liboqs 0.11.0

[BrewTestBot]

Created by brew bump

---

Created with brew bump-formula-pr.

release notes

liboqs version 0.11.0
=====================
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography.  More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms.  Details about liboqs can be found in README.md.  See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:

oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.
liboqs can also be used in the following programming languages via language-specific wrappers:

C++, via https://github.com/open-quantum-safe/liboqs-cpp
Go, via https://github.com/open-quantum-safe/liboqs-go
Java, via https://github.com/open-quantum-safe/liboqs-java
Python 3, via https://github.com/open-quantum-safe/liboqs-python
Rust, via https://github.com/open-quantum-safe/liboqs-rust

Release notes
This is version 0.11.0 of liboqs. It was released on September 26, 2024.
This release updates ML-KEM implementations to their final FIPS 203 versions. This release still includes the NIST Round 3 version of Kyber for interoperability purposes, but we plan to remove Kyber Round 3 in a future release. Additionally, this release adds support for MAYO and CROSS digital signature schemes from NIST Additional Signatures Round 1 along with stateful hash-based signature schemes XMSS and LMS. Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from libjade.
LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in CONFIGURE.md.
What's New
This release continues from the 0.10.1 release of liboqs.
Key encapsulation mechanisms

Kyber: Added formally-verified portable C and AVX2 implementations of Kyber-512 and Kyber-768 from libjade.
ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512, ML-KEM-768, and ML-KEM-1024 to FIP 203 version.
Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and Kyber-1024 to work with AddressSanitizer.

Digital signature schemes

LMS/XMSS: Added implementations of stateful hash-based signature schemes: XMSS and LMS.
MAYO: Added portable C and AVX2 implementations of MAYO signature scheme from NIST Additional Signatures Round 1.
CROSS: Added portable C and AVX2 implementations of CROSS signature scheme from NIST Additional Signatures Round 1.

Other changes

Added callback API to use custom implementations of AES, SHA2, and SHA3.
Refactor SHA3 implementation to use OpenSSL's EVP_DigestSqueeze() API.


