From 29b5c0efc0104297866f6a4af7843717b74009b3 Mon Sep 17 00:00:00 2001
From: Douglas Stebila <dstebila@uwaterloo.ca>
Date: Tue, 26 Nov 2024 17:36:09 -0500
Subject: [PATCH] Update release notes for 0.12.0-rc1

Fixes #1990 and #2004.

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---
 RELEASE.md | 143 ++++++++++++++++++++++-------------------------------
 1 file changed, 60 insertions(+), 83 deletions(-)

diff --git a/RELEASE.md b/RELEASE.md
index e8a7273a7..a1408c677 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -1,5 +1,5 @@
-liboqs version 0.11.0
-=====================
+liboqs version 0.12.0-rc1
+=========================
 
 About
 -----
@@ -27,107 +27,84 @@ liboqs can also be used in the following programming languages via language-spec
 Release notes
 =============
 
-This is version 0.11.0 of liboqs. It was released on September 27, 2024.
+This is release candidate 1 for version 0.12.0 of liboqs. It was released on November 27, 2024.
 
-This release updates ML-KEM implementations to their [final FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) versions. This release still includes the NIST Round 3 version of Kyber for interoperability purposes, but we plan to remove Kyber Round 3 in a future release. Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2).
+This release updates the ML-DSA implementation to the [final FIPS 204](https://csrc.nist.gov/pubs/fips/204/final) version. This release still includes the NIST Round 3 veresion of Dilithium for interoperability purposes, but we plan to remove Dilithium Round 3 in a future release.
 
-LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in [CONFIGURE.md](https://github.com/open-quantum-safe/liboqs/blob/0.11.0/CONFIGURE.md#stateful-hash-based-signatures).
+Deprecation notice
+==================
+
+This will be the last release of liboqs to include Kyber (that is, the NIST Round 3 version of Kyber, prior to its standardization by NIST as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203).
+
+The addition of ML-DSA FIPS 204 final version to liboqs has introduced a new signature API which includes a context string parameter. We are considering removing the old version of the API without a context string to streamline the API going forward. Users who have an opinion on this are invited to provide input at https://github.com/open-quantum-safe/liboqs/issues/2001.
 
 What's New
 ----------
 
-This release continues from the 0.10.1 release of liboqs.
+This release continues from the 0.11.0 release of liboqs.
 
 ### Key encapsulation mechanisms
 
-- Kyber: Added formally-verified portable C and AVX2 implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2).
-- ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512, ML-KEM-768, and ML-KEM-1024 to FIP 203 version.
-- Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and Kyber-1024 to work with AddressSanitizer.
+- HQC: Fixed correctness bug in decapsulation. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.
+- Kyber: Removed Kyber.
+- ML-KEM: Improved testing of ML-KEM.
 
 ### Digital signature schemes
 
-- LMS/XMSS: Added implementations of stateful hash-based signature schemes: [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554).
-- MAYO: Added portable C and AVX2 implementations of MAYO signature scheme from NIST Additional Signatures Round 1.
-- CROSS: Added portable C and AVX2 implementations of CROSS signature scheme from NIST Additional Signatures Round 1.
+- LMS: Fixed crashing bug.
+- ML-DSA: Removed FIPS 204-ipd (initial public draft) and replaced it with FIPS 204 final version.
+- Added fuzzing tests for signature schemes.
+- Added benchmarking for stateful hash-based signature schemes.
 
 ### Other changes
 
-- Added callback API to use custom implementations of AES, SHA2, and SHA3.
-- Refactor SHA3 implementation to use OpenSSL's EVP_DigestSqueeze() API.
+- Updated CBOM format to version 1.6.
+- Added a function `OQS_thread_stop` to be called by multi-threaded applications to properly deallocate resources in a threaded execution.
+- Added preprocessor macros conveying liboqs version information.
 
