Skip to content

Add configs to disable unused APIs [full CI]#1000

Open
mkannwischer wants to merge 13 commits intomainfrom
config-disable-apis
Open

Add configs to disable unused APIs [full CI]#1000
mkannwischer wants to merge 13 commits intomainfrom
config-disable-apis

Conversation

@mkannwischer
Copy link
Contributor

@mkannwischer mkannwischer commented Mar 21, 2026

Continuation of #960 by @flynd to run full CI.

@mkannwischer mkannwischer mentioned this pull request Mar 21, 2026
Closed
@oqs-bot
Copy link
Contributor

oqs-bot commented Mar 21, 2026
edited
Loading

CBMC Results (ML-DSA-65)

Full Results (176 proofs)
Proof Status Current Previous Change
**TOTAL** 2402s 2485s -3.3%
mld_attempt_signature_generation 244s 275s -11%
sign_verify_internal 242s 336s -28%
polyvecl_pointwise_acc_montgomery_c 212s 192s +10%
poly_pointwise_montgomery_c 180s 153s +18%
rej_uniform_native 152s 148s +3%
polyvec_matrix_expand 121s 126s -4%
mld_invntt_layer 94s 96s -2%
mld_ct_memcmp 82s 76s +8%
polyvec_matrix_expand_serial 70s 68s +3%
keccak_squeezeblocks_x4 44s 43s +2%
sign_signature_internal 38s 39s -3%
mld_ntt_layer 37s 55s -33%
polymat_permute_bitrev_to_custom 33s 30s +10%
mld_compute_t0_t1_tr_from_sk_components 29s 27s +7%
rej_uniform 22s 24s -8%
fqmul 21s 21s +0%
poly_chknorm_c 21s 21s +0%
rej_uniform_c 18s 13s +38%
poly_uniform_4x 15s 17s -12%
poly_uniform_eta_4x 14s 16s -12%
keccakf1600x4_permute_native 13s 13s +0%
polyt0_unpack 13s 15s -13%
polyveck_decompose 13s 11s +18%
mld_ntt_butterfly_block 12s 12s +0%
poly_add 12s 12s +0%
poly_decompose_c 12s 9s +33%
polyvec_matrix_pointwise_montgomery 12s 11s +9%
polyvecl_chknorm 12s 11s +9%
keccak_absorb_once_x4 11s 11s +0%
polyveck_sub 11s 11s +0%
polyveck_power2round 10s 11s -9%
keccakf1600_permute_native 9s 8s +12%
polyveck_add 9s 9s +0%
polyveck_pointwise_poly_montgomery 9s 7s +29%
mld_polyvecl_permute_bitrev_to_custom_native 8s 7s +14%
poly_power2round 8s 5s +60%
polyveck_invntt_tomont 8s 9s -11%
polyveck_ntt 8s 12s -33%
polyveck_shiftl 8s 7s +14%
keccak_absorb 7s 7s +0%
keccakf1600_permute 7s 7s +0%
mld_check_pct 7s 8s -12%
mld_sample_s1_s2 7s 8s -12%
mld_sample_s1_s2_serial 7s 5s +40%
pack_sk 7s 3s +133%
poly_invntt_tomont_c 7s 6s +17%
polyveck_caddq 7s 8s -12%
polyveck_reduce 7s 6s +17%
polyveck_use_hint 7s 8s -12%
polyvecl_ntt 7s 7s +0%
sign 7s 7s +0%
sign_verify_pre_hash_internal 7s 4s +75%
keccakf1600_extract_bytes (big endian) 6s 2s +200%
poly_uniform_gamma1_4x 6s 7s -14%
polyeta_unpack 6s 6s +0%
polyveck_unpack_t0 6s 6s +0%
polyvecl_pointwise_acc_montgomery_native 6s 4s +50%
sign_pk_from_sk 6s 8s -25%
sign_signature_pre_hash_shake256 6s 3s +100%
unpack_hints 6s 5s +20%
keccak_squeeze 5s 4s +25%
keccakf1600_xor_bytes (big endian) 5s 4s +25%
mld_h 5s 3s +67%
mld_prepare_domain_separation_prefix 5s 4s +25%
pack_pk 5s 5s +0%
poly_challenge 5s 4s +25%
poly_ntt 5s 2s +150%
poly_uniform_eta 5s 5s +0%
poly_uniform_gamma1 5s 4s +25%
poly_use_hint_c 5s 4s +25%
polyeta_pack 5s 4s +25%
polyt1_pack 5s 2s +150%
