Add test for failing dynamic allocation

.github/actions/config-variations/action.yml

@@ -61,6 +61,7 @@ runs:
         opt: ${{ inputs.opt }}
         extra_env: 'ASAN_OPTIONS=detect_leaks=1'
         examples: false # Some examples use a custom config themselves
+        alloc: false # Requires custom config
     - name: "Custom zeroization (explicit_bzero)"
       if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-zeroize') }}
       uses: ./.github/actions/multi-functest
@@ -74,6 +75,7 @@ runs:
         acvp: true
         opt: ${{ inputs.opt }}
         examples: false # Some examples use a custom config themselves
+        alloc: false # Requires custom config
     - name: "Custom native capability functions (static ON)"
       if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'native-cap-ON') }}
       uses: ./.github/actions/multi-functest
@@ -87,6 +89,7 @@ runs:
         acvp: true
         opt: ${{ inputs.opt }}
         examples: false # Some examples use a custom config themselves
+        alloc: false # Requires custom config
     - name: "Custom native capability functions (static OFF)"
       if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'native-cap-OFF') }}
       uses: ./.github/actions/multi-functest
@@ -100,6 +103,7 @@ runs:
         acvp: true
         opt: ${{ inputs.opt }}
         examples: false # Some examples use a custom config themselves
+        alloc: false # Requires custom config
     - name: "Custom native capability functions (ID_AA64PFR1_EL1 detection)"
       if: ${{ (inputs.tests == 'all' || contains(inputs.tests, 'native-cap-ID_AA64PFR1_EL1')) && runner.os == 'Linux' && runner.arch == 'ARM64' }}
       uses: ./.github/actions/multi-functest
@@ -113,6 +117,7 @@ runs:
         acvp: true
         opt: ${{ inputs.opt }}
         examples: false # Some examples use a custom config themselves
+        alloc: false # Requires custom config
     - name: "Custom native capability functions (CPUID AVX2 detection)"
       if: ${{ (inputs.tests == 'all' || contains(inputs.tests, 'native-cap-CPUID_AVX2')) && runner.os == 'Linux' && runner.arch == 'X64' }}
       uses: ./.github/actions/multi-functest
@@ -126,6 +131,7 @@ runs:
         acvp: true
         opt: ${{ inputs.opt }}
         examples: false # Some examples use a custom config themselves
+        alloc: false # Requires custom config
     - name: "No ASM"
       if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'no-asm') }}
       uses: ./.github/actions/multi-functest
@@ -139,6 +145,7 @@ runs:
         acvp: true
         opt: ${{ inputs.opt }}
         examples: false # Some examples use a custom config themselves
+        alloc: false # Requires custom config
     - name: "Serial FIPS202 (no batched Keccak)"
       if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'serial-fips202') }}
       uses: ./.github/actions/multi-functest
@@ -152,6 +159,7 @@ runs:
         acvp: true
         opt: ${{ inputs.opt }}
         examples: false # Some examples use a custom config themselves
+        alloc: false # Requires custom config
     - name: "Custom randombytes"
       if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-randombytes') }}
       uses: ./.github/actions/multi-functest
@@ -165,6 +173,7 @@ runs:
         acvp: true
         opt: ${{ inputs.opt }}
         examples: false # Some examples use a custom config themselves
+        alloc: false # Requires custom config
     - name: "Custom memcpy"
       if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-memcpy') }}
       uses: ./.github/actions/multi-functest
@@ -178,6 +187,7 @@ runs:
         acvp: true
         opt: ${{ inputs.opt }}
         examples: false # Some examples use a custom config themselves
+        alloc: false # Requires custom config
     - name: "Custom memset"
       if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-memset') }}
       uses: ./.github/actions/multi-functest
@@ -191,6 +201,7 @@ runs:
         acvp: true
         opt: ${{ inputs.opt }}
         examples: false # Some examples use a custom config themselves
+        alloc: false # Requires custom config
     - name: "Custom stdlib (memcpy + memset)"
       if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-stdlib') }}
       uses: ./.github/actions/multi-functest
@@ -204,3 +215,4 @@ runs:
         acvp: true
         opt: ${{ inputs.opt }}
         examples: false # Some examples use a custom config themselves
+        alloc: false # Requires custom config