 ---
 
 Detailed changelog
 ------------------
 
-* [NFCI] Move Keccak rhotates tables to rodata by @aaupov in https://github.com/open-quantum-safe/liboqs/pull/1739
-* Document Fix by @pi-314159 in https://github.com/open-quantum-safe/liboqs/pull/1735
-* Add option to dynamically load libcrypto.so.* by @ueno in https://github.com/open-quantum-safe/liboqs/pull/1603
-* Allow windows linking of test programs by @matlimatli in https://github.com/open-quantum-safe/liboqs/pull/1751
-* Refactor OpenSSL Implementation of SHA3 SHAKE to use new Squeeze API by @Eddy-M-K in https://github.com/open-quantum-safe/liboqs/pull/1694
-* remove "maximum" words for most length fields by @wangweij in https://github.com/open-quantum-safe/liboqs/pull/1747
-* add compile_commands.json to .gitignore by @carsonRadtke in https://github.com/open-quantum-safe/liboqs/pull/1754
-* Fix linking of test programs on msys by @d0p1s4m4 in https://github.com/open-quantum-safe/liboqs/pull/1758
-* restrict Windows platform support documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1762
-* Add workflow dispatch to action by @ryjones in https://github.com/open-quantum-safe/liboqs/pull/1778
-* Bump jinja2 from 3.1.3 to 3.1.4 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1782
-* Algorithm selection clarification by @beldmit in https://github.com/open-quantum-safe/liboqs/pull/1784
-* Use OPENSSL_cleanse if OpenSSL is used by @bencemali in https://github.com/open-quantum-safe/liboqs/pull/1773
-* Errors not printed out when OPENSSL_NO_STDIO is set by @bencemali in https://github.com/open-quantum-safe/liboqs/pull/1774
-* Add Stateful Signature (XMSS and LMS) by @ashman-p in https://github.com/open-quantum-safe/liboqs/pull/1650
-* Forward-declare OQS_SIG in sig_stfl.h by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1820
-* Move Linux ARM64 "build" test from CircleCI to GitHub Actions by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1814
-* Fix test_alg_info.py on Windows platform by @qnfm in https://github.com/open-quantum-safe/liboqs/pull/1821
-* Increment version string to 0.10.2-dev by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1813
-* Add XMSS-SHA256_{10, 16, 20}_192 parameters by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1817
-* Add XMSS-SHAKE256_{10, 16, 20}_192 parameters by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1818
-* Add XMSS-SHAKE256_{10, 16, 20}_256 parameters by @cothan in https://github.com/open-quantum-safe/liboqs/pull/1819
-* Create scorecard.yml (OpenSSF) by @planetf1 in https://github.com/open-quantum-safe/liboqs/pull/1708
-* Expose callback API for replacing low-level cryptographic primitives by @ueno in https://github.com/open-quantum-safe/liboqs/pull/1832
-* Add MAYO signature scheme from NIST onramp by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1707
-* Bump zipp from 3.4.0 to 3.19.1 in /scripts/copy_from_upstream in the pip group by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1836
-* Update and fix CI status badges by @anvega in https://github.com/open-quantum-safe/liboqs/pull/1844
-* Use `cmake -LA -N` instead of `cmake -LA` in CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1848
-* Fix passes.json entries for MAYO by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1852
-* ML-KEM NIST tests, fix order of d and z by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1854
-* Move from CircleCI to GitHub Actions by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1849
-* Add a convenience script for consistent astyle formatting by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1861
-* Quick fixes from Trail of Bits audit Week 1 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1869
-* Check return value of fscanf in LMS/XMSS KAT tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1874
-* Fix downstream CI trigger by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1857
-* Don't hardcode OPENSSL_ROOT_DIR to /usr on Linux by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1873
-* Fix overflow in stateful sigs tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1887
-* Integrate Kyber from libjade  by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1745
-* Use explicit_memset if available. NetBSD has support for it: by @loganaden in https://github.com/open-quantum-safe/liboqs/pull/1872
-* Disable erroring TravisCI build by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1901
-* Update OpenSSH downstream branch to OQS-v9 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1898
-* Fix incorrect formatting in unix.yml by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1902
-* CMakeLists: add ppc case to known archs by @barracuda156 in https://github.com/open-quantum-safe/liboqs/pull/1816
-* Remove old ad hoc CI for Apple M1 by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1907
-* Add ML-KEM / FIPS203 final by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1899
-* Update checkout action in weekly.yml by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1908
-* Add CROSS by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/1881
-* Refactor liboqs CI and update Ubuntu images by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1909
