From 9b41a86f8e2f55725f89210ab120b74e1119d31f Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Tue, 3 Mar 2020 10:06:21 -0500 Subject: [PATCH 1/7] Update Travis CI to XCode 11.3 --- .travis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1aaccabb..a6730205 100644 --- a/.travis.yml +++ b/.travis.yml @@ -109,7 +109,7 @@ matrix: # MacOS builds - name: "KEMs: MacOS + Clang" os: osx - osx_image: xcode11.2 + osx_image: xcode11.3 compiler: clang before_install: - pip3 install -r requirements.txt @@ -136,7 +136,7 @@ matrix: - ccache - name: "KEMs: MacOS + GCC9" os: osx - osx_image: xcode11.2 + osx_image: xcode11.3 compiler: gcc addons: homebrew: @@ -167,7 +167,7 @@ matrix: - "cd test && travis_wait 60 python3 -m pytest --numprocesses=auto" - name: "SIGs on MacOS + Clang" os: osx - osx_image: xcode11.2 + osx_image: xcode11.3 compiler: clang before_install: - pip3 install -r requirements.txt @@ -194,7 +194,7 @@ matrix: - ccache - name: "SIGs on MacOS + GCC9" os: osx - osx_image: xcode11.2 + osx_image: xcode11.3 compiler: gcc addons: homebrew: From 0564c906f7fa6e3597ab35b7bc56b508ab263149 Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Tue, 3 Mar 2020 10:07:38 -0500 Subject: [PATCH 2/7] Force running brew update This will add ~5m to the build time, but Travis CI SUCK at keeping their tools up to date... --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index a6730205..9b4b0343 100644 --- a/.travis.yml +++ b/.travis.yml @@ -131,6 +131,7 @@ matrix: PQCLEAN_SKIP_SCHEMES: sphincs-haraka-128f-robust,sphincs-haraka-192s-robust,sphincs-sha256-128f-robust,sphincs-sha256-192s-robust,sphincs-shake256-128f-robust,sphincs-shake256-192s-robust,sphincs-haraka-128f-simple,sphincs-haraka-192s-simple,sphincs-sha256-128f-simple,sphincs-sha256-192s-simple,sphincs-shake256-128f-simple,sphincs-shake256-192s-simple,sphincs-haraka-128s-robust,sphincs-haraka-256f-robust,sphincs-sha256-128s-robust,sphincs-sha256-256f-robust,sphincs-shake256-128s-robust,sphincs-shake256-256f-robust,sphincs-haraka-128s-simple,sphincs-haraka-256f-simple,sphincs-sha256-128s-simple,sphincs-sha256-256f-simple,sphincs-shake256-128s-simple,sphincs-shake256-256f-simple,sphincs-haraka-192f-robust,sphincs-haraka-256s-robust,sphincs-sha256-192f-robust,sphincs-sha256-256s-robust,sphincs-shake256-192f-robust,sphincs-shake256-256s-robust,sphincs-haraka-192f-simple,sphincs-haraka-256s-simple,sphincs-sha256-192f-simple,sphincs-sha256-256s-simple,sphincs-shake256-192f-simple,sphincs-shake256-256s-simple addons: homebrew: + update: true packages: - astyle - ccache @@ -140,6 +141,7 @@ matrix: compiler: gcc addons: homebrew: + update: true packages: - astyle - ccache @@ -189,6 +191,7 @@ matrix: PQCLEAN_SKIP_SCHEMES: