From e32666a0ab72855ade16a428f3f70c34c6a08584 Mon Sep 17 00:00:00 2001 From: Joost Rijneveld Date: Wed, 24 Apr 2019 12:35:17 +0200 Subject: [PATCH 1/2] Throw errors when using variable-length arrays Windows already complains about this in CI, but this will let us catch these issues on Linux as well. --- README.md | 2 +- crypto_kem/frodokem1344aes/clean/Makefile | 2 +- crypto_kem/frodokem1344shake/clean/Makefile | 2 +- crypto_kem/frodokem640aes/clean/Makefile | 2 +- crypto_kem/frodokem640shake/clean/Makefile | 2 +- crypto_kem/frodokem976aes/clean/Makefile | 2 +- crypto_kem/frodokem976shake/clean/Makefile | 2 +- crypto_kem/kyber768/clean/Makefile | 2 +- crypto_kem/ntruhps2048509/clean/Makefile | 2 +- crypto_sign/sphincs-shake256-128f-simple/clean/Makefile | 2 +- test/Makefile | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 292a7e40..225de5b3 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ _The checking of items on this list is still being developed. Checked items shou * [x] No errors/warnings reported by address sanitizer * [x] Only dependencies: `fips202.c`, `sha2.c`, `aes.c`, `randombytes.c` * [x] API functions return `0` on success -* [x] No dynamic memory allocations +* [x] No dynamic memory allocations (including variable-length arrays) * [ ] No branching on secret data (dynamically checked using valgrind) * [ ] No access to secret memory locations (dynamically checked using valgrind) * [x] Separate subdirectories (without symlinks) for each parameter set of each scheme diff --git a/crypto_kem/frodokem1344aes/clean/Makefile b/crypto_kem/frodokem1344aes/clean/Makefile index 47ca6add..d3607215 100644 --- a/crypto_kem/frodokem1344aes/clean/Makefile +++ b/crypto_kem/frodokem1344aes/clean/Makefile @@ -4,7 +4,7 @@ LIB=libfrodokem1344aes_clean.a HEADERS=api.h params.h common.h OBJECTS=kem.o matrix_aes.o noise.o util.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/frodokem1344shake/clean/Makefile b/crypto_kem/frodokem1344shake/clean/Makefile index d8388faf..0443acb1 100644 --- a/crypto_kem/frodokem1344shake/clean/Makefile +++ b/crypto_kem/frodokem1344shake/clean/Makefile @@ -4,7 +4,7 @@ LIB=libfrodokem1344shake_clean.a HEADERS=api.h params.h common.h OBJECTS=kem.o matrix_shake.o noise.o util.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/frodokem640aes/clean/Makefile b/crypto_kem/frodokem640aes/clean/Makefile index f1600fb8..74fbe8ef 100644 --- a/crypto_kem/frodokem640aes/clean/Makefile +++ b/crypto_kem/frodokem640aes/clean/Makefile @@ -4,7 +4,7 @@ LIB=libfrodokem640aes_clean.a HEADERS=api.h params.h common.h OBJECTS=kem.o matrix_aes.o noise.o util.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/frodokem640shake/clean/Makefile b/crypto_kem/frodokem640shake/clean/Makefile index 285969d0..548ddfc8 100644 --- a/crypto_kem/frodokem640shake/clean/Makefile +++ b/crypto_kem/frodokem640shake/clean/Makefile @@ -4,7 +4,7 @@ LIB=libfrodokem640shake_clean.a HEADERS=api.h params.h common.h OBJECTS=kem.o matrix_shake.o noise.o util.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/frodokem976aes/clean/Makefile b/crypto_kem/frodokem976aes/clean/Makefile index e7cd8364..bd6cfa44 100644 --- a/crypto_kem/frodokem976aes/clean/Makefile +++ b/crypto_kem/frodokem976aes/clean/Makefile @@ -4,7 +4,7 @@ LIB=libfrodokem976aes_clean.a HEADERS=api.h params.h common.h OBJECTS=kem.o matrix_aes.o noise.o util.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/frodokem976shake/clean/Makefile b/crypto_kem/frodokem976shake/clean/Makefile index ba8cdd69..ef05e369 100644 --- a/crypto_kem/frodokem976shake/clean/Makefile +++ b/crypto_kem/frodokem976shake/clean/Makefile @@ -4,7 +4,7 @@ LIB=libfrodokem976shake_clean.a HEADERS=api.h params.h common.h OBJECTS=kem.o matrix_shake.o noise.o util.