From d0501c589165a70491f875551bc83096e3abddb9 Mon Sep 17 00:00:00 2001 From: Jake Massimo Date: Wed, 18 Dec 2024 15:31:00 -0800 Subject: [PATCH] Modified posix builds to enable dilithium by default (#2034) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Issues: Addresses #P175809809 ### Description of changes: As we prepare ML-DSA and the removal of the `enable_dilithium` flag, we prepare our builds to all enable dilithium. This should also catch addition bugs in the CI. One such bug has already been found by testing this addition, that has also been addressed in this PR: ``` In file included from /crypto/dilithium/ml_dsa.c:20: /crypto/dilithium/./pqcrystals_dilithium_ref_common/sign.c: In function ‘crypto_sign_keypair_internal’: /crypto/dilithium/./pqcrystals_dilithium_ref_common/sign.c:54:9: error: ‘s1’ may be used uninitialized [-Werror=maybe-uninitialized] 54 | s1hat = s1; | ~~~~^~ crypto/dilithium/./pqcrystals_dilithium_ref_common/sign.c:35:12: note: ‘s1’ declared here 35 | polyvecl s1, s1hat; | ^~ ``` ### Testing: Found through testing for linux builds/ By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license. --------- Co-authored-by: Andrew Hopkins --- .../pqcrystals_dilithium_ref_common/sign.c | 3 +- tests/ci/run_posix_sanitizers.sh | 4 +-- tests/ci/run_posix_tests.sh | 28 +++++++++---------- 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/crypto/dilithium/pqcrystals_dilithium_ref_common/sign.c b/crypto/dilithium/pqcrystals_dilithium_ref_common/sign.c index ae0568d66c..3b5b2d20df 100644 --- a/crypto/dilithium/pqcrystals_dilithium_ref_common/sign.c +++ b/crypto/dilithium/pqcrystals_dilithium_ref_common/sign.c @@ -31,7 +31,8 @@ int crypto_sign_keypair_internal(ml_dsa_params *params, uint8_t tr[TRBYTES]; const uint8_t *rho, *rhoprime, *key; polyvecl mat[DILITHIUM_K_MAX]; - polyvecl s1, s1hat; + polyvecl s1 = {{{{0}}}}; + polyvecl s1hat; polyveck s2, t1, t0; OPENSSL_memcpy(seedbuf, seed, SEEDBYTES); diff --git a/tests/ci/run_posix_sanitizers.sh b/tests/ci/run_posix_sanitizers.sh index 6cf36396aa..4a16f9fd6c 100755 --- a/tests/ci/run_posix_sanitizers.sh +++ b/tests/ci/run_posix_sanitizers.sh @@ -7,7 +7,7 @@ set -exo pipefail source tests/ci/common_posix_setup.sh build_type=Release -cflags=("-DCMAKE_BUILD_TYPE=${build_type}") +cflags=("-DCMAKE_BUILD_TYPE=${build_type}" "-DENABLE_DILITHIUM=ON") if [ $(uname -p) == "aarch64" ]; then # BoringSSL provides two sets tests: the C/C++ tests and the blackbox tests. # Details: https://github.com/google/boringssl/blob/master/BUILDING.md @@ -47,4 +47,4 @@ if [ $(uname -p) == "x86_64" ]; then else echo "Testing AWS-LC in ${build_type} mode with thread sanitizer." build_and_test -DTSAN=1 -DUSE_CUSTOM_LIBCXX=1 "${cflags[@]}" -fi +fi \ No newline at end of file diff --git a/tests/ci/run_posix_tests.sh b/tests/ci/run_posix_tests.sh index 1c76bc54df..31a308fe94 100755 --- a/tests/ci/run_posix_tests.sh +++ b/tests/ci/run_posix_tests.sh @@ -7,36 +7,36 @@ set -exo pipefail source tests/ci/common_posix_setup.sh echo "Testing AWS-LC in debug mode." -build_and_test +build_and_test -DENABLE_DILITHIUM=ON echo "Testing AWS-LC in release mode." -build_and_test -DCMAKE_BUILD_TYPE=Release +build_and_test -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON -echo "Testing AWS-LC with Dilithium3 enabled." -build_and_test -DENABLE_DILITHIUM=ON +echo "Testing AWS-LC with Dilithium3 disabled." +build_and_test -DENABLE_DILITHIUM=OFF echo "Testing AWS-LC small compilation." -build_and_test -DOPENSSL_SMALL=1 -DCMAKE_BUILD_TYPE=Release +build_and_test -DOPENSSL_SMALL=1 -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON echo "Testing AWS-LC with libssl off." -build_and_test -DBUILD_LIBSSL=OFF -DCMAKE_BUILD_TYPE=Release +build_and_test -DBUILD_LIBSSL=OFF -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON echo "Testing AWS-LC in no asm mode." -build_and_test -DOPENSSL_NO_ASM=1 -DCMAKE_BUILD_TYPE=Release +build_and_test -DOPENSSL_NO_ASM=1 -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON echo "Testing building shared lib." -build_and_test -DBUILD_SHARED_LIBS=1 -DCMAKE_BUILD_TYPE=Release +build_and_test -DBUILD_SHARED_LIBS=1 -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON echo "Testing with a SysGenId." TEST_SYSGENID_PATH=$(mktemp) dd if=/dev/zero of="${TEST_SYSGENID_PATH}" bs=1 count=4096 -build_and_test -DTEST_SYSGENID_PATH="${TEST_SYSGENID_PATH}" +build_and_test -DTEST_SYSGENID_PATH="${TEST_SYSGENID_PATH}" -DENABLE_DILITHIUM=ON echo "Testing with pre-generated assembly code." -build_and_test -DDISABLE_PERL=ON +build_and_test -DDISABLE_PERL=ON -DENABLE_DILITHIUM=ON echo "Testing building with AArch64 Data-Independent Timing (DIT) on." -build_and_test -DENABLE_DATA_INDEPENDENT_TIMING=ON -DCMAKE_BUILD_TYPE=Release +build_and_test -DENABLE_DATA_INDEPENDENT_TIMING=ON -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON if [[ "${AWSLC_C99_TEST}" == "1" ]]; then echo "Testing the C99 compatability of AWS-LC headers." @@ -54,10 +54,10 @@ build_options_to_test=("" "-DBUILD_SHARED_LIBS=1" "-DCMAKE_BUILD_TYPE=Release" " ## Build option: MY_ASSEMBLER_IS_TOO_OLD_FOR_AVX for build_option in "${build_options_to_test[@]}"; do - run_build ${build_option} -DMY_ASSEMBLER_IS_TOO_OLD_FOR_AVX=ON + run_build ${build_option} -DMY_ASSEMBLER_IS_TOO_OLD_FOR_AVX=ON -DENABLE_DILITHIUM=ON done ## Build option: MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX for build_option in "${build_options_to_test[@]}"; do - run_build ${build_option} -DMY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX=ON -done + run_build ${build_option} -DMY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX=ON -DENABLE_DILITHIUM=ON +done \ No newline at end of file