.github/actions/functest/action.yml

@@ -57,6 +57,9 @@ inputs:
   stack:
     description: Determine whether to run stack analysis or not
     default: "false"
+  alloc:
+    description: Determine whether to run alloc tests or not
+    default: "true"
   extra_args:
     description: Additional arguments to pass to the tests script
     default: ""
@@ -77,6 +80,7 @@ runs:
           echo ACVP="${{ inputs.acvp == 'true' && 'acvp' || 'no-acvp' }}" >> $GITHUB_ENV
           echo EXAMPLES="${{ inputs.examples == 'true' && 'examples' || 'no-examples' }}" >> $GITHUB_ENV
           echo STACK="${{ inputs.stack == 'true' && 'stack' || 'no-stack' }}" >> $GITHUB_ENV
+          echo ALLOC="${{ inputs.alloc == 'true' && 'alloc' || 'no-alloc' }}" >> $GITHUB_ENV
       - name: Setup nix
         uses: ./.github/actions/setup-shell
         with:
@@ -107,11 +111,11 @@ runs:
             - $(python3 --version)
             - $(${{ inputs.cross_prefix }}${CC} --version | grep -m1 "")
           EOF
-      - name: ${{ env.MODE }} ${{ inputs.opt }} tests (${{ env.FUNC }}, ${{ env.KAT }}, ${{ env.EXAMPLES }}, ${{ env.STACK }}, ${{ env.UNIT }})
+      - name: ${{ env.MODE }} ${{ inputs.opt }} tests (${{ env.FUNC }}, ${{ env.KAT }}, ${{ env.EXAMPLES }}, ${{ env.STACK }}, ${{ env.UNIT }}, ${{ env.ALLOC }})
         shell: ${{ env.SHELL }}
         run: |
           make clean
-          ${{ inputs.extra_env }} ./scripts/tests all ${{ inputs.check_namespace == 'true' && '--check-namespace' || ''}} --exec-wrapper="${{ inputs.exec_wrapper }}" --cross-prefix="${{ inputs.cross_prefix }}" --cflags="${{ inputs.cflags }}" --ldflags="${{ inputs.ldflags }}" --opt=${{ inputs.opt }} --${{ env.FUNC }} --${{ env.KAT }} --${{ env.ACVP }} --${{ env.EXAMPLES }} --${{ env.STACK }} --${{ env.UNIT }} -v ${{ inputs.extra_args }}
+          ${{ inputs.extra_env }} ./scripts/tests all ${{ inputs.check_namespace == 'true' && '--check-namespace' || ''}} --exec-wrapper="${{ inputs.exec_wrapper }}" --cross-prefix="${{ inputs.cross_prefix }}" --cflags="${{ inputs.cflags }}" --ldflags="${{ inputs.ldflags }}" --opt=${{ inputs.opt }} --${{ env.FUNC }} --${{ env.KAT }} --${{ env.ACVP }} --${{ env.EXAMPLES }} --${{ env.STACK }} --${{ env.UNIT }} --${{ env.ALLOC }} -v ${{ inputs.extra_args }}
       - name: Post ${{ env.MODE }} Tests
         shell: ${{ env.SHELL }}
         if: success() || failure()