polyveck_pack_eta 5s 2s +150%
rej_eta_native 5s 4s +25%
shake128_absorb 5s 1s +400%
sign_keypair 5s 5s +0%
sign_keypair_internal 5s 5s +0%
sign_open 5s 5s +0%
unpack_sk 5s 5s +0%
caddq 4s 4s +0%
intt_native_x86_64 4s 4s +0%
make_hint 4s 5s -20%
mld_compute_pack_z 4s 6s -33%
mld_ct_cmask_nonzero_u32 4s 3s +33%
mld_ct_get_optblocker_u8 4s 5s -20%
mld_value_barrier_u8 4s 2s +100%
ntt_native_x86_64 4s 5s -20%
poly_caddq 4s 3s +33%
poly_caddq_c 4s 5s -20%
poly_chknorm 4s 2s +100%
poly_invntt_tomont_native 4s 3s +33%
poly_ntt_native 4s 2s +100%
poly_shiftl 4s 4s +0%
poly_sub 4s 3s +33%
poly_uniform 4s 4s +0%
polyveck_chknorm 4s 3s +33%
polyveck_make_hint 4s 7s -43%
polyveck_pack_t0 4s 5s -20%
polyvecl_pack_eta 4s 4s +0%
polyvecl_permute_bitrev_to_custom 4s 3s +33%
polyvecl_uniform_gamma1 4s 4s +0%
polyvecl_unpack_eta 4s 1s +300%
rej_eta 4s 3s +33%
rej_eta_c 4s 3s +33%
shake256x4_absorb_once 4s 3s +33%
sign_signature 4s 3s +33%
sign_signature_extmu 4s 4s +0%
sign_signature_pre_hash_internal 4s 6s -33%
sign_verify_extmu 4s 4s +0%
unpack_sig 4s 4s +0%
fqscale 3s 2s +50%
mld_ct_cmask_nonzero_u8 3s 2s +50%
mld_ct_sel_int32 3s 3s +0%
mld_value_barrier_u32 3s 2s +50%
poly_caddq_native 3s 2s +50%
poly_caddq_native_aarch64 3s 5s -40%
poly_chknorm_native 3s 4s -25%
poly_chknorm_native_aarch64 3s 3s +0%
poly_decompose 3s 2s +50%
poly_decompose_native 3s 3s +0%
poly_invntt_tomont 3s 4s -25%
poly_make_hint 3s 5s -40%
poly_ntt_c 3s 3s +0%
poly_pointwise_montgomery 3s 7s -57%
poly_reduce 3s 4s -25%
poly_use_hint_native 3s 5s -40%
polyt0_pack 3s 3s +0%
polyt1_unpack 3s 2s +50%
polyveck_pack_w1 3s 3s +0%
polyvecl_pointwise_acc_montgomery 3s 3s +0%
polyvecl_uniform_gamma1_serial 3s 4s -25%
polyvecl_unpack_z 3s 4s -25%
polyw1_pack 3s 3s +0%
polyz_unpack 3s 4s -25%
polyz_unpack_native 3s 3s +0%
power2round 3s 3s +0%
shake128_init 3s 2s +50%
shake128_squeeze 3s 3s +0%
shake128x4_absorb_once 3s 2s +50%
shake128x4_squeezeblocks 3s 3s +0%
shake256x4_squeezeblocks 3s 2s +50%
sign_verify 3s 7s -57%
sign_verify_pre_hash_shake256 3s 2s +50%
sys_check_capability 3s 2s +50%
use_hint 3s 3s +0%
decompose 2s 2s +0%
keccak_finalize 2s 2s +0%
keccakf1600x4_xor_bytes 2s 2s +0%
mld_ct_get_optblocker_i64 2s 5s -60%
mld_keccakf1600_extract_bytes 2s 2s +0%
mld_value_barrier_i64 2s 3s -33%
montgomery_reduce 2s 2s +0%
pack_sig_c_h 2s 4s -50%
pack_sig_z 2s 4s -50%
poly_pointwise_montgomery_native 2s 4s -50%
poly_use_hint 2s 3s -33%
polyveck_unpack_eta 2s 3s -33%
polyz_pack 2s 3s -33%
polyz_unpack_c 2s 3s -33%
shake128_release 2s 5s -60%
shake256_absorb 2s 1s +100%
shake256_finalize 2s 5s -60%
shake256_init 2s 2s +0%
shake256_release 2s 2s +0%
shake256_squeeze 2s 3s -33%
unpack_pk 2s 4s -50%
keccak_init 1s 3s -67%
keccakf1600_xor_bytes 1s 3s -67%
keccakf1600x4_extract_bytes 1s 2s -50%
keccakf1600x4_permute 1s 3s -67%
mld_ct_abs_i32 1s 2s -50%
mld_ct_cmask_neg_i32 1s 1s +0%
mld_ct_get_optblocker_u32 1s 2s -50%
reduce32 1s 4s -75%
shake128_finalize 1s 3s -67%
shake256 1s 3s -67%