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/kyber768/clean/Makefile b/crypto_kem/kyber768/clean/Makefile index 6233fa63..11665601 100644 --- a/crypto_kem/kyber768/clean/Makefile +++ b/crypto_kem/kyber768/clean/Makefile @@ -4,7 +4,7 @@ LIB=libkyber768_clean.a HEADERS=api.h cbd.h indcpa.h ntt.h params.h poly.h polyvec.h reduce.h verify.h OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o precomp.o reduce.o verify.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/ntruhps2048509/clean/Makefile b/crypto_kem/ntruhps2048509/clean/Makefile index 0aa70930..8780e77c 100644 --- a/crypto_kem/ntruhps2048509/clean/Makefile +++ b/crypto_kem/ntruhps2048509/clean/Makefile @@ -4,7 +4,7 @@ LIB=libntruhps2048509_clean.a HEADERS=api.h crypto_sort.h owcpa.h params.h poly.h sample.h verify.h OBJECTS=crypto_sort.o kem.o owcpa.o pack3.o packq.o poly.o sample.o verify.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_sign/sphincs-shake256-128f-simple/clean/Makefile b/crypto_sign/sphincs-shake256-128f-simple/clean/Makefile index 0ff4dcbc..a53ff5e6 100644 --- a/crypto_sign/sphincs-shake256-128f-simple/clean/Makefile +++ b/crypto_sign/sphincs-shake256-128f-simple/clean/Makefile @@ -5,7 +5,7 @@ LIB=libsphincs-shake256-128f-simple_clean.a HEADERS = params.h address.h wots.h utils.h fors.h api.h hash.h thash.h OBJECTS = address.o wots.o utils.o fors.o sign.o hash_shake256.o thash_shake256_simple.o -CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/test/Makefile b/test/Makefile index 30a0af29..0f063a23 100644 --- a/test/Makefile +++ b/test/Makefile @@ -15,7 +15,7 @@ COMMON_HEADERS=$(COMMON_DIR)/*.h DEST_DIR=../bin # This -Wall was supported by the European Commission through the ERC Starting Grant 805031 (EPOQUE) -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -std=c99 \ +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -std=c99 \ -Wundef -Wshadow -Wcast-align -Wpointer-arith -Wmissing-prototypes\ -fstrict-aliasing -fno-common -pipe \ -I$(COMMON_DIR) $(EXTRAFLAGS) From 68b12866cedd22bbf7b7fae34cc589d8a136512c Mon Sep 17 00:00:00 2001 From: Joost Rijneveld Date: Wed, 24 Apr 2019 13:52:02 +0200 Subject: [PATCH 2/2] Use more standard Wvla --- crypto_kem/frodokem1344aes/clean/Makefile | 2 +- crypto_kem/frodokem1344shake/clean/Makefile | 2 +- crypto_kem/frodokem640aes/clean/Makefile | 2 +- crypto_kem/frodokem640shake/clean/Makefile | 2 +- crypto_kem/frodokem976aes/clean/Makefile | 2 +- crypto_kem/frodokem976shake/clean/Makefile | 2 +- crypto_kem/kyber768/clean/Makefile | 2 +- crypto_kem/ntruhps2048509/clean/Makefile | 2 +- crypto_sign/sphincs-shake256-128f-simple/clean/Makefile | 2 +- test/Makefile | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/crypto_kem/frodokem1344aes/clean/Makefile b/crypto_kem/frodokem1344aes/clean/Makefile index d3607215..ba564d21 100644 --- a/crypto_kem/frodokem1344aes/clean/Makefile +++ b/crypto_kem/frodokem1344aes/clean/Makefile @@ -4,7 +4,7 @@ LIB=libfrodokem1344aes_clean.a HEADERS=api.h params.h common.h OBJECTS=kem.o matrix_aes.o noise.o util.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/frodokem1344shake/clean/Makefile b/crypto_kem/frodokem1344shake/clean/Makefile index 0443acb1..39df6863 100644 --- a/crypto_kem/frodokem1344shake/clean/Makefile +++ b/crypto_kem/frodokem1344shake/clean/Makefile @@ -4,7 +4,7 @@ LIB=libfrodokem1344shake_clean.a HEADERS=api.h params.h common.h OBJECTS=kem.o matrix_shake.o noise.o util.