.github/actions/multi-functest/action.yml

@@ -54,6 +54,9 @@ inputs:
   stack:
     description: Determine whether to run stack analysis or not
     default: "false"
+  alloc:
+    description: Determine whether to run alloc tests or not
+    default: "true"
   extra_args:
     description: Additional arguments to pass to the tests script
     default: ""
@@ -82,6 +85,7 @@ runs:
           examples: ${{ inputs.examples }}
           check_namespace: ${{ inputs.check_namespace }}
           stack: ${{ inputs.stack }}
+          alloc: ${{ inputs.alloc }}
           extra_args: ${{ inputs.extra_args }}
           extra_env: ${{ inputs.extra_env }}
       - name: Cross x86_64 Tests
@@ -105,6 +109,7 @@ runs:
           examples: ${{ inputs.examples }}
           check_namespace: ${{ inputs.check_namespace }}
           stack: ${{ inputs.stack }}
+          alloc: ${{ inputs.alloc }}
           extra_args: ${{ inputs.extra_args }}
           extra_env: ${{ inputs.extra_env }}
       - name: Cross aarch64 Tests
@@ -128,6 +133,7 @@ runs:
           examples: ${{ inputs.examples }}
           check_namespace: ${{ inputs.check_namespace }}
           stack: ${{ inputs.stack }}
+          alloc: ${{ inputs.alloc }}
           extra_args: ${{ inputs.extra_args }}
           extra_env: ${{ inputs.extra_env }}
       - name: Cross ppc64le Tests
@@ -151,6 +157,7 @@ runs:
           examples: ${{ inputs.examples }}
           check_namespace: ${{ inputs.check_namespace }}
           stack: ${{ inputs.stack }}
+          alloc: ${{ inputs.alloc }}
           extra_args: ${{ inputs.extra_args }}
           extra_env: ${{ inputs.extra_env }}
       - name: Cross aarch64_be Tests
@@ -174,6 +181,7 @@ runs:
           examples: ${{ inputs.examples }}
           check_namespace: ${{ inputs.check_namespace }}
           stack: ${{ inputs.stack }}
+          alloc: ${{ inputs.alloc }}
           extra_args: ${{ inputs.extra_args }}
           extra_env: ${{ inputs.extra_env }}
       - name: Cross riscv64 Tests (RVV, VLEN=128)
@@ -197,6 +205,7 @@ runs:
           examples: ${{ inputs.examples }}
           check_namespace: ${{ inputs.check_namespace }}
           stack: ${{ inputs.stack }}
+          alloc: ${{ inputs.alloc }}
           extra_args: ${{ inputs.extra_args }}
           extra_env: ${{ inputs.extra_env }}
       - name: Cross riscv64 Tests (RVV, VLEN=256)
@@ -219,6 +228,7 @@ runs:
           examples: ${{ inputs.examples }}
           check_namespace: ${{ inputs.check_namespace }}
           stack: ${{ inputs.stack }}
+          alloc: ${{ inputs.alloc }}
           extra_args: ${{ inputs.extra_args }}
           extra_env: ${{ inputs.extra_env }}
       - name: Cross riscv64 Tests (RVV, VLEN=512)
@@ -241,6 +251,7 @@ runs:
           examples: ${{ inputs.examples }}
           check_namespace: ${{ inputs.check_namespace }}
           stack: ${{ inputs.stack }}
+          alloc: ${{ inputs.alloc }}
           extra_args: ${{ inputs.extra_args }}
           extra_env: ${{ inputs.extra_env }}
       - name: Cross riscv64 Tests (RVV, VLEN=1024)
@@ -263,6 +274,7 @@ runs:
           examples: ${{ inputs.examples }}
           check_namespace: ${{ inputs.check_namespace }}
           stack: ${{ inputs.stack }}
+          alloc: ${{ inputs.alloc }}
           extra_args: ${{ inputs.extra_args }}
           extra_env: ${{ inputs.extra_env }}
       - name: Cross riscv32 Tests
@@ -286,6 +298,7 @@ runs:
           examples: ${{ inputs.examples }}
           check_namespace: ${{ inputs.check_namespace }}
           stack: ${{ inputs.stack }}
+          alloc: ${{ inputs.alloc }}
           extra_args: ${{ inputs.extra_args }}
           extra_env: ${{ inputs.extra_env }}
 

.github/workflows/baremetal.yml

@@ -35,3 +35,4 @@ jobs:
           acvp: true
           examples: false
           stack: false
+          alloc: false

BIBLIOGRAPHY.md

@@ -51,6 +51,7 @@ source code and documentation.
   - [test/custom_zeroize_config.h](test/custom_zeroize_config.h)
   - [test/no_asm_config.h](test/no_asm_config.h)
   - [test/serial_fips202_config.h](test/serial_fips202_config.h)
+  - [test/test_alloc_config.h](test/test_alloc_config.h)
 
 ### `FIPS202`
 
@@ -103,6 +104,7 @@ source code and documentation.
   - [test/custom_zeroize_config.h](test/custom_zeroize_config.h)
   - [test/no_asm_config.h](test/no_asm_config.h)
   - [test/serial_fips202_config.h](test/serial_fips202_config.h)
+  - [test/test_alloc_config.h](test/test_alloc_config.h)
 
 ### `HYBRID`
 

Makefile

@@ -2,14 +2,14 @@
 # Copyright (c) The mldsa-native project authors
 # SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
 
