From 15617796d0b3ea467eee039202f82c17b3781784 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 19 Oct 2023 20:14:40 +0200 Subject: [PATCH 1/5] update docs from copy_from_upstream --- .github/workflows/linux.yml | 2 ++ docs/algorithms/kem/classic_mceliece.md | 42 ++++++++++++------------ docs/algorithms/kem/classic_mceliece.yml | 4 ++- docs/algorithms/sig/falcon.md | 4 +-- docs/algorithms/sig/sphincs.md | 24 +++++++------- docs/algorithms/sig/sphincs.yml | 36 -------------------- 6 files changed, 40 insertions(+), 72 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 599b0e3c53..26fc328dd9 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -30,6 +30,8 @@ jobs: git config --global user.name "ciuser" && \ git config --global user.email "ci@openquantumsafe.org" && \ export LIBOQS_DIR=`pwd` && \ + echo $LIBOQS_DIR && \ + git config --global --add safe.directory $LIBOQS_DIR && \ cd scripts/copy_from_upstream && \ ! pip3 install -r requirements.txt 2>&1 | grep ERROR && \ python3 copy_from_upstream.py copy && \ diff --git a/docs/algorithms/kem/classic_mceliece.md b/docs/algorithms/kem/classic_mceliece.md index b193065b5a..29c2d745e3 100644 --- a/docs/algorithms/kem/classic_mceliece.md +++ b/docs/algorithms/kem/classic_mceliece.md @@ -14,7 +14,7 @@ ## Advisories - Classic-McEliece-460896, Classic-McEliece-460896f, Classic-McEliece-6960119, and Classic-McEliece-6960119f parameter sets fail memory leak testing on x86-64 when building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised when using the algorithm at higher optimization levels, and any other compiler and architecture. -- Current implementation of the algorithm may not be constant-time. Additionally, environment specific constant-time leaks may not be documented; please report potential constant-time leaks when found. +- Current implementation of the algorithm may not be constant-time. Additionally, environment specific constant-time leaks may not be documented; please report potential constant-time leaks when found. ## Parameter set summary @@ -35,8 +35,8 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -46,8 +46,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -55,8 +55,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -64,8 +64,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -73,8 +73,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -82,8 +82,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -91,8 +91,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -100,8 +100,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -109,8 +109,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -118,8 +118,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | True | True | True | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | True | True | +| [Primary Source](#primary-source) | clean | All | All | None | False | False | True | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True | Are implementations chosen based on runtime CPU feature detection? **Yes**. diff --git a/docs/algorithms/kem/classic_mceliece.yml b/docs/algorithms/kem/classic_mceliece.yml index a5fcf751fc..4916af115e 100644 --- a/docs/algorithms/kem/classic_mceliece.yml +++ b/docs/algorithms/kem/classic_mceliece.yml @@ -26,7 +26,9 @@ advisories: building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised when using the algorithm at higher optimization levels, and any other compiler and architecture. -- Current implementation of the algorithm may not be constant-time. Additionally, environment specific constant-time leaks may not be documented; please report potential constant-time leaks when found. +- Current implementation of the algorithm may not be constant-time. Additionally, + environment specific constant-time leaks may not be documented; please report potential + constant-time leaks when found. parameter-sets: - name: Classic-McEliece-348864 claimed-nist-level: 1 diff --git a/docs/algorithms/sig/falcon.md b/docs/algorithms/sig/falcon.md index 101ffa9a98..08598e3b47 100644 --- a/docs/algorithms/sig/falcon.md +++ b/docs/algorithms/sig/falcon.md @@ -22,7 +22,7 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------| -| [Primary Source](#primary-source) | clean | All | All | None | False | False | False | +| [Primary Source](#primary-source) | clean | All | All | None | True | True | False | | [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | False | False | False | | [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | False | False | False | @@ -34,7 +34,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| [Primary Source](#primary-source) | clean | All | All | None | False | False | False | +| [Primary Source](#primary-source) | clean | All | All | None | True | True | False | | [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | False | False | False | | [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | False | False | False | diff --git a/docs/algorithms/sig/sphincs.md