diff --git a/.github/workflows/all.yml b/.github/workflows/all.yml index 289c95460..350fff2d4 100644 --- a/.github/workflows/all.yml +++ b/.github/workflows/all.yml @@ -74,7 +74,7 @@ jobs: needs: [ base ] uses: ./.github/workflows/integration-awslc.yml with: - commit: v1.72.0 + commit: v5.0.0 secrets: inherit ct-test: name: Constant-time diff --git a/.github/workflows/bench_ec2_reusable.yml b/.github/workflows/bench_ec2_reusable.yml index a723da337..be061b450 100644 --- a/.github/workflows/bench_ec2_reusable.yml +++ b/.github/workflows/bench_ec2_reusable.yml @@ -106,7 +106,7 @@ jobs: echo "Using AMI ID: $AMI_ID" echo "AMI_ID=$AMI_ID" >> "$GITHUB_OUTPUT" - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0 with: role-to-assume: ${{ env.AWS_ROLE }} aws-region: ${{ inputs.aws_region }} @@ -224,7 +224,7 @@ jobs: if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0 with: role-to-assume: ${{ env.AWS_ROLE }} aws-region: ${{ inputs.aws_region }} diff --git a/.github/workflows/ci_ec2_container.yml b/.github/workflows/ci_ec2_container.yml index 906bd1b6e..d0f820731 100644 --- a/.github/workflows/ci_ec2_container.yml +++ b/.github/workflows/ci_ec2_container.yml @@ -97,7 +97,7 @@ jobs: echo "Using AMI ID: $AMI_ID" echo "AMI_ID=$AMI_ID" >> "$GITHUB_OUTPUT" - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0 with: role-to-assume: ${{ env.AWS_ROLE }} aws-region: ${{ env.AWS_REGION }} @@ -210,7 +210,7 @@ jobs: if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0 with: role-to-assume: ${{ env.AWS_ROLE }} aws-region: ${{ env.AWS_REGION }} diff --git a/.github/workflows/ci_ec2_reusable.yml b/.github/workflows/ci_ec2_reusable.yml index 5f8f20011..88aca09b1 100644 --- a/.github/workflows/ci_ec2_reusable.yml +++ b/.github/workflows/ci_ec2_reusable.yml @@ -107,7 +107,7 @@ jobs: echo "Using AMI ID: $AMI_ID" echo "AMI_ID=$AMI_ID" >> "$GITHUB_OUTPUT" - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0 with: role-to-assume: ${{ env.AWS_ROLE }} aws-region: ${{ env.AWS_REGION }} @@ -236,7 +236,7 @@ jobs: if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0 with: role-to-assume: ${{ env.AWS_ROLE }} aws-region: ${{ env.AWS_REGION }} diff --git a/.github/workflows/integration-liboqs.yml b/.github/workflows/integration-liboqs.yml index a0589985b..d53e60358 100644 --- a/.github/workflows/integration-liboqs.yml +++ b/.github/workflows/integration-liboqs.yml @@ -41,7 +41,7 @@ jobs: packages: 'cmake python3-jinja2 python3-tabulate python3-git python3-pytest valgrind' - uses: ./.github/actions/setup-oqs with: - commit: 'd8509387febc9e32466c86aab544d225d60c8e3c' # main (2026-04-21) + commit: 'f986aea60a9f3cb4055474aa212538bb0b14f1fe' # main (2026-05-27) gh_token: ${{ secrets.GITHUB_TOKEN }} repository: 'open-quantum-safe/liboqs' - name: Apply patch diff --git a/.github/workflows/integration-pavona.yml b/.github/workflows/integration-pavona.yml index 5c6537494..bc088f7ea 100644 --- a/.github/workflows/integration-pavona.yml +++ b/.github/workflows/integration-pavona.yml @@ -29,7 +29,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0 with: role-to-assume: ${{ env.AWS_ROLE }} aws-region: ${{ env.AWS_REGION }} @@ -61,7 +61,7 @@ jobs: - uses: ./.github/actions/setup-pavona