sphincs-haraka-128f-robust,sphincs-haraka-192s-robust,sphincs-sha256-128f-robust,sphincs-sha256-192s-robust,sphincs-shake256-128f-robust,sphincs-shake256-192s-robust,sphincs-haraka-128f-simple,sphincs-haraka-192s-simple,sphincs-sha256-128f-simple,sphincs-sha256-192s-simple,sphincs-shake256-128f-simple,sphincs-shake256-192s-simple,sphincs-haraka-128s-robust,sphincs-haraka-256f-robust,sphincs-sha256-128s-robust,sphincs-sha256-256f-robust,sphincs-shake256-128s-robust,sphincs-shake256-256f-robust,sphincs-haraka-128s-simple,sphincs-haraka-256f-simple,sphincs-sha256-128s-simple,sphincs-sha256-256f-simple,sphincs-shake256-128s-simple,sphincs-shake256-256f-simple,sphincs-haraka-192f-robust,sphincs-haraka-256s-robust,sphincs-sha256-192f-robust,sphincs-sha256-256s-robust,sphincs-shake256-192f-robust,sphincs-shake256-256s-robust,sphincs-haraka-192f-simple,sphincs-haraka-256s-simple,sphincs-sha256-192f-simple,sphincs-sha256-256s-simple,sphincs-shake256-192f-simple,sphincs-shake256-256s-simple addons: homebrew: + update: true packages: - astyle - ccache @@ -198,6 +201,7 @@ matrix: compiler: gcc addons: homebrew: + update: true packages: - astyle - ccache From 9a4e9da47e17b8b5d32f97a7d39e692df5ffcb1f Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Wed, 19 Feb 2020 14:46:48 -0500 Subject: [PATCH 3/7] Fix FIPS202 API memory leaks in Dilithium --- crypto_sign/dilithium2/avx2/sign.c | 1 + crypto_sign/dilithium2/clean/sign.c | 1 + crypto_sign/dilithium3/avx2/sign.c | 1 + crypto_sign/dilithium3/clean/sign.c | 1 + crypto_sign/dilithium4/avx2/sign.c | 1 + crypto_sign/dilithium4/clean/sign.c | 1 + 6 files changed, 6 insertions(+) diff --git a/crypto_sign/dilithium2/avx2/sign.c b/crypto_sign/dilithium2/avx2/sign.c index beaca17c..3b7b8c75 100644 --- a/crypto_sign/dilithium2/avx2/sign.c +++ b/crypto_sign/dilithium2/avx2/sign.c @@ -95,6 +95,7 @@ void PQCLEAN_DILITHIUM2_AVX2_challenge(poly *c, c->coeffs[b] ^= -(signs & 1) & (1 ^ (Q - 1)); signs >>= 1; } + shake256_ctx_release(&state); } /************************************************* diff --git a/crypto_sign/dilithium2/clean/sign.c b/crypto_sign/dilithium2/clean/sign.c index f1557978..24187654 100644 --- a/crypto_sign/dilithium2/clean/sign.c +++ b/crypto_sign/dilithium2/clean/sign.c @@ -85,6 +85,7 @@ void PQCLEAN_DILITHIUM2_CLEAN_challenge(poly *c, c->coeffs[b] ^= -((int32_t)signs & 1) & (1 ^ (Q - 1)); signs >>= 1; } + shake256_ctx_release(&state); } /************************************************* diff --git a/crypto_sign/dilithium3/avx2/sign.c b/crypto_sign/dilithium3/avx2/sign.c index 1084b653..b605203a 100644 --- a/crypto_sign/dilithium3/avx2/sign.c +++ b/crypto_sign/dilithium3/avx2/sign.c @@ -107,6 +107,7 @@ void PQCLEAN_DILITHIUM3_AVX2_challenge(poly *c, c->coeffs[b] ^= -(signs & 1) & (1 ^ (Q - 1)); signs >>= 1; } + shake256_ctx_release(&state); } /************************************************* diff --git a/crypto_sign/dilithium3/clean/sign.c b/crypto_sign/dilithium3/clean/sign.c index 6a7ceef0..1715c42f 100644 --- a/crypto_sign/dilithium3/clean/sign.c +++ b/crypto_sign/dilithium3/clean/sign.c @@ -85,6 +85,7 @@ void PQCLEAN_DILITHIUM3_CLEAN_challenge(poly *c, c->coeffs[b] ^= -((int32_t)signs & 1) & (1 ^ (Q - 1)); signs >>= 1; } + shake256_ctx_release(&state); } /************************************************* diff --git a/crypto_sign/dilithium4/avx2/sign.c b/crypto_sign/dilithium4/avx2/sign.c