@oqs-bot
Copy link
Contributor

oqs-bot commented Mar 21, 2026
edited
Loading

CBMC Results (ML-DSA-44)

⚠️ Attention Required

Proof Status Current Previous Change
**TOTAL** ⚠️ 2821s 1998s +41.2%
mld_invntt_layer ⚠️ 178s 88s +102%
poly_invntt_tomont_c ⚠️ 208s 5s +4060%
polymat_permute_bitrev_to_custom ⚠️ 24s 15s +60%
sign_verify_internal ⚠️ 230s 126s +83%
Full Results (176 proofs)
Proof Status Current Previous Change
**TOTAL** ⚠️ 2821s 1998s +41.2%
mld_attempt_signature_generation 316s 231s +37%
polyvecl_pointwise_acc_montgomery_c 304s 208s +46%
sign_verify_internal ⚠️ 230s 126s +83%
poly_pointwise_montgomery_c 210s 152s +38%
poly_invntt_tomont_c ⚠️ 208s 5s +4060%
mld_invntt_layer ⚠️ 178s 88s +102%
rej_uniform_native 168s 146s +15%
mld_ct_memcmp 98s 77s +27%
mld_ntt_layer 64s 59s +8%
keccak_squeezeblocks_x4 49s 42s +17%
sign_signature_internal 42s 31s +35%
polyvec_matrix_expand 35s 28s +25%
poly_chknorm_c 25s 19s +32%
fqmul 24s 20s +20%
polymat_permute_bitrev_to_custom ⚠️ 24s 15s +60%
rej_uniform 24s 22s +9%
polyeta_unpack 21s 16s +31%
poly_uniform_eta_4x 20s 17s +18%
mld_compute_t0_t1_tr_from_sk_components 18s 14s +29%
polyt0_unpack 17s 14s +21%
mld_ntt_butterfly_block 16s 12s +33%
rej_uniform_c 16s 14s +14%
keccakf1600x4_permute_native 15s 13s +15%
poly_add 15s 9s +67%
poly_uniform_4x 15s 14s +7%
polyvec_matrix_pointwise_montgomery 15s 13s +15%
polyvec_matrix_expand_serial 13s 13s +0%
polyveck_power2round 13s 12s +8%
keccak_absorb_once_x4 12s 10s +20%
polyz_unpack_c 12s 11s +9%
polyveck_use_hint 11s 9s +22%
keccakf1600_permute_native 10s 7s +43%
mld_check_pct 10s 5s +100%
mld_compute_pack_z 10s 7s +43%
sign 10s 7s +43%
keccak_absorb 8s 9s -11%
mld_polyvecl_permute_bitrev_to_custom_native 8s 7s +14%
sign_verify_pre_hash_internal 8s 4s +100%
unpack_hints 8s 8s +0%
keccakf1600_permute 7s 7s +0%
poly_challenge 7s 4s +75%
poly_chknorm_native 7s 2s +250%
poly_power2round 7s 8s -12%
polyveck_chknorm 7s 4s +75%
polyveck_shiftl 7s 4s +75%
rej_eta_c 7s 5s +40%
sign_open 7s 5s +40%
sign_pk_from_sk 7s 7s +0%
sign_signature_extmu 7s 5s +40%
sign_verify_pre_hash_shake256 7s 5s +40%
keccakf1600x4_extract_bytes 6s 5s +20%
mld_sample_s1_s2 6s 2s +200%
poly_sub 6s 3s +100%
poly_use_hint_c 6s 5s +20%
polyveck_add 6s 9s -33%
polyveck_ntt 6s 6s +0%
polyveck_pointwise_poly_montgomery 6s 2s +200%
sign_signature_pre_hash_shake256 6s 3s +100%
keccakf1600x4_permute 5s 3s +67%
mld_h 5s 6s -17%
ntt_native_x86_64 5s 4s +25%
poly_caddq_c 5s 4s +25%
poly_caddq_native_aarch64 5s 6s -17%
poly_invntt_tomont_native 5s 4s +25%
poly_make_hint 5s 4s +25%
poly_uniform_gamma1_4x 5s 3s +67%
poly_use_hint 5s 3s +67%
poly_use_hint_native 5s 3s +67%
polyt0_pack 5s 5s +0%
polyveck_caddq 5s 3s +67%
polyveck_decompose 5s 5s +0%
polyveck_make_hint 5s 4s +25%
polyveck_sub 5s 5s +0%
polyvecl_chknorm 5s 4s +25%
polyvecl_pointwise_acc_montgomery_native 5s 3s +67%
polyvecl_uniform_gamma1_serial 5s 2s +150%
