Skip to content

Commit e43869d

Browse files
sgmendasgmenda
committed
Merge remote-tracking branch 'upstream/main' into mldsa-invalid-coefficient-validation
2 parents cebf595 + 606e8dd commit e43869d

File tree

155 files changed

+7040
-1753
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

155 files changed

+7040
-1753
lines changed

.github/actions/cbmc/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,5 +54,5 @@ runs:
5454
shell: ${{ env.SHELL }}
5555
run: |
5656
echo "::group::cbmc_${{ inputs.mldsa_parameter_set }}"
57-
tests cbmc --mldsa_parameter_set ${{ inputs.mldsa_parameter_set }} --per-proof-timeout 1800;
57+
tests cbmc --mldsa-parameter-set ${{ inputs.mldsa_parameter_set }} --per-proof-timeout 1800;
5858
echo "::endgroup::"

.github/actions/config-variations/action.yml

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ inputs:
88
description: 'GitHub token'
99
required: true
1010
tests:
11-
description: 'List of tests to run (space-separated IDs) or "all" for all tests. Available IDs: pct-enabled, pct-enabled-broken, custom-zeroize, native-cap-ON, native-cap-OFF, native-cap-ID_AA64PFR1_EL1, native-cap-CPUID_AVX2, no-asm, serial-fips202, custom-randombytes, custom-memcpy, custom-memset, custom-stdlib'
11+
description: 'List of tests to run (space-separated IDs) or "all" for all tests. Available IDs: pct-enabled, pct-enabled-broken, custom-alloc-heap, custom-zeroize, native-cap-ON, native-cap-OFF, native-cap-ID_AA64PFR1_EL1, native-cap-CPUID_AVX2, no-asm, serial-fips202, custom-randombytes, custom-memcpy, custom-memset, custom-stdlib'
1212
required: false
1313
default: 'all'
1414
opt:
@@ -47,6 +47,21 @@ runs:
4747
else
4848
echo "PCT failed as expected"
4949
fi
50+
- name: "Custom allocation (heap based)"
51+
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-alloc-heap') }}
52+
uses: ./.github/actions/multi-functest
53+
with:
54+
gh_token: ${{ inputs.gh_token }}
55+
compile_mode: native
56+
cflags: "-std=c11 -D_GNU_SOURCE -Itest -DMLD_CONFIG_FILE=\\\\\\\"custom_heap_alloc_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
57+
ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
58+
func: true
59+
kat: true
60+
acvp: true
61+
opt: ${{ inputs.opt }}
62+
extra_env: 'ASAN_OPTIONS=detect_leaks=1'
63+
examples: false # Some examples use a custom config themselves
64+
alloc: false # Requires custom config
5065
- name: "Custom zeroization (explicit_bzero)"
5166
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-zeroize') }}
5267
uses: ./.github/actions/multi-functest
@@ -60,6 +75,7 @@ runs:
6075
acvp: true
6176
opt: ${{ inputs.opt }}
6277
examples: false # Some examples use a custom config themselves
78+
alloc: false # Requires custom config
6379
- name: "Custom native capability functions (static ON)"
6480
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'native-cap-ON') }}
6581
uses: ./.github/actions/multi-functest
@@ -73,6 +89,7 @@ runs:
7389
acvp: true
7490
opt: ${{ inputs.opt }}
7591
examples: false # Some examples use a custom config themselves
92+
alloc: false # Requires custom config
7693
- name: "Custom native capability functions (static OFF)"
7794
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'native-cap-OFF') }}
7895
uses: ./.github/actions/multi-functest
@@ -86,6 +103,7 @@ runs:
86103
acvp: true
87104
opt: ${{ inputs.opt }}
88105
examples: false # Some examples use a custom config themselves
106+
alloc: false # Requires custom config
89107
- name: "Custom native capability functions (ID_AA64PFR1_EL1 detection)"
90108
if: ${{ (inputs.tests == 'all' || contains(inputs.tests, 'native-cap-ID_AA64PFR1_EL1')) && runner.os == 'Linux' && runner.arch == 'ARM64' }}
91109
uses: ./.github/actions/multi-functest
@@ -99,6 +117,7 @@ runs:
99117
acvp: true
100118
opt: ${{ inputs.opt }}
101119
examples: false # Some examples use a custom config themselves
120+
alloc: false # Requires custom config
102121
- name: "Custom native capability functions (CPUID AVX2 detection)"
103122
if: ${{ (inputs.tests == 'all' || contains(inputs.tests, 'native-cap-CPUID_AVX2')) && runner.os == 'Linux' && runner.arch == 'X64' }}
104123
uses: ./.github/actions/multi-functest
@@ -112,6 +131,7 @@ runs:
112131
acvp: true
113132
opt: ${{ inputs.opt }}
114133
examples: false # Some examples use a custom config themselves
134+
alloc: false # Requires custom config
115135
- name: "No ASM"
116136
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'no-asm') }}
117137
uses: ./.github/actions/multi-functest
@@ -125,6 +145,7 @@ runs:
125145
acvp: true
126146
opt: ${{ inputs.opt }}
127147
examples: false # Some examples use a custom config themselves
148+
alloc: false # Requires custom config
128149
- name: "Serial FIPS202 (no batched Keccak)"
129150
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'serial-fips202') }}
130151
uses: ./.github/actions/multi-functest
@@ -138,6 +159,7 @@ runs:
138159
acvp: true
139160
opt: ${{ inputs.opt }}
140161
examples: false # Some examples use a custom config themselves
162+
alloc: false # Requires custom config
141163
- name: "Custom randombytes"
142164
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-randombytes') }}
143165
uses: ./.github/actions/multi-functest
@@ -151,6 +173,7 @@ runs:
151173
acvp: true
152174
opt: ${{ inputs.opt }}
153175
examples: false # Some examples use a custom config themselves
176+
alloc: false # Requires custom config
154177
- name: "Custom memcpy"
155178
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-memcpy') }}
156179
uses: ./.github/actions/multi-functest
@@ -164,6 +187,7 @@ runs:
164187
acvp: true
165188
opt: ${{ inputs.opt }}
166189
examples: false # Some examples use a custom config themselves
190+
alloc: false # Requires custom config
167191
- name: "Custom memset"
168192
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-memset') }}
169193
uses: ./.github/actions/multi-functest
@@ -177,6 +201,7 @@ runs:
177201
acvp: true
178202
opt: ${{ inputs.opt }}
179203
examples: false # Some examples use a custom config themselves
204+
alloc: false # Requires custom config
180205
- name: "Custom stdlib (memcpy + memset)"
181206
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-stdlib') }}
182207
uses: ./.github/actions/multi-functest
@@ -190,3 +215,4 @@ runs:
190215
acvp: true
191216
opt: ${{ inputs.opt }}
192217
examples: false # Some examples use a custom config themselves
218+
alloc: false # Requires custom config