index b489c463..641adef6 100644 --- a/crypto_sign/dilithium4/avx2/sign.c +++ b/crypto_sign/dilithium4/avx2/sign.c @@ -122,6 +122,7 @@ void PQCLEAN_DILITHIUM4_AVX2_challenge(poly *c, c->coeffs[b] ^= -(signs & 1) & (1 ^ (Q - 1)); signs >>= 1; } + shake256_ctx_release(&state); } /************************************************* diff --git a/crypto_sign/dilithium4/clean/sign.c b/crypto_sign/dilithium4/clean/sign.c index ab2da1c2..aebe76be 100644 --- a/crypto_sign/dilithium4/clean/sign.c +++ b/crypto_sign/dilithium4/clean/sign.c @@ -85,6 +85,7 @@ void PQCLEAN_DILITHIUM4_CLEAN_challenge(poly *c, c->coeffs[b] ^= -((int32_t)signs & 1) & (1 ^ (Q - 1)); signs >>= 1; } + shake256_ctx_release(&state); } /************************************************* From 81caa58b5722b2d5e38423eeff4308788c34f928 Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Wed, 19 Feb 2020 14:51:19 -0500 Subject: [PATCH 4/7] Fix memory leaks in NewHope --- crypto_kem/newhope1024cca/clean/poly.c | 1 + crypto_kem/newhope1024cpa/clean/poly.c | 1 + crypto_kem/newhope512cca/clean/poly.c | 1 + crypto_kem/newhope512cpa/clean/poly.c | 1 + 4 files changed, 4 insertions(+) diff --git a/crypto_kem/newhope1024cca/clean/poly.c b/crypto_kem/newhope1024cca/clean/poly.c index 10ec5535..efa8fbb5 100644 --- a/crypto_kem/newhope1024cca/clean/poly.c +++ b/crypto_kem/newhope1024cca/clean/poly.c @@ -225,6 +225,7 @@ void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_uniform(poly *a, const unsigned char *see } } } + shake128_ctx_release(&state); } } diff --git a/crypto_kem/newhope1024cpa/clean/poly.c b/crypto_kem/newhope1024cpa/clean/poly.c index f9b4cce8..3f64de42 100644 --- a/crypto_kem/newhope1024cpa/clean/poly.c +++ b/crypto_kem/newhope1024cpa/clean/poly.c @@ -225,6 +225,7 @@ void PQCLEAN_NEWHOPE1024CPA_CLEAN_poly_uniform(poly *a, const unsigned char *see } } } + shake128_ctx_release(&state); } } diff --git a/crypto_kem/newhope512cca/clean/poly.c b/crypto_kem/newhope512cca/clean/poly.c index aa3175f0..39ec8e59 100644 --- a/crypto_kem/newhope512cca/clean/poly.c +++ b/crypto_kem/newhope512cca/clean/poly.c @@ -221,6 +221,7 @@ void PQCLEAN_NEWHOPE512CCA_CLEAN_poly_uniform(poly *a, const unsigned char *seed } } } + shake128_ctx_release(&state); } } diff --git a/crypto_kem/newhope512cpa/clean/poly.c b/crypto_kem/newhope512cpa/clean/poly.c index 6bd47ae6..3f03fdcf 100644 --- a/crypto_kem/newhope512cpa/clean/poly.c +++ b/crypto_kem/newhope512cpa/clean/poly.c @@ -221,6 +221,7 @@ void PQCLEAN_NEWHOPE512CPA_CLEAN_poly_uniform(poly *a, const unsigned char *seed } } } + shake128_ctx_release(&state); } } From fe4e12308b16e25cccf2548f0d4ad94a7c52bf2e Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Wed, 19 Feb 2020 14:56:02 -0500 Subject: [PATCH 5/7] Fix memory leaks in LEDAkem --- crypto_kem/ledakemlt12/leaktime/rng.c | 5 +++-- crypto_kem/ledakemlt32/leaktime/rng.c | 3 ++- crypto_kem/ledakemlt52/leaktime/rng.c | 3 ++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/crypto_kem/ledakemlt12/leaktime/rng.c b/crypto_kem/ledakemlt12/leaktime/rng.c index