Subject: CVS commit: pkgsrc/security/liboqs
From: Jan Schaumann
Date: 2024-12-18 22:30:34
Message id: 20241218213034.7B73CFC1D@cvs.NetBSD.org
Log Message:
update to liboqs-0.12.0

Release notes:
https://github.com/open-quantum-safe/liboqs/releases/tag/0.12.0

This release updates the ML-DSA implementation to the
final FIPS 204 version. This release still includes
the NIST Round 3 version of Dilithium for
interoperability purposes, but we plan to remove
Dilithium Round 3 in a future release.

Deprecation  notice

This will be the last release of liboqs to include
Kyber (that is, the NIST Round 3 version of Kyber,
prior to its standardization by NIST as ML-KEM in FIPS
203). Applications should switch to ML-KEM (FIPS 203).

The addition of ML-DSA FIPS 204 final version to
liboqs has introduced a new signature API which
includes a context string parameter. We are planning
to remove the old version of the API without a context
string in the next release to streamline the API and
bring it in line with NIST specifications. Users who
have an opinion on this removal are invited to provide
input at #2001.

Security issues

CVE-2024-54137: Fixed bug in HQC decapsulation that
leads to incorrect shared secret value during
decapsulation when called with an invalid ciphertext.
Thank you to Célian Glénaz and Dahmun Goudarzi from
Quarkslab for identifying the issue.

What's New

This release continues from the 0.11.0 release of liboqs.

Key encapsulation mechanisms

HQC: Fixed bug in decapsulation that leads to
incorrect shared secret value during decapsulation
when called with an invalid ciphertext. Thank you to
Célian Glénaz and Dahmun Goudarzi from Quarkslab for
identifying the issue.

Kyber: This is the last release of liboqs to include Kyber.

ML-KEM: Improved testing of ML-KEM.

Digital signature schemes

LMS: Fixed crashing bug.

ML-DSA: Removed FIPS 204-ipd (initial public draft)
and replaced it with FIPS 204 final version.

Added new API for digital signatures with context
strings; see #2001 for plan to remove old API without
context string.

Added fuzzing tests for signature schemes.

Added benchmarking for stateful hash-based signature schemes.

Other changes

Updated CBOM format to version 1.6.

Added a function OQS_thread_stop to be called by
multi-threaded applications to properly deallocate
resources in a threaded execution.

Added preprocessor macros conveying liboqs version
information.
Files:
RevisionActionfile
1.4modifypkgsrc/security/liboqs/Makefile
1.3modifypkgsrc/security/liboqs/distinfo