polyz_pack 5s 5s +0%
polyz_unpack 5s 2s +150%
rej_eta 5s 4s +25%
rej_eta_native 5s 5s +0%
shake256 5s 3s +67%
sign_keypair_internal 5s 9s -44%
sign_signature 5s 5s +0%
unpack_sk 5s 5s +0%
intt_native_x86_64 4s 3s +33%
keccak_squeeze 4s 3s +33%
mld_ct_cmask_nonzero_u32 4s 4s +0%
mld_keccakf1600_extract_bytes 4s 3s +33%
pack_pk 4s 3s +33%
pack_sig_c_h 4s 5s -20%
pack_sig_z 4s 3s +33%
pack_sk 4s 3s +33%
poly_chknorm_native_aarch64 4s 5s -20%
poly_decompose 4s 2s +100%
poly_decompose_c 4s 2s +100%
poly_ntt 4s 3s +33%
poly_ntt_native 4s 3s +33%
poly_pointwise_montgomery 4s 4s +0%
poly_shiftl 4s 2s +100%
poly_uniform 4s 3s +33%
polyt1_pack 4s 3s +33%
polyveck_invntt_tomont 4s 3s +33%
polyveck_pack_eta 4s 2s +100%
polyveck_pack_t0 4s 3s +33%
polyveck_unpack_t0 4s 3s +33%
polyvecl_ntt 4s 7s -43%
polyz_unpack_native 4s 3s +33%
shake128_release 4s 2s +100%
shake256x4_squeezeblocks 4s 2s +100%
sign_keypair 4s 3s +33%
sign_signature_pre_hash_internal 4s 3s +33%
sign_verify_extmu 4s 5s -20%
sys_check_capability 4s 2s +100%
caddq 3s 3s +0%
make_hint 3s 3s +0%
mld_ct_abs_i32 3s 3s +0%
mld_ct_cmask_nonzero_u8 3s 2s +50%
mld_ct_get_optblocker_u32 3s 3s +0%
mld_prepare_domain_separation_prefix 3s 7s -57%
mld_sample_s1_s2_serial 3s 3s +0%
mld_value_barrier_i64 3s 3s +0%
poly_caddq 3s 3s +0%
poly_caddq_native 3s 3s +0%
poly_decompose_native 3s 3s +0%
poly_ntt_c 3s 4s -25%
poly_pointwise_montgomery_native 3s 2s +50%
poly_uniform_eta 3s 3s +0%
poly_uniform_gamma1 3s 2s +50%
polyeta_pack 3s 4s -25%
polyveck_pack_w1 3s 6s -50%
polyveck_reduce 3s 6s -50%
polyveck_unpack_eta 3s 2s +50%
polyvecl_pointwise_acc_montgomery 3s 2s +50%
polyvecl_uniform_gamma1 3s 3s +0%
power2round 3s 3s +0%
reduce32 3s 3s +0%
shake128_finalize 3s 2s +50%
shake256_absorb 3s 6s -50%
shake256_finalize 3s 3s +0%
sign_verify 3s 7s -57%
unpack_pk 3s 3s +0%
unpack_sig 3s 4s -25%
use_hint 3s 2s +50%
decompose 2s 4s -50%
fqscale 2s 4s -50%
keccak_finalize 2s 4s -50%
keccak_init 2s 2s +0%
keccakf1600_extract_bytes (big endian) 2s 2s +0%
keccakf1600x4_xor_bytes 2s 4s -50%
mld_ct_cmask_neg_i32 2s 1s +100%
mld_ct_get_optblocker_i64 2s 2s +0%
mld_ct_get_optblocker_u8 2s 3s -33%
mld_value_barrier_u32 2s 2s +0%
mld_value_barrier_u8 2s 1s +100%
montgomery_reduce 2s 3s -33%
poly_invntt_tomont 2s 3s -33%
poly_reduce 2s 3s -33%
polyt1_unpack 2s 4s -50%
polyvecl_pack_eta 2s 2s +0%
polyvecl_permute_bitrev_to_custom 2s 4s -50%
polyvecl_unpack_eta 2s 3s -33%
polyvecl_unpack_z 2s 4s -50%
polyw1_pack 2s 5s -60%
shake128_init 2s 2s +0%
shake128x4_absorb_once 2s 1s +100%
shake128x4_squeezeblocks 2s 2s +0%
shake256_init 2s 1s +100%
shake256_release 2s 2s +0%
shake256_squeeze 2s 2s +0%
shake256x4_absorb_once 2s 3s -33%
keccakf1600_xor_bytes 1s 1s +0%
keccakf1600_xor_bytes (big endian) 1s 3s -67%
mld_ct_sel_int32 1s 2s -50%
poly_chknorm 1s 4s -75%
shake128_absorb 1s 3s -67%
shake128_squeeze 1s 3s -67%