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/frodokem640aes/clean/Makefile b/crypto_kem/frodokem640aes/clean/Makefile index 74fbe8ef..81e5d62d 100644 --- a/crypto_kem/frodokem640aes/clean/Makefile +++ b/crypto_kem/frodokem640aes/clean/Makefile @@ -4,7 +4,7 @@ LIB=libfrodokem640aes_clean.a HEADERS=api.h params.h common.h OBJECTS=kem.o matrix_aes.o noise.o util.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/frodokem640shake/clean/Makefile b/crypto_kem/frodokem640shake/clean/Makefile index 548ddfc8..a7949f55 100644 --- a/crypto_kem/frodokem640shake/clean/Makefile +++ b/crypto_kem/frodokem640shake/clean/Makefile @@ -4,7 +4,7 @@ LIB=libfrodokem640shake_clean.a HEADERS=api.h params.h common.h OBJECTS=kem.o matrix_shake.o noise.o util.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/frodokem976aes/clean/Makefile b/crypto_kem/frodokem976aes/clean/Makefile index bd6cfa44..376d9655 100644 --- a/crypto_kem/frodokem976aes/clean/Makefile +++ b/crypto_kem/frodokem976aes/clean/Makefile @@ -4,7 +4,7 @@ LIB=libfrodokem976aes_clean.a HEADERS=api.h params.h common.h OBJECTS=kem.o matrix_aes.o noise.o util.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/frodokem976shake/clean/Makefile b/crypto_kem/frodokem976shake/clean/Makefile index ef05e369..2d0a4652 100644 --- a/crypto_kem/frodokem976shake/clean/Makefile +++ b/crypto_kem/frodokem976shake/clean/Makefile @@ -4,7 +4,7 @@ LIB=libfrodokem976shake_clean.a HEADERS=api.h params.h common.h OBJECTS=kem.o matrix_shake.o noise.o util.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/kyber768/clean/Makefile b/crypto_kem/kyber768/clean/Makefile index 11665601..d408dca7 100644 --- a/crypto_kem/kyber768/clean/Makefile +++ b/crypto_kem/kyber768/clean/Makefile @@ -4,7 +4,7 @@ LIB=libkyber768_clean.a HEADERS=api.h cbd.h indcpa.h ntt.h params.h poly.h polyvec.h reduce.h verify.h OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o precomp.o reduce.o verify.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/ntruhps2048509/clean/Makefile b/crypto_kem/ntruhps2048509/clean/Makefile index 8780e77c..f4d4d328 100644 --- a/crypto_kem/ntruhps2048509/clean/Makefile +++ b/crypto_kem/ntruhps2048509/clean/Makefile @@ -4,7 +4,7 @@ LIB=libntruhps2048509_clean.a HEADERS=api.h crypto_sort.h owcpa.h params.h poly.h sample.h verify.h OBJECTS=crypto_sort.o kem.o owcpa.o pack3.o packq.o poly.o sample.o verify.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_sign/sphincs-shake256-128f-simple/clean/Makefile b/crypto_sign/sphincs-shake256-128f-simple/clean/Makefile index a53ff5e6..1e5260b5 100644 --- a/crypto_sign/sphincs-shake256-128f-simple/clean/Makefile +++ b/crypto_sign/sphincs-shake256-128f-simple/clean/Makefile @@ -5,7 +5,7 @@ LIB=libsphincs-shake256-128f-simple_clean.a HEADERS = params.h address.h wots.h utils.h fors.h api.h hash.h thash.h OBJECTS = address.o wots.o utils.o fors.o sign.o hash_shake256.o thash_shake256_simple.o -CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Werror=vla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/test/Makefile b/test/Makefile index 0f063a23..10fae81f 100644 --- a/test/Makefile +++ b/test/Makefile @@ -15,7 +15,7 @@ COMMON_HEADERS=$(COMMON_DIR)/*.h DEST_DIR=../bin # This -Wall was supported by the European Commission through the ERC Starting Grant 805031 (EPOQUE) -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror=vla -Werror -std=c99 \ +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -std=c99 \ -Wundef -Wshadow -Wcast-align -Wpointer-arith -Wmissing-prototypes\ -fstrict-aliasing -fno-common -pipe \ -I$(COMMON_DIR) $(EXTRAFLAGS)