-.PHONY: func kat acvp stack unit \
-	func_44 kat_44 acvp_44 stack_44 unit_44 \
-	func_65 kat_65 acvp_65 stack_65 unit_65 \
-	func_87 kat_87 acvp_87 stack_87 unit_87 \
-	run_func run_kat run_acvp run_stack run_unit \
-	run_func_44 run_kat_44 run_stack_44 run_unit_44 \
-	run_func_65 run_kat_65 run_stack_65 run_unit_65 \
-	run_func_87 run_kat_87 run_stack_87 run_unit_87 \
+.PHONY: func kat acvp stack unit alloc \
+	func_44 kat_44 acvp_44 stack_44 unit_44 alloc_44 \
+	func_65 kat_65 acvp_65 stack_65 unit_65 alloc_65 \
+	func_87 kat_87 acvp_87 stack_87 unit_87 alloc_87 \
+	run_func run_kat run_acvp run_stack run_unit run_alloc \
+	run_func_44 run_kat_44 run_stack_44 run_unit_44 run_alloc_44 \
+	run_func_65 run_kat_65 run_stack_65 run_unit_65 run_alloc_65 \
+	run_func_87 run_kat_87 run_stack_87 run_unit_87 run_alloc_87 \
 	bench_44 bench_65 bench_87 bench \
 	run_bench_44 run_bench_65 run_bench_87 run_bench \
 	bench_components_44 bench_components_65 bench_components_87 bench_components \
@@ -48,7 +48,7 @@ quickcheck: test
 build: func kat acvp
 	$(Q)echo "  Everything builds fine!"
 
-test: run_kat run_func run_acvp run_unit
+test: run_kat run_func run_acvp run_unit run_alloc
 	$(Q)echo "  Everything checks fine!"
 
 # Detect available SHA256 command
@@ -115,7 +115,7 @@ acvp_65:  $(MLDSA65_DIR)/bin/acvp_mldsa65
 acvp_87: $(MLDSA87_DIR)/bin/acvp_mldsa87
 	$(Q)echo "  ACVP       ML-DSA-87:  $^"
 acvp: acvp_44 acvp_65 acvp_87
-	
+
 ifeq ($(HOST_PLATFORM),Linux-aarch64)
 # valgrind does not work with the AArch64 SHA3 extension
 # Use armv8-a as the target architecture, overwriting a
@@ -141,6 +141,22 @@ run_stack_87: stack_87
 	$(Q)python3 scripts/stack $(MLDSA87_DIR)/bin/test_stack87 --build-dir $(MLDSA87_DIR) $(STACK_ANALYSIS_FLAGS)
 run_stack: run_stack_44 run_stack_65 run_stack_87
 
+alloc_44: $(MLDSA44_DIR)/bin/test_alloc44
+	$(Q)echo "  ALLOC   ML-DSA-44:   $^"
+alloc_65: $(MLDSA65_DIR)/bin/test_alloc65
+	$(Q)echo "  ALLOC   ML-DSA-65:   $^"
+alloc_87: $(MLDSA87_DIR)/bin/test_alloc87
+	$(Q)echo "  ALLOC   ML-DSA-87:  $^"
+alloc: alloc_44 alloc_65 alloc_87
+
+run_alloc_44: alloc_44
+	$(W) $(MLDSA44_DIR)/bin/test_alloc44
+run_alloc_65: alloc_65
+	$(W) $(MLDSA65_DIR)/bin/test_alloc65
+run_alloc_87: alloc_87
+	$(W) $(MLDSA87_DIR)/bin/test_alloc87
+run_alloc: run_alloc_44 run_alloc_65 run_alloc_87
+
 lib: $(BUILD_DIR)/libmldsa.a $(BUILD_DIR)/libmldsa44.a $(BUILD_DIR)/libmldsa65.a $(BUILD_DIR)/libmldsa87.a
 
 # Enforce setting CYCLES make variable when

mldsa/src/common.h

@@ -215,16 +215,4 @@
 
 #endif /* !__ASSEMBLER__ */
 
-/* Just in case we want to include mldsa_native.h, set the configuration
- * for that header in accordance with the configuration used here. */
-
-/* Double-check that this is not conflicting with pre-existing definitions. */
-#if defined(MLD_CONFIG_API_PARAMETER_SET) ||    \
-    defined(MLD_CONFIG_API_NAMESPACE_PREFIX) || \
-    defined(MLD_CONFIG_API_NO_SUPERCOP) ||      \
-    defined(MLD_CONFIG_API_CONSTANTS_ONLY)
-#error Pre-existing MLD_CONFIG_API_XXX configuration is neither useful nor allowed during an mldsa-native build
-#endif /* MLD_CONFIG_API_PARAMETER_SET || MLD_CONFIG_API_NAMESPACE_PREFIX || \
-          MLD_CONFIG_API_NO_SUPERCOP || MLD_CONFIG_API_CONSTANTS_ONLY */
-
 #endif /* !MLD_COMMON_H */