.github/actions/functest/action.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,9 @@ inputs:
5757
stack:
5858
description: Determine whether to run stack analysis or not
5959
default: "false"
60+
alloc:
61+
description: Determine whether to run alloc tests or not
62+
default: "true"
6063
extra_args:
6164
description: Additional arguments to pass to the tests script
6265
default: ""
@@ -77,6 +80,7 @@ runs:
7780
echo ACVP="${{ inputs.acvp == 'true' && 'acvp' || 'no-acvp' }}" >> $GITHUB_ENV
7881
echo EXAMPLES="${{ inputs.examples == 'true' && 'examples' || 'no-examples' }}" >> $GITHUB_ENV
7982
echo STACK="${{ inputs.stack == 'true' && 'stack' || 'no-stack' }}" >> $GITHUB_ENV
83+
echo ALLOC="${{ inputs.alloc == 'true' && 'alloc' || 'no-alloc' }}" >> $GITHUB_ENV
8084
- name: Setup nix
8185
uses: ./.github/actions/setup-shell
8286
with:
@@ -107,11 +111,11 @@ runs:
107111
- $(python3 --version)
108112
- $(${{ inputs.cross_prefix }}${CC} --version | grep -m1 "")
109113
EOF
110-
- name: ${{ env.MODE }} ${{ inputs.opt }} tests (${{ env.FUNC }}, ${{ env.KAT }}, ${{ env.EXAMPLES }}, ${{ env.STACK }}, ${{ env.UNIT }})
114+
- name: ${{ env.MODE }} ${{ inputs.opt }} tests (${{ env.FUNC }}, ${{ env.KAT }}, ${{ env.EXAMPLES }}, ${{ env.STACK }}, ${{ env.UNIT }}, ${{ env.ALLOC }})
111115
shell: ${{ env.SHELL }}
112116
run: |
113117
make clean
114-
${{ inputs.extra_env }} ./scripts/tests all ${{ inputs.check_namespace == 'true' && '--check-namespace' || ''}} --exec-wrapper="${{ inputs.exec_wrapper }}" --cross-prefix="${{ inputs.cross_prefix }}" --cflags="${{ inputs.cflags }}" --ldflags="${{ inputs.ldflags }}" --opt=${{ inputs.opt }} --${{ env.FUNC }} --${{ env.KAT }} --${{ env.ACVP }} --${{ env.EXAMPLES }} --${{ env.STACK }} --${{ env.UNIT }} -v ${{ inputs.extra_args }}
118+
${{ inputs.extra_env }} ./scripts/tests all ${{ inputs.check_namespace == 'true' && '--check-namespace' || ''}} --exec-wrapper="${{ inputs.exec_wrapper }}" --cross-prefix="${{ inputs.cross_prefix }}" --cflags="${{ inputs.cflags }}" --ldflags="${{ inputs.ldflags }}" --opt=${{ inputs.opt }} --${{ env.FUNC }} --${{ env.KAT }} --${{ env.ACVP }} --${{ env.EXAMPLES }} --${{ env.STACK }} --${{ env.UNIT }} --${{ env.ALLOC }} -v ${{ inputs.extra_args }}
115119
- name: Post ${{ env.MODE }} Tests
116120
shell: ${{ env.SHELL }}
117121
if: success() || failure()