f9d22b97..cf0b1014 100644 --- a/crypto_kem/ledakemlt12/leaktime/rng.c +++ b/crypto_kem/ledakemlt12/leaktime/rng.c @@ -81,7 +81,7 @@ int PQCLEAN_LEDAKEMLT12_LEAKTIME_seedexpander(AES_XOF_struct *ctx, uint8_t *x, s memcpy(x + offset, ctx->buffer + ctx->buffer_pos, xlen); ctx->buffer_pos += xlen; - return RNG_SUCCESS; + goto end; } // take what's in the buffer @@ -103,7 +103,8 @@ int PQCLEAN_LEDAKEMLT12_LEAKTIME_seedexpander(AES_XOF_struct *ctx, uint8_t *x, s } } - aes256_ctx_release(&ctx256); +end: + aes256_ctx_release(&ctx256); return RNG_SUCCESS; } diff --git a/crypto_kem/ledakemlt32/leaktime/rng.c b/crypto_kem/ledakemlt32/leaktime/rng.c index 3c12deb4..99193987 100644 --- a/crypto_kem/ledakemlt32/leaktime/rng.c +++ b/crypto_kem/ledakemlt32/leaktime/rng.c @@ -81,7 +81,7 @@ int PQCLEAN_LEDAKEMLT32_LEAKTIME_seedexpander(AES_XOF_struct *ctx, uint8_t *x, s memcpy(x + offset, ctx->buffer + ctx->buffer_pos, xlen); ctx->buffer_pos += xlen; - return RNG_SUCCESS; + goto end; } // take what's in the buffer @@ -103,6 +103,7 @@ int PQCLEAN_LEDAKEMLT32_LEAKTIME_seedexpander(AES_XOF_struct *ctx, uint8_t *x, s } } +end: aes256_ctx_release(&ctx256); return RNG_SUCCESS; diff --git a/crypto_kem/ledakemlt52/leaktime/rng.c b/crypto_kem/ledakemlt52/leaktime/rng.c index 760bb2b4..7354c8e0 100644 --- a/crypto_kem/ledakemlt52/leaktime/rng.c +++ b/crypto_kem/ledakemlt52/leaktime/rng.c @@ -81,7 +81,7 @@ int PQCLEAN_LEDAKEMLT52_LEAKTIME_seedexpander(AES_XOF_struct *ctx, uint8_t *x, s memcpy(x + offset, ctx->buffer + ctx->buffer_pos, xlen); ctx->buffer_pos += xlen; - return RNG_SUCCESS; + goto end; } // take what's in the buffer @@ -103,6 +103,7 @@ int PQCLEAN_LEDAKEMLT52_LEAKTIME_seedexpander(AES_XOF_struct *ctx, uint8_t *x, s } } +end: aes256_ctx_release(&ctx256); return RNG_SUCCESS; From 2b267defdb8abece2db79529ffc217f5df653f11 Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Wed, 19 Feb 2020 15:44:02 -0500 Subject: [PATCH 6/7] Enable leak check in Valgrind --- test/test_valgrind.py | 1 + 1 file changed, 1 insertion(+) diff --git a/test/test_valgrind.py b/test/test_valgrind.py index b4b5ed7b..32715b41 100644 --- a/test/test_valgrind.py +++ b/test/test_valgrind.py @@ -54,6 +54,7 @@ def test_valgrind(implementation: pqclean.Implementation, impl_path, test_dir, helpers.run_subprocess( ['valgrind', '--error-exitcode=1', + '--leak-check=yes', *(['--exit-on-first-error=yes'] if valgrind_supports_exit_early() else []), From 8c2f5994b9eb5d3d92f37a06935470cf6b6cffe3 Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Wed, 26 Feb 2020 13:16:19 -0500 Subject: [PATCH 7/7] Fix duplicate consistency --- crypto_kem/ledakemlt12/leaktime/rng.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto_kem/ledakemlt12/leaktime/rng.c b/crypto_kem/ledakemlt12/leaktime/rng.c index cf0b1014..0febbf62 100644 --- a/crypto_kem/ledakemlt12/leaktime/rng.c +++ b/crypto_kem/ledakemlt12/leaktime/rng.c @@ -104,7 +104,7 @@ int PQCLEAN_LEDAKEMLT12_LEAKTIME_seedexpander(AES_XOF_struct *ctx, uint8_t *x, s } end: - aes256_ctx_release(&ctx256); + return RNG_SUCCESS; }