Detailed changelog

[NFCI] Move Keccak rhotates tables to rodata by @aaupov in [NFCI] Move Keccak rhotates tables to rodata open-quantum-safe/liboqs#1739
Document Fix by @pi-314159 in Document Fix open-quantum-safe/liboqs#1735
Add option to dynamically load libcrypto.so.* by @ueno in Add option to dynamically load libcrypto.so.* open-quantum-safe/liboqs#1603
Allow windows linking of test programs by @matlimatli in Allow windows linking of test programs open-quantum-safe/liboqs#1751
Refactor OpenSSL Implementation of SHA3 SHAKE to use new Squeeze API by @Eddy-M-K in Refactor OpenSSL Implementation of SHA3 SHAKE to use new Squeeze API open-quantum-safe/liboqs#1694
remove "maximum" words for most length fields by @wangweij in remove "maximum" words for most length fields open-quantum-safe/liboqs#1747
add compile_commands.json to .gitignore by @carsonRadtke in add compile_commands.json to .gitignore open-quantum-safe/liboqs#1754
Fix linking of test programs on msys by @d0p1s4m4 in Fix linking of test programs on msys open-quantum-safe/liboqs#1758
restrict Windows platform support documentation [skip ci] by @baentsch in restrict Windows platform support documentation [skip ci] open-quantum-safe/liboqs#1762
Add workflow dispatch to action by @ryjones in Add workflow dispatch to action open-quantum-safe/liboqs#1778
Bump jinja2 from 3.1.3 to 3.1.4 in /scripts/copy_from_upstream by @dependabot in Bump jinja2 from 3.1.3 to 3.1.4 in /scripts/copy_from_upstream open-quantum-safe/liboqs#1782
Algorithm selection clarification by @beldmit in Algorithm selection clarification open-quantum-safe/liboqs#1784
Use OPENSSL_cleanse if OpenSSL is used by @bencemali in Use OPENSSL_cleanse if OpenSSL is used open-quantum-safe/liboqs#1773
Errors not printed out when OPENSSL_NO_STDIO is set by @bencemali in Errors not printed out when OPENSSL_NO_STDIO is set open-quantum-safe/liboqs#1774
Add Stateful Signature (XMSS and LMS) by @ashman-p in Add Stateful Signature (XMSS and LMS) open-quantum-safe/liboqs#1650
Forward-declare OQS_SIG in sig_stfl.h by @SWilson4 in Forward-declare OQS_SIG in sig_stfl.h open-quantum-safe/liboqs#1820
Move Linux ARM64 "build" test from CircleCI to GitHub Actions by @SWilson4 in Move Linux ARM64 "build" test from CircleCI to GitHub Actions open-quantum-safe/liboqs#1814
Fix test_alg_info.py on Windows platform by @qnfm in Fix test_alg_info.py on Windows platform open-quantum-safe/liboqs#1821
Increment version string to 0.10.2-dev by @SWilson4 in Increment version string to 0.10.2-dev open-quantum-safe/liboqs#1813
Add XMSS-SHA256_{10, 16, 20}_192 parameters by @cothan in Add XMSS-SHA256_{10, 16, 20}_192 parameters open-quantum-safe/liboqs#1817
Add XMSS-SHAKE256_{10, 16, 20}_192 parameters by @cothan in  Add XMSS-SHAKE256_{10, 16, 20}_192 parameters open-quantum-safe/liboqs#1818
Add XMSS-SHAKE256_{10, 16, 20}_256 parameters by @cothan in Add XMSS-SHAKE256_{10, 16, 20}_256 parameters open-quantum-safe/liboqs#1819
Create scorecard.yml (OpenSSF) by @planetf1 in Create scorecard.yml (OpenSSF) open-quantum-safe/liboqs#1708
Expose callback API for replacing low-level cryptographic primitives by @ueno in Expose callback API for replacing low-level cryptographic primitives open-quantum-safe/liboqs#1832
Add MAYO signature scheme from NIST onramp by @bhess in Add MAYO signature scheme from NIST onramp open-quantum-safe/liboqs#1707
Bump zipp from 3.4.0 to 3.19.1 in /scripts/copy_from_upstream in the pip group by @dependabot in Bump zipp from 3.4.0 to 3.19.1 in /scripts/copy_from_upstream in the pip group open-quantum-safe/liboqs#1836
Update and fix CI status badges by @anvega in Update and fix CI status badges open-quantum-safe/liboqs#1844
Use cmake -LA -N instead of cmake -LA in CI by @SWilson4 in Use cmake -LA -N instead of cmake -LA in CI open-quantum-safe/liboqs#1848
Fix passes.json entries for MAYO by @bhess in Fix passes.json entries for MAYO open-quantum-safe/liboqs#1852
ML-KEM NIST tests, fix order of d and z by @bhess in ML-KEM NIST tests, fix order of d and z open-quantum-safe/liboqs#1854
Move from CircleCI to GitHub Actions by @SWilson4 in Move from CircleCI to GitHub Actions open-quantum-safe/liboqs#1849
Add a convenience script for consistent astyle formatting by @SWilson4 in Add a convenience script for consistent astyle formatting open-quantum-safe/liboqs#1861
Quick fixes from Trail of Bits audit Week 1 by @SWilson4 in Quick fixes from Trail of Bits audit Week 1 open-quantum-safe/liboqs#1869
Check return value of fscanf in LMS/XMSS KAT tests by @SWilson4 in Check return value of fscanf in LMS/XMSS KAT tests open-quantum-safe/liboqs#1874
Fix downstream CI trigger by @SWilson4 in Fix downstream CI trigger open-quantum-safe/liboqs#1857
Don't hardcode OPENSSL_ROOT_DIR to /usr on Linux by @SWilson4 in Don't hardcode OPENSSL_ROOT_DIR to /usr on Linux open-quantum-safe/liboqs#1873
Fix overflow in stateful sigs tests by @SWilson4 in Fix overflow in stateful sigs tests open-quantum-safe/liboqs#1887
Integrate Kyber from libjade  by @praveksharma in Integrate Kyber from libjade  open-quantum-safe/liboqs#1745
Use explicit_memset if available. NetBSD has support for it: by @loganaden in Use explicit_memset if available. NetBSD has support for it: open-quantum-safe/liboqs#1872
Disable erroring TravisCI build by @bhess in Disable erroring TravisCI build open-quantum-safe/liboqs#1901
Update OpenSSH downstream branch to OQS-v9 by @SWilson4 in Update OpenSSH downstream branch to OQS-v9 open-quantum-safe/liboqs#1898
Fix incorrect formatting in unix.yml by @praveksharma in Fix incorrect formatting in unix.yml open-quantum-safe/liboqs#1902
CMakeLists: add ppc case to known archs by @barracuda156 in CMakeLists: add ppc case to known archs open-quantum-safe/liboqs#1816
Remove old ad hoc CI for Apple M1 by @dstebila in Remove old ad hoc CI for Apple M1 open-quantum-safe/liboqs#1907
Add ML-KEM / FIPS203 final by @bhess in Add ML-KEM / FIPS203 final open-quantum-safe/liboqs#1899
Update checkout action in weekly.yml by @praveksharma in Update checkout action in weekly.yml open-quantum-safe/liboqs#1908
Add CROSS by @rtjk in Add CROSS open-quantum-safe/liboqs#1881
Refactor liboqs CI and update Ubuntu images by @SWilson4 in Refactor liboqs CI and update Ubuntu images open-quantum-safe/liboqs#1909
Check workflows for issues during CI by @jplomas in Check workflows for issues during CI open-quantum-safe/liboqs#1916
Patch Kyber to fix ASAN error on ARM64 by @praveksharma in Patch Kyber to fix ASAN error on ARM64 open-quantum-safe/liboqs#1922
Change README links to be doxygen-friendly by @dstebila in Change README links to be doxygen-friendly open-quantum-safe/liboqs#1927