.github/actions/multi-functest/action.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,9 @@ inputs:
5454
stack:
5555
description: Determine whether to run stack analysis or not
5656
default: "false"
57+
alloc:
58+
description: Determine whether to run alloc tests or not
59+
default: "true"
5760
extra_args:
5861
description: Additional arguments to pass to the tests script
5962
default: ""
@@ -82,6 +85,7 @@ runs:
8285
examples: ${{ inputs.examples }}
8386
check_namespace: ${{ inputs.check_namespace }}
8487
stack: ${{ inputs.stack }}
88+
alloc: ${{ inputs.alloc }}
8589
extra_args: ${{ inputs.extra_args }}
8690
extra_env: ${{ inputs.extra_env }}
8791
- name: Cross x86_64 Tests
@@ -105,6 +109,7 @@ runs:
105109
examples: ${{ inputs.examples }}
106110
check_namespace: ${{ inputs.check_namespace }}
107111
stack: ${{ inputs.stack }}
112+
alloc: ${{ inputs.alloc }}
108113
extra_args: ${{ inputs.extra_args }}
109114
extra_env: ${{ inputs.extra_env }}
110115
- name: Cross aarch64 Tests
@@ -128,6 +133,7 @@ runs:
128133
examples: ${{ inputs.examples }}
129134
check_namespace: ${{ inputs.check_namespace }}
130135
stack: ${{ inputs.stack }}
136+
alloc: ${{ inputs.alloc }}
131137
extra_args: ${{ inputs.extra_args }}
132138
extra_env: ${{ inputs.extra_env }}
133139
- name: Cross ppc64le Tests
@@ -151,6 +157,7 @@ runs:
151157
examples: ${{ inputs.examples }}
152158
check_namespace: ${{ inputs.check_namespace }}
153159
stack: ${{ inputs.stack }}
160+
alloc: ${{ inputs.alloc }}
154161
extra_args: ${{ inputs.extra_args }}
155162
extra_env: ${{ inputs.extra_env }}
156163
- name: Cross aarch64_be Tests
@@ -174,6 +181,7 @@ runs:
174181
examples: ${{ inputs.examples }}
175182
check_namespace: ${{ inputs.check_namespace }}
176183
stack: ${{ inputs.stack }}
184+
alloc: ${{ inputs.alloc }}
177185
extra_args: ${{ inputs.extra_args }}
178186
extra_env: ${{ inputs.extra_env }}
179187
- name: Cross riscv64 Tests (RVV, VLEN=128)
@@ -197,6 +205,7 @@ runs:
197205
examples: ${{ inputs.examples }}
198206
check_namespace: ${{ inputs.check_namespace }}
199207
stack: ${{ inputs.stack }}
208+
alloc: ${{ inputs.alloc }}
200209
extra_args: ${{ inputs.extra_args }}
201210
extra_env: ${{ inputs.extra_env }}
202211
- name: Cross riscv64 Tests (RVV, VLEN=256)
@@ -219,6 +228,7 @@ runs:
219228
examples: ${{ inputs.examples }}
220229
check_namespace: ${{ inputs.check_namespace }}
221230
stack: ${{ inputs.stack }}
231+
alloc: ${{ inputs.alloc }}
222232
extra_args: ${{ inputs.extra_args }}
223233
extra_env: ${{ inputs.extra_env }}
224234
- name: Cross riscv64 Tests (RVV, VLEN=512)
@@ -241,6 +251,7 @@ runs:
241251
examples: ${{ inputs.examples }}
242252
check_namespace: ${{ inputs.check_namespace }}
243253
stack: ${{ inputs.stack }}
254+
alloc: ${{ inputs.alloc }}
244255
extra_args: ${{ inputs.extra_args }}
245256
extra_env: ${{ inputs.extra_env }}
246257
- name: Cross riscv64 Tests (RVV, VLEN=1024)
@@ -263,6 +274,7 @@ runs:
263274
examples: ${{ inputs.examples }}
264275
check_namespace: ${{ inputs.check_namespace }}
265276
stack: ${{ inputs.stack }}
277+
alloc: ${{ inputs.alloc }}
266278
extra_args: ${{ inputs.extra_args }}
267279
extra_env: ${{ inputs.extra_env }}
268280
- name: Cross riscv32 Tests
@@ -286,6 +298,7 @@ runs:
286298
examples: ${{ inputs.examples }}
287299
check_namespace: ${{ inputs.check_namespace }}
288300
stack: ${{ inputs.stack }}
301+
alloc: ${{ inputs.alloc }}
289302
extra_args: ${{ inputs.extra_args }}
290303
extra_env: ${{ inputs.extra_env }}
291304

