Skip to content

Commit 21add4a

Browse files
bhessryjones
bhess
and
ryjones
authored
Fixes for Weekly Test Failures (#2285)
* Avoid extended tests in time-critical runs [extended tests] Signed-off-by: Basil Hess <[email protected]> * Avoid extended tests in time-critical runs [extended tests] Signed-off-by: Basil Hess <[email protected]> * Fix incorrect addrnd (n) bytes in SLH-DSA, leading to heap overflows, Shorten long CI runs by skipping some SLH-DSA variants [extended tests] Signed-off-by: Basil Hess <[email protected]> * Update SLH-DSA template to fix addrnd sizes [extended tests] Signed-off-by: Basil Hess <[email protected]> * Fix long runtimes in emulated arm [extended tests] Signed-off-by: Basil Hess <[email protected]> * Adapt timeouts [extended tests] Signed-off-by: Basil Hess <[email protected]> * Change constant-time tests from auto to haswell optimization, to avoid valgrind incompatibility with AVX512 [full tests] [extended tests] Signed-off-by: Basil Hess <[email protected]> * chore: move CI to large runner for Zephyr [full tests] [extended tests] Signed-off-by: Ry Jones <[email protected]> Update actionlint.yaml with allowed runners [full tests] Signed-off-by: Basil Hess <[email protected]> * Remove macos-13 CI runs because of deprecation [full tests] [extended tests] Signed-off-by: Basil Hess <[email protected]> --------- Signed-off-by: Basil Hess <[email protected]> Co-authored-by: Ry Jones <[email protected]>
1 parent 796aa12 commit 21add4a

File tree

113 files changed

+670
-479
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

113 files changed

+670
-479
lines changed

.github/actionlint.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,6 @@ config-variables:
55
# - DEFAULT_RUNNER
66
# - JOB_NAME
77
# - ENVIRONMENT_STAGE
8+
self-hosted-runner:
9+
labels:
10+
- oqs-x64

.github/workflows/extended.yml

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,12 +17,12 @@ jobs:
1717
container: openquantumsafe/ci-ubuntu-latest:latest
1818
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
1919
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
20-
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*'
20+
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*,SLH_DSA_(SHA2|SHA3|SHAKE_128)(.)*'
2121
- name: extensions
2222
container: openquantumsafe/ci-ubuntu-latest:latest
23-
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
23+
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=haswell -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
2424
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
25-
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*'
25+
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*,SLH_DSA_(SHA2|SHA3|SHAKE_128)(.)*'
2626
container:
2727
image: ${{ matrix.container }}
2828
steps:
@@ -99,19 +99,21 @@ jobs:
9999

100100
linux_arm_emulated:
101101
runs-on: ubuntu-latest
102-
timeout-minutes: 85 # max + 3*std over the last thousands of successful runs
102+
timeout-minutes: 120 # max + 3*std over the last thousands of successful runs
103103
strategy:
104104
fail-fast: false
105105
matrix:
106106
include:
107107
- name: armhf
108108
ARCH: armhf
109109
CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
110-
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
110+
PYTEST_ARGS: --numprocesses=auto --maxprocesses=10 --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
111+
SKIP_ALGS: 'SLH_DSA_(SHA2|SHA3|SHAKE)(.)*'
111112
- name: armhf-no-stfl-key-sig-gen
112113
ARCH: armhf
113114
CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
114-
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
115+
PYTEST_ARGS: --numprocesses=auto --maxprocesses=10 --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
116+
SKIP_ALGS: 'SLH_DSA_(SHA2|SHA3|SHAKE)(.)*'
115117
steps:
116118
- name: Checkout code
117119
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
@@ -130,13 +132,13 @@ jobs:
130132
cmake -LA -N .. && \
131133
ninja)"
132134
- name: Run the tests in an ${{ matrix.ARCH }} container
133-
timeout-minutes: 60
134135
run: |
135136
docker run --rm -e SKIP_TESTS=style,mem_kem,mem_sig \
136137
-v `pwd`:`pwd` \
137138
-w `pwd` \
138139
openquantumsafe/ci-debian-buster-${{ matrix.ARCH }}:latest /bin/bash \
139140
-c "mkdir -p tmp && \
141+
SKIP_ALGS='${{ matrix.SKIP_ALGS }}' \
140142
python3 -m pytest --verbose \
141143
--numprocesses=auto \
142144
--ignore=tests/test_code_conventions.py ${{ matrix.PYTEST_ARGS }}"

.github/workflows/macos.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,6 @@ jobs:
1212
fail-fast: false
1313
matrix:
1414
os:
15-
# macos-13 runs on x64; the others run on aarch64
16-
- macos-13
1715
- macos-14
1816
- macos-15
1917
CMAKE_ARGS:

.github/workflows/zephyr.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ on: [workflow_call, workflow_dispatch]
88
jobs:
99