New Contributors

@aaupov made their first contribution in [NFCI] Move Keccak rhotates tables to rodata open-quantum-safe/liboqs#1739
@pi-314159 made their first contribution in Document Fix open-quantum-safe/liboqs#1735
@ueno made their first contribution in Add option to dynamically load libcrypto.so.* open-quantum-safe/liboqs#1603
@matlimatli made their first contribution in Allow windows linking of test programs open-quantum-safe/liboqs#1751
@Eddy-M-K made their first contribution in Refactor OpenSSL Implementation of SHA3 SHAKE to use new Squeeze API open-quantum-safe/liboqs#1694
@wangweij made their first contribution in remove "maximum" words for most length fields open-quantum-safe/liboqs#1747
@carsonRadtke made their first contribution in add compile_commands.json to .gitignore open-quantum-safe/liboqs#1754
@d0p1s4m4 made their first contribution in Fix linking of test programs on msys open-quantum-safe/liboqs#1758
@ryjones made their first contribution in Add workflow dispatch to action open-quantum-safe/liboqs#1778
@bencemali made their first contribution in Use OPENSSL_cleanse if OpenSSL is used open-quantum-safe/liboqs#1773
@qnfm made their first contribution in Fix test_alg_info.py on Windows platform open-quantum-safe/liboqs#1821
@anvega made their first contribution in Update and fix CI status badges open-quantum-safe/liboqs#1844
@loganaden made their first contribution in Use explicit_memset if available. NetBSD has support for it: open-quantum-safe/liboqs#1872
@barracuda156 made their first contribution in CMakeLists: add ppc case to known archs open-quantum-safe/liboqs#1816
@rtjk made their first contribution in Add CROSS open-quantum-safe/liboqs#1881
@jplomas made their first contribution in Check workflows for issues during CI open-quantum-safe/liboqs#1916

Full Changelog: open-quantum-safe/liboqs@0.10.1...0.11.0

[github-actions]

🤖 An automated task has requested bottles to be published to this PR.