.github/workflows/baremetal.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,3 +35,4 @@ jobs:
3535
acvp: true
3636
examples: false
3737
stack: false
38+
alloc: false

.github/workflows/base.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -278,3 +278,8 @@ jobs:
278278
scan-build --status-bugs make quickcheck OPT=0
279279
make clean >/dev/null
280280
scan-build --status-bugs make quickcheck OPT=1
281+
symlink-check:
282+
runs-on: ubuntu-latest
283+
steps:
284+
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
285+
- uses: donatj/symlink-check-action@b3c737d0fd4e52752f0b8c71a03f3f775fa015cb

.github/workflows/ci.yml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -254,8 +254,7 @@ jobs:
254254
examples: true
255255
- name: gcc-15
256256
shell: ci_gcc15
257-
# TODO: Add this once gcc15 is supported in nix on aarch64-Darwin
258-
darwin: False
257+
darwin: True
259258
c17: True
260259
c23: True
261260
opt: all
@@ -417,7 +416,11 @@ jobs:
417416
name: x86_64
418417
- runner: ubuntu-24.04-arm
419418
name: aarch64
420-
cflags: ['-O3', '-Os']
419+
cflags:
420+
- '-O3'
421+
- '-Os'
422+
- '-O3 -DMLD_CONFIG_REDUCE_RAM'
423+
- '-Os -DMLD_CONFIG_REDUCE_RAM'
421424
exclude:
422425
- external: true
423426
runs-on: ${{ matrix.target.runner }}

.github/workflows/hol_light.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ jobs:
7373
proof:
7474
# Dependencies on {name}.{S,ml} are implicit
7575
- name: mldsa_ntt
76-
needs: ["mldsa_specs.ml", "mldsa_utils.ml"]
76+
needs: ["mldsa_specs.ml", "mldsa_utils.ml", "mldsa_zetas.ml"]
7777
name: HOL Light proof for ${{ matrix.proof.name }}.S
7878
runs-on: pqcp-x64
7979
if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork
@@ -83,7 +83,7 @@ jobs:
8383
fetch-depth: 0
8484
- name: Get changed files
8585
id: changed-files
86-
uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
86+
uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
8787
- name: Check if dependencies changed
8888
id: check_run
8989
shell: bash

.github/workflows/lint_markdown.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,4 +13,7 @@ jobs:
1313
runs-on: ubuntu-latest
1414
steps:
1515
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
16-
- uses: gaurav-nelson/github-action-markdown-link-check@3c3b66f1f7d0900e37b71eca45b63ea9eedfce31 # v1.0.17
16+
- name: Check markdown links
17+
run: |
18+
npm install -g markdown-link-check@3.14.2
19+
find . -name '*.md' -print0 | xargs -0 -P16 -n1 markdown-link-check -q

.github/workflows/nix.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626
- name: Get changed files
2727
if: github.event_name != 'workflow_dispatch'
2828
id: changed-files
29-
uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
29+
uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
3030
- name: Check if dependencies changed
3131
id: check_run
3232
shell: bash

0 commit comments

Comments
 (0)