with: pavona-repository: https://github.com/pavona/pavona - pavona-commit: release/2026.05.p0 + pavona-commit: 96b8bca4c1025e3b599b53b912ed6afc5a098115 # main (2026-06-01) - name: Patch mldsa-native dependency run: | @@ -112,7 +112,7 @@ jobs: if: ${{ always() && needs.start-ec2-runner.result != 'skipped' }} # required to stop the runner even if errors occur steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0 with: role-to-assume: ${{ env.AWS_ROLE }} aws-region: ${{ env.AWS_REGION }} diff --git a/integration/pavona/add_polyvec_lazy.patch b/integration/pavona/add_polyvec_lazy.patch deleted file mode 100644 index d3898adf0..000000000 --- a/integration/pavona/add_polyvec_lazy.patch +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (c) The mldsa-native project authors -# SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT -diff --git a/third_party/mldsa_native/BUILD.mldsa_native.bazel b/third_party/mldsa_native/BUILD.mldsa_native.bazel -index 8a63d09..1c576c2 100644 ---- a/third_party/mldsa_native/BUILD.mldsa_native.bazel -+++ b/third_party/mldsa_native/BUILD.mldsa_native.bazel -@@ -26,6 +26,8 @@ cc_library( - "mldsa/src/poly_kl.h", - "mldsa/src/polyvec.c", - "mldsa/src/polyvec.h", -+ "mldsa/src/polyvec_lazy.c", -+ "mldsa/src/polyvec_lazy.h", - "mldsa/src/reduce.h", - "mldsa/src/rounding.h", - "mldsa/src/sign.c", diff --git a/integration/pavona/reduce_alloc.patch b/integration/pavona/reduce_alloc.patch deleted file mode 100644 index 5ea951e09..000000000 --- a/integration/pavona/reduce_alloc.patch +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright (c) The mldsa-native project authors -# SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT -diff --git a/sw/device/lib/crypto/include/mldsa.h b/sw/device/lib/crypto/include/mldsa.h ---- a/sw/device/lib/crypto/include/mldsa.h -+++ b/sw/device/lib/crypto/include/mldsa.h -@@ -41,17 +41,17 @@ enum { - kOtcryptoMldsa87SeedBytes = 32, - - // Work buffer sizes in 32-bit words -- kOtcryptoMldsa44WorkBufferKeypairWords = 32992 / sizeof(uint32_t), -- kOtcryptoMldsa44WorkBufferSignWords = 32448 / sizeof(uint32_t), -- kOtcryptoMldsa44WorkBufferVerifyWords = 22464 / sizeof(uint32_t), -+ kOtcryptoMldsa44WorkBufferKeypairWords = 11584 / sizeof(uint32_t), -+ kOtcryptoMldsa44WorkBufferSignWords = 13120 / sizeof(uint32_t), -+ kOtcryptoMldsa44WorkBufferVerifyWords = 9120 / sizeof(uint32_t), - -- kOtcryptoMldsa65WorkBufferKeypairWords = 46304 / sizeof(uint32_t), -- kOtcryptoMldsa65WorkBufferSignWords = 44768 / sizeof(uint32_t), -- kOtcryptoMldsa65WorkBufferVerifyWords = 30720 / sizeof(uint32_t), -+ kOtcryptoMldsa65WorkBufferKeypairWords = 14656 / sizeof(uint32_t), -+ kOtcryptoMldsa65WorkBufferSignWords = 17248 / sizeof(uint32_t), -+ kOtcryptoMldsa65WorkBufferVerifyWords = 10208 / sizeof(uint32_t), - -- kOtcryptoMldsa87WorkBufferKeypairWords = 62688 / sizeof(uint32_t), -- kOtcryptoMldsa87WorkBufferSignWords = 59104 / sizeof(uint32_t), -- kOtcryptoMldsa87WorkBufferVerifyWords = 41216 / sizeof(uint32_t), -+ kOtcryptoMldsa87WorkBufferKeypairWords = 18752 / sizeof(uint32_t), -+ kOtcryptoMldsa87WorkBufferSignWords = 21344 / sizeof(uint32_t), -+ kOtcryptoMldsa87WorkBufferVerifyWords = 12512 / sizeof(uint32_t), - }; - - /**