1010
zephyr_test:
11-
runs-on: ubuntu-22.04
11+
runs-on: oqs-x64
1212
container: ghcr.io/zephyrproject-rtos/ci:v0.27.4
1313
env:
1414
CMAKE_PREFIX_PATH: /opt/toolchains

src/sig/slh_dsa/templates/slh_dsa_src_template.jinja

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -56,8 +56,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_pure_{{hashAlg}}_{{paramSet}}_sign(uint8_t *s
5656
const slh_param_t *prm = &slh_dsa_{{hashAlg}}_{{paramSet}};
5757
const uint8_t *ctx = NULL;
5858
const size_t ctxlen = 0;
59-
uint8_t addrnd[32];
60-
OQS_randombytes(addrnd, 32);
59+
uint8_t addrnd[{{pkSize // 2}}];
60+
OQS_randombytes(addrnd, {{pkSize // 2}});
6161

6262
*signature_len = slh_sign(signature, message, message_len, ctx, ctxlen,
6363
secret_key, addrnd, prm);
@@ -90,8 +90,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_pure_{{hashAlg}}_{{paramSet}}_sign_with_ctx_s
9090
size_t ctx_str_len, const uint8_t *secret_key) {
9191

9292
const slh_param_t *prm = &slh_dsa_{{hashAlg}}_{{paramSet}};
93-
uint8_t addrnd[32];
94-
OQS_randombytes(addrnd, 32);
93+
uint8_t addrnd[{{pkSize // 2}}];
94+
OQS_randombytes(addrnd, {{pkSize // 2}});
9595

9696
*signature_len = slh_sign(signature, message, message_len, ctx_str, ctx_str_len,
9797
secret_key, addrnd, prm);
@@ -165,8 +165,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_{{prehashHashAlg}}_prehash_{{hashAlg}}_{{para
165165
const char *ph = "{{ prehashString|replace('_', '-')|upper }}";
166166
const uint8_t *ctx_str = NULL;
167167
const size_t ctx_str_len = 0;
168-
uint8_t addrnd[32];
169-
OQS_randombytes(addrnd, 32);
168+
uint8_t addrnd[{{pkSize // 2}}];
169+
OQS_randombytes(addrnd, {{pkSize // 2}});
170170

171171
*signature_len = hash_slh_sign(signature, message, message_len, ctx_str,
172172
ctx_str_len, ph, secret_key, addrnd, prm);
@@ -200,8 +200,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_{{prehashHashAlg}}_prehash_{{hashAlg}}_{{para
200200

201201
const slh_param_t *prm = &slh_dsa_{{hashAlg}}_{{paramSet}};
202202
const char *ph = "{{ prehashString|replace('_', '-')|upper }}";
203-
uint8_t addrnd[32];
204-
OQS_randombytes(addrnd, 32);
203+
uint8_t addrnd[{{pkSize // 2}}];
204+
OQS_randombytes(addrnd, {{pkSize // 2}});
205205

206206
*signature_len = hash_slh_sign(signature, message, message_len, ctx_str,
207207
ctx_str_len, ph, secret_key, addrnd, prm);

src/sig/slh_dsa/wrappers/prehash_sha2_224/slh_dsa_sha2_224_prehash_sha2_128f.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -57,8 +57,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_sha2_224_prehash_sha2_128f_sign(uint8_t *sign
5757
const char *ph = "SHA2-224";
5858
const uint8_t *ctx_str = NULL;
5959
const size_t ctx_str_len = 0;
60-
uint8_t addrnd[32];
61-
OQS_randombytes(addrnd, 32);
60+
uint8_t addrnd[16];
61+
OQS_randombytes(addrnd, 16);
6262

6363
*signature_len = hash_slh_sign(signature, message, message_len, ctx_str,
6464
ctx_str_len, ph, secret_key, addrnd, prm);
@@ -92,8 +92,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_sha2_224_prehash_sha2_128f_sign_with_ctx_str(
9292

9393
const slh_param_t *prm = &slh_dsa_sha2_128f;
9494
const char *ph = "SHA2-224";
95-
uint8_t addrnd[32];
96-
OQS_randombytes(addrnd, 32);
95+
uint8_t addrnd[16];
96+
OQS_randombytes(addrnd, 16);
9797

9898
*signature_len = hash_slh_sign(signature, message, message_len, ctx_str,
9999
ctx_str_len, ph, secret_key, addrnd, prm);

src/sig/slh_dsa/wrappers/prehash_sha2_224/slh_dsa_sha2_224_prehash_sha2_128s.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -57,8 +57,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_sha2_224_prehash_sha2_128s_sign(uint8_t *sign
5757
const char *ph = "SHA2-224";
5858
const uint8_t *ctx_str = NULL;
5959
const size_t ctx_str_len = 0;
60-
uint8_t addrnd[32];
61-
OQS_randombytes(addrnd, 32);
60+
uint8_t addrnd[16];
61+
OQS_randombytes(addrnd, 16);
6262