@oqs-bot
Copy link
Contributor

oqs-bot commented Mar 21, 2026
edited
Loading

CBMC Results (ML-DSA-87)

⚠️ Attention Required

Proof Status Current Previous Change
polyvec_matrix_expand ⚠️ 289s 177s +63%
Full Results (176 proofs)
Proof Status Current Previous Change
**TOTAL** 2717s 2658s +2.2%
sign_verify_internal 353s 330s +7%
polyvec_matrix_expand ⚠️ 289s 177s +63%
polyvecl_pointwise_acc_montgomery_c 271s 276s -2%
mld_attempt_signature_generation 193s 237s -19%
poly_pointwise_montgomery_c 157s 153s +3%
rej_uniform_native 144s 140s +3%
mld_invntt_layer 83s 94s -12%
polyvec_matrix_expand_serial 81s 79s +3%
mld_ct_memcmp 75s 73s +3%
sign_signature_internal 61s 56s +9%
polyveck_decompose 58s 56s +4%
keccak_squeezeblocks_x4 42s 42s +0%
mld_ntt_layer 36s 52s -31%
mld_compute_t0_t1_tr_from_sk_components 27s 25s +8%
polymat_permute_bitrev_to_custom 25s 45s -44%
poly_chknorm_c 21s 18s +17%
rej_uniform 21s 21s +0%
fqmul 19s 18s +6%
polyeta_unpack 19s 18s +6%
poly_uniform_eta_4x 17s 16s +6%
poly_uniform_4x 15s 14s +7%
polyt0_unpack 15s 14s +7%
rej_uniform_c 14s 12s +17%
keccakf1600x4_permute_native 13s 15s -13%
poly_add 13s 13s +0%
keccak_absorb_once_x4 12s 10s +20%
mld_check_pct 12s 9s +33%
mld_ntt_butterfly_block 12s 12s +0%
mld_polyvecl_permute_bitrev_to_custom_native 11s 13s -15%
polyvec_matrix_pointwise_montgomery 11s 12s -8%
polyveck_reduce 11s 10s +10%
polyveck_power2round 10s 8s +25%
polyz_unpack_c 10s 7s +43%
keccakf1600_permute_native 9s 9s +0%
polyveck_add 9s 9s +0%
polyveck_use_hint 9s 13s -31%
polyvecl_ntt 9s 9s +0%
mld_sample_s1_s2 8s 7s +14%
poly_invntt_tomont_c 8s 8s +0%
polyveck_caddq 8s 9s -11%
polyveck_ntt 8s 7s +14%
sign_pk_from_sk 8s 6s +33%
keccak_absorb 7s 7s +0%
keccakf1600_permute 7s 7s +0%
mld_h 7s 4s +75%
poly_caddq_c 7s 7s +0%
poly_challenge 7s 4s +75%
poly_decompose_c 7s 7s +0%
poly_make_hint 7s 4s +75%
poly_power2round 7s 5s +40%
polyveck_make_hint 7s 7s +0%