b/docs/algorithms/sig/sphincs.md index b4f73425da..e7d146dcec 100644 --- a/docs/algorithms/sig/sphincs.md +++ b/docs/algorithms/sig/sphincs.md @@ -37,7 +37,7 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -48,7 +48,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -57,7 +57,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -66,7 +66,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -75,7 +75,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -84,7 +84,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -93,7 +93,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -102,7 +102,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -111,7 +111,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -120,7 +120,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -129,7 +129,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -138,7 +138,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. diff --git a/docs/algorithms/sig/sphincs.yml b/docs/algorithms/sig/sphincs.yml index f1b8db2244..e8b8ffa92d 100644 --- a/docs/algorithms/sig/sphincs.yml +++ b/docs/algorithms/sig/sphincs.yml @@ -56,9 +56,6 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 - operating_systems: - - Linux - - Darwin common-crypto: - SHA2: liboqs no-secret-dependent-branching-claimed: true @@ -86,9 +83,6 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 - operating_systems: - - Linux - - Darwin common-crypto: - SHA2: liboqs no-secret-dependent-branching-claimed: true @@ -116,9 +110,6 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 - operating_systems: - - Linux - - Darwin common-crypto: - SHA2: liboqs no-secret-dependent-branching-claimed: true @@ -146,9 +137,6 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 - operating_systems: - - Linux - - Darwin common-crypto: - SHA2: liboqs no-secret-dependent-branching-claimed: true @@ -176,9 +164,6 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 - operating_systems: - - Linux - - Darwin common-crypto: - SHA2: liboqs no-secret-dependent-branching-claimed: true @@ -206,9 +191,6 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 - operating_systems: - - Linux - - Darwin common-crypto: - SHA2: liboqs no-secret-dependent-branching-claimed: true @@ -236,9 +218,6 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 - operating_systems: - - Linux - - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -266,9 +245,6 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 - operating_systems: - - Linux - - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -296,9 +272,6 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 - operating_systems: - - Linux - - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -326,9 +299,6 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 - operating_systems: - - Linux - - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -356,9 +326,6 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 - operating_systems: - - Linux - - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -386,9 +353,6 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 - operating_systems: - - Linux - - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true From 86f616d0d6c7a114cc7e1386928ff8180c746685 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 19 Oct 2023 20:43:09 +0200 Subject: [PATCH 2/5] remove unnecessary output statement --- .github/workflows/linux.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 26fc328dd9..ce0052f78d 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -30,7 +30,6 @@ jobs: git config --global user.name "ciuser" && \ git config --global user.email "ci@openquantumsafe.org" && \ export LIBOQS_DIR=`pwd` && \ - echo $LIBOQS_DIR && \ git config --global --add safe.directory $LIBOQS_DIR && \ cd scripts/copy_from_upstream && \ ! pip3 install -r requirements.txt 2>&1 | grep ERROR && \ From 232a219e496c362c011723be2eb3adea0052b917 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 26 Oct 2023 17:43:11 +0200 Subject: [PATCH 3/5] run copy_from_upstream with -k [skip ci] --- docs/algorithms/sig/sphincs.md | 24 +++++++++++----------- docs/algorithms/sig/sphincs.yml | 36 +++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 12 deletions(-) diff --git a/docs/algorithms/sig/sphincs.md b/docs/algorithms/sig/sphincs.md index e7d146dcec..b4f73425da 100644 --- a/docs/algorithms/sig/sphincs.md +++ b/docs/algorithms/sig/sphincs.md @@ -37,7 +37,7 @@ | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -48,7 +48,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -57,7 +57,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -66,7 +66,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -75,7 +75,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -84,7 +84,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -93,7 +93,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -102,7 +102,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -111,7 +111,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -120,7 +120,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -129,7 +129,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -138,7 +138,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | [Primary Source](#primary-source) | clean | All | All | None | True | True | False | -| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False | +| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. diff --git a/docs/algorithms/sig/sphincs.yml b/docs/algorithms/sig/sphincs.yml index e8b8ffa92d..f1b8db2244 100644 --- a/docs/algorithms/sig/sphincs.yml +++ b/docs/algorithms/sig/sphincs.yml @@ -56,6 +56,9 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 + operating_systems: + - Linux + - Darwin common-crypto: - SHA2: liboqs no-secret-dependent-branching-claimed: true @@ -83,6 +86,9 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 + operating_systems: + - Linux + - Darwin common-crypto: - SHA2: liboqs no-secret-dependent-branching-claimed: true @@ -110,6 +116,9 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 + operating_systems: + - Linux + - Darwin common-crypto: - SHA2: liboqs no-secret-dependent-branching-claimed: true @@ -137,6 +146,9 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 + operating_systems: + - Linux + - Darwin common-crypto: - SHA2: liboqs no-secret-dependent-branching-claimed: true @@ -164,6 +176,9 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 + operating_systems: + - Linux + - Darwin common-crypto: - SHA2: liboqs no-secret-dependent-branching-claimed: true @@ -191,6 +206,9 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 + operating_systems: + - Linux + - Darwin common-crypto: - SHA2: liboqs no-secret-dependent-branching-claimed: true @@ -218,6 +236,9 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 + operating_systems: + - Linux + - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -245,6 +266,9 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 + operating_systems: + - Linux + - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -272,6 +296,9 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 + operating_systems: + - Linux + - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -299,6 +326,9 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 + operating_systems: + - Linux + - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -326,6 +356,9 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 + operating_systems: + - Linux + - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -353,6 +386,9 @@ parameter-sets: - architecture: x86_64 required_flags: - avx2 + operating_systems: + - Linux + - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true From f2274ff2aa828d6c80956acab9899219bdf60339 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 26 Oct 2023 17:57:19 +0200 Subject: [PATCH 4/5] remove apparently extraneous rmtree statement to ensure documentation patches survive --- scripts/copy_from_upstream/copy_from_upstream.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/copy_from_upstream/copy_from_upstream.py b/scripts/copy_from_upstream/copy_from_upstream.py index 99d04c6347..665328f032 100755 --- a/scripts/copy_from_upstream/copy_from_upstream.py +++ b/scripts/copy_from_upstream/copy_from_upstream.py @@ -611,8 +611,10 @@ def copy_from_upstream(): for t in ["kem", "sig"]: with open(os.path.join(os.environ['LIBOQS_DIR'], 'tests', 'KATs', t, 'kats.json'), "w") as f: json.dump(kats[t], f, indent=2, sort_keys=True) - if not keepdata: - shutil.rmtree('repos') + +# TBD: What's the purpose of this rmtree? It destroys patches to the documentation +# if not keepdata: +# shutil.rmtree('repos') update_upstream_alg_docs.do_it(os.environ['LIBOQS_DIR']) From deb79eff7e3e9087621bda5ba8630f7aa3a0d506 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 26 Oct 2023 19:45:02 +0200 Subject: [PATCH 5/5] move cleanup code to the end --- scripts/copy_from_upstream/copy_from_upstream.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/copy_from_upstream/copy_from_upstream.py b/scripts/copy_from_upstream/copy_from_upstream.py index 665328f032..92264fb1bb 100755 --- a/scripts/copy_from_upstream/copy_from_upstream.py +++ b/scripts/copy_from_upstream/copy_from_upstream.py @@ -612,10 +612,6 @@ def copy_from_upstream(): with open(os.path.join(os.environ['LIBOQS_DIR'], 'tests', 'KATs', t, 'kats.json'), "w") as f: json.dump(kats[t], f, indent=2, sort_keys=True) -# TBD: What's the purpose of this rmtree? It destroys patches to the documentation -# if not keepdata: -# shutil.rmtree('repos') - update_upstream_alg_docs.do_it(os.environ['LIBOQS_DIR']) sys.path.insert(1, os.path.join(os.environ['LIBOQS_DIR'], 'scripts')) @@ -624,6 +620,10 @@ def copy_from_upstream(): update_docs_from_yaml.do_it(os.environ['LIBOQS_DIR']) update_cbom.update_cbom_if_algs_not_changed(os.environ['LIBOQS_DIR'], "git") + if not keepdata: + shutil.rmtree('repos') + + def verify_from_upstream(): instructions = load_instructions() basedir = "verify_from_upstream"