6363
*signature_len = hash_slh_sign(signature, message, message_len, ctx_str,
6464
ctx_str_len, ph, secret_key, addrnd, prm);
@@ -92,8 +92,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_sha2_224_prehash_sha2_128s_sign_with_ctx_str(
9292

9393
const slh_param_t *prm = &slh_dsa_sha2_128s;
9494
const char *ph = "SHA2-224";
95-
uint8_t addrnd[32];
96-
OQS_randombytes(addrnd, 32);
95+
uint8_t addrnd[16];
96+
OQS_randombytes(addrnd, 16);
9797

9898
*signature_len = hash_slh_sign(signature, message, message_len, ctx_str,
9999
ctx_str_len, ph, secret_key, addrnd, prm);

src/sig/slh_dsa/wrappers/prehash_sha2_224/slh_dsa_sha2_224_prehash_sha2_192f.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -57,8 +57,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_sha2_224_prehash_sha2_192f_sign(uint8_t *sign
5757
const char *ph = "SHA2-224";
5858
const uint8_t *ctx_str = NULL;
5959
const size_t ctx_str_len = 0;
60-
uint8_t addrnd[32];
61-
OQS_randombytes(addrnd, 32);
60+
uint8_t addrnd[24];
61+
OQS_randombytes(addrnd, 24);
6262

6363
*signature_len = hash_slh_sign(signature, message, message_len, ctx_str,
6464
ctx_str_len, ph, secret_key, addrnd, prm);
@@ -92,8 +92,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_sha2_224_prehash_sha2_192f_sign_with_ctx_str(
9292

9393
const slh_param_t *prm = &slh_dsa_sha2_192f;
9494
const char *ph = "SHA2-224";
95-
uint8_t addrnd[32];
96-
OQS_randombytes(addrnd, 32);
95+
uint8_t addrnd[24];
96+
OQS_randombytes(addrnd, 24);
9797

9898
*signature_len = hash_slh_sign(signature, message, message_len, ctx_str,
9999
ctx_str_len, ph, secret_key, addrnd, prm);

src/sig/slh_dsa/wrappers/prehash_sha2_224/slh_dsa_sha2_224_prehash_sha2_192s.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -57,8 +57,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_sha2_224_prehash_sha2_192s_sign(uint8_t *sign
5757
const char *ph = "SHA2-224";
5858
const uint8_t *ctx_str = NULL;
5959
const size_t ctx_str_len = 0;
60-
uint8_t addrnd[32];
61-
OQS_randombytes(addrnd, 32);
60+
uint8_t addrnd[24];
61+
OQS_randombytes(addrnd, 24);
6262

6363
*signature_len = hash_slh_sign(signature, message, message_len, ctx_str,
6464
ctx_str_len, ph, secret_key, addrnd, prm);
@@ -92,8 +92,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_sha2_224_prehash_sha2_192s_sign_with_ctx_str(
9292

9393
const slh_param_t *prm = &slh_dsa_sha2_192s;
9494
const char *ph = "SHA2-224";
95-
uint8_t addrnd[32];
96-
OQS_randombytes(addrnd, 32);
95+
uint8_t addrnd[24];
96+
OQS_randombytes(addrnd, 24);
9797

9898
*signature_len = hash_slh_sign(signature, message, message_len, ctx_str,
9999
ctx_str_len, ph, secret_key, addrnd, prm);

src/sig/slh_dsa/wrappers/prehash_sha2_224/slh_dsa_sha2_224_prehash_shake_128f.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -57,8 +57,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_sha2_224_prehash_shake_128f_sign(uint8_t *sig
5757
const char *ph = "SHA2-224";
5858
const uint8_t *ctx_str = NULL;
5959
const size_t ctx_str_len = 0;
60-
uint8_t addrnd[32];
61-
OQS_randombytes(addrnd, 32);
60+
uint8_t addrnd[16];
61+
OQS_randombytes(addrnd, 16);
6262

6363
*signature_len = hash_slh_sign(signature, message, message_len, ctx_str,
6464
ctx_str_len, ph, secret_key, addrnd, prm);
@@ -92,8 +92,8 @@ OQS_API OQS_STATUS OQS_SIG_slh_dsa_sha2_224_prehash_shake_128f_sign_with_ctx_str
9292

9393
const slh_param_t *prm = &slh_dsa_shake_128f;
9494
const char *ph = "SHA2-224";
95-
uint8_t addrnd[32];
96-
OQS_randombytes(addrnd, 32);
95+
uint8_t addrnd[16];
96+
OQS_randombytes(addrnd, 16);
9797

9898
*signature_len = hash_slh_sign(signature, message, message_len, ctx_str,
9999
ctx_str_len, ph, secret_key, addrnd, prm);

0 commit comments

Comments
 (0)