liboqs 0.10.1 security release planning

[SWilson4]

liboqs 0.10.1 security release planning

On today's dev call, we discussed a 0.10.1 security release to address a recently patched constant-time issue in Kyber / ML-KEM. The issue of what, if any, other commits to include in this release was raised.

Commit summary

Below is a list of all commits to main since the 0.10.0 release. Note that this does not (yet) include the security fix.

git log 0.10.0..HEAD --pretty=format:'%h %s'

755c023 Fix for incorrect macros in signatures. (#1799)
7eecda6 Errors not printed when OPENSSL_NO_STDIO is set (#1774)
9c097d9 use OPENSSL_cleanse if OpenSSL is used (#1773)
a5ec23c Algorithm selection clarification (#1784)
4b8d10d Bump jinja2 from 3.1.3 to 3.1.4 in /scripts/copy_from_upstream (#1782)
b392919 Add workflow dispatch to action
a23046f Fix README.md to work with Doxygen release 1.10.0 (#1775)
9c8db18 Update README.md (#1769)
2bb1d25 restrict Windows platform support documentation [skip ci] (#1762)
edfed5f fix build shared lib on msys (#1758)
7b6d9f3 add compile_commands.json to .gitignore
6f0c461 remove "maximum" words for various length fields (#1747)
cfc41f7 Refactor OpenSSL Implementation of SHA3 SHAKE to use new Squeeze API (#1694)
701dea5 Allow windows linking of test programs (#1751)
32afec8 Add option to dynamically load libcrypto.so.* (#1603)
7a6df81 Document Fix (#1735)
5ac9bcf switching to dev mode again (#1743)
3dd478e [NFCI] Move Keccak rhotates tables to rodata

What to include?

I suggest that we include 755c023, as it fixes a bug that might have warranted a release anyhow. I suspect that we will also want to include 9c8db18 and a23046f so that CI passes on the release. Similar reasoning says that #1805 should be included (after it is merged).

Almost all of the remaining commits are non-urgent improvements to OpenSSL integration (7eecda6, 9c097d9, cfc41f7), documentation (a5ec23c, 2bb1d25, 6f0c461, 7a6df81), or infrastructure (4b8d10d, b392919, 7b6d9f3). The two exceptions are 3dd478e and 32afec8. The former is a minor improvement to our SHA3 code, while the latter makes low-level crypto primitives "pluggable" (see #1599). I would be inclined not to include any of these, as I feel that they are non-urgent and don't need to be included in a security release. Additionally, we are likely close to merging #1650 and #1707 (after #1805 fixes CI), which will warrant a 0.11.0 release including the above features.

In summary: I propose that we cherry-pick 9c8db18, a23046f, and 755c023 along with #1805 and the security patch.

[dstebila]

Thanks @SWilson4, that sounds like a reasonable plan. Would you be able to prepare a branch with those commits cherry-picked over?

[dstebila]

I mixed up the merge for #1805 and didn't do a squash merge, so there are several commits from #1805 that would have to be cherry-picked over. Sorry about that.

[SWilson4]

I've created a branch here: https://github.com/open-quantum-safe/liboqs/tree/0.10.1-rc1-branch. I've also drafted an rc1 release, which I believe should be visible to the OQS team here: https://github.com/open-quantum-safe/liboqs/releases.

[SWilson4]

CI passed on the branch, so I have tagged a release candidate and (auto-)created an associated discussion.

[baentsch]

Closing as release has been done.