/2001). + +### Security considerations + +* CVE-2024-54137: The associated liboqs v0.12.0 release fixed a bug in HQC decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue. + +### What's New + +In addition to improving testing, CI, and fixing platform specific build issues this release of oqs-provider: + +* Updates IANA code points for ML-KEM. +* Adds support for ML-DSA (FIPS 204 final version) along with support for context strings (when built against an OpenSSL verision also supporting that feature). +* Updates the implementation of draft-ietf-lamps-pq-composite-sigs from version 01 to version 02. +* Adds a SBOM template in the CycloneDX 1.6 format. + +## What's Changed +* Switch to dev mode again by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/535 +* Add alexrow to CODEOWNERS by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/537 +* Correct 0.7.0 release notes by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/540 +* switch doc to release, add backlevel liboqs support by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/544 +* fix file location error in P12 test by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/546 +* update MLKEM code points by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/559 +* Composite sigs update by @feventura in https://github.com/open-quantum-safe/oqs-provider/pull/549 +* Remove macos-12 runner due to GitHub deprecation. by @SWilson4 in https://github.com/open-quantum-safe/oqs-provider/pull/563 +* update IANA code points for ML-KEM by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/577 +* Adding version-conditional context string support by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/583 +* Tracker for FIPS204 / ML-DSA by @bhess in https://github.com/open-quantum-safe/oqs-provider/pull/568 +* Add a SBOM template in CycloneDX format by @hughsie in https://github.com/open-quantum-safe/oqs-provider/pull/585 +* Changes needed when building with a static libcrypto on Linux by @ashman-p in https://github.com/open-quantum-safe/oqs-provider/pull/584 +* Add DTLS 1.3 support by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/586 + +## New Contributors +* @hughsie made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/585 + +**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.7.0...0.8.0-rc1 Previous Release Notes ======================