-* Check workflows for issues during CI by @jplomas in https://github.com/open-quantum-safe/liboqs/pull/1916
-* Patch Kyber to fix ASAN error on ARM64 by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1922
-* Change README links to be doxygen-friendly by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1927
+## What's Changed
+
+* 0.11.0 release by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1939
+* Bump version to 0.11.1-dev by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1940
+* Remove hardcoded build patch from test script by @iyanmv in https://github.com/open-quantum-safe/liboqs/pull/1938
+* Don't include dlfcn.h for Windows by @steenrasmussen in https://github.com/open-quantum-safe/liboqs/pull/1936
+* Update CBOM format to upstream v1.6 by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1834
+* Downgrade zephyr container to v0.26.14 to avoid build failures by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1949
+* Fix for Zephyr CI by @Frauschi in https://github.com/open-quantum-safe/liboqs/pull/1953
+* Add a basic fuzz testing harness for Dilithium2 by @nathaniel-brough in https://github.com/open-quantum-safe/liboqs/pull/1905
+* [#1823] replace malloc/calloc/strdup/free with openssl allocator by @songlingatpan in https://github.com/open-quantum-safe/liboqs/pull/1926
+* Add benchmarking for stateful hash based schemes: speed_sig_stfl by @cr-marcstevens in https://github.com/open-quantum-safe/liboqs/pull/1952
+* Update CODEOWNERS by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1943
+* Add new API to cleanup OpenSSL threads. by @ashman-p in https://github.com/open-quantum-safe/liboqs/pull/1959
+* Adapt existing sig fuzz harness including more algorithms by @nathaniel-brough in https://github.com/open-quantum-safe/liboqs/pull/1955
+* add C++ linking test by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/1971
+* Make random/functions deterministic during fuzzing by @nathaniel-brough in https://github.com/open-quantum-safe/liboqs/pull/1974
+* Remove SPHINCS+ aarch64 code by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1972
+* Remove macos-12 runner due to GitHub deprecation. by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1977
+* Revert "Disable erroring TravisCI build" by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1960
+* imported fix from CROSS upstream: endianness-aware csprng by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/1983
+* chore: Add CI badges to README.md by @ChinoUkaegbu in https://github.com/open-quantum-safe/liboqs/pull/1987
+* Update PLATFORMS.md / re-enable CROSS on s390x by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1988
+* Avoid OpenSSL functions are unconditionally called at OQS_destroy by @ueno in https://github.com/open-quantum-safe/liboqs/pull/1982
+* Test Improvements for ML-KEM by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/1947
+* Fix LMS crash by @ashman-p in https://github.com/open-quantum-safe/liboqs/pull/1998
+* Set ML-KEM alg_version to "FIPS203" by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1997
+* Add ML-DSA / FIPS 204 final by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1919
+* Add defines for OQS version components by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2000
 
 ## New Contributors
-* @aaupov made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1739
-* @pi-314159 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1735
-* @ueno made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1603
-* @matlimatli made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1751
-* @Eddy-M-K made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1694
-* @wangweij made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1747
-* @carsonRadtke made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1754
-* @d0p1s4m4 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1758
-* @ryjones made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1778
-* @bencemali made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1773
-* @qnfm made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1821
-* @anvega made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1844
-* @loganaden made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1872
-* @barracuda156 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1816
-* @rtjk made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1881
-* @jplomas made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1916
-
-**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.10.1...0.11.0
\ No newline at end of file
+
+* @steenrasmussen made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1936
+* @nathaniel-brough made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1905
+* @songlingatpan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1926
+* @cr-marcstevens made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1952
+* @aidenfoxivey made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1971
+* @ChinoUkaegbu made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1987
+* @abhinav-thales made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1947
+
+**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.11.0...0.12.0-rc1