polyveck_pointwise_poly_montgomery 7s 7s +0%
polyveck_shiftl 7s 7s +0%
polyvecl_uniform_gamma1 7s 4s +75%
mld_compute_pack_z 6s 8s -25%
mld_sample_s1_s2_serial 6s 9s -33%
polyveck_invntt_tomont 6s 7s -14%
polyveck_sub 6s 6s +0%
polyvecl_uniform_gamma1_serial 6s 4s +50%
sign_keypair_internal 6s 7s -14%
sign_signature 6s 6s +0%
sign_signature_extmu 6s 3s +100%
sign_verify 6s 3s +100%
sign_verify_pre_hash_internal 6s 5s +20%
unpack_sk 6s 5s +20%
keccak_squeeze 5s 2s +150%
mld_ct_cmask_nonzero_u32 5s 5s +0%
montgomery_reduce 5s 4s +25%
poly_caddq_native 5s 2s +150%
poly_chknorm_native_aarch64 5s 2s +150%
poly_shiftl 5s 3s +67%
poly_uniform_eta 5s 5s +0%
polyt1_pack 5s 3s +67%
polyveck_pack_w1 5s 2s +150%
polyvecl_chknorm 5s 6s -17%
unpack_hints 5s 5s +0%
keccakf1600_xor_bytes (big endian) 4s 2s +100%
keccakf1600x4_permute 4s 3s +33%
mld_ct_get_optblocker_i64 4s 3s +33%
mld_ct_get_optblocker_u32 4s 4s +0%
mld_ct_sel_int32 4s 1s +300%
mld_prepare_domain_separation_prefix 4s 5s -20%
pack_sig_c_h 4s 3s +33%
poly_decompose 4s 3s +33%
poly_pointwise_montgomery 4s 4s +0%
poly_pointwise_montgomery_native 4s 2s +100%
poly_sub 4s 5s -20%
poly_uniform_gamma1 4s 2s +100%
poly_uniform_gamma1_4x 4s 4s +0%
poly_use_hint_c 4s 3s +33%
polyt0_pack 4s 4s +0%
polyveck_unpack_eta 4s 5s -20%
polyveck_unpack_t0 4s 6s -33%
polyvecl_pointwise_acc_montgomery_native 4s 4s +0%
polyvecl_unpack_z 4s 6s -33%
rej_eta 4s 6s -33%
rej_eta_native 4s 4s +0%
shake256_absorb 4s 2s +100%
shake256_release 4s 1s +300%
sign 4s 7s -43%
sign_keypair 4s 3s +33%
sign_open 4s 5s -20%
sign_signature_pre_hash_internal 4s 3s +33%
sign_verify_extmu 4s 5s -20%
sign_verify_pre_hash_shake256 4s 6s -33%
unpack_pk 4s 3s +33%
decompose 3s 2s +50%
fqscale 3s 5s -40%
keccak_finalize 3s 2s +50%
keccakf1600_extract_bytes (big endian) 3s 2s +50%
mld_ct_cmask_nonzero_u8 3s 5s -40%
mld_keccakf1600_extract_bytes 3s 2s +50%
mld_value_barrier_u8 3s 1s +200%
pack_pk 3s 2s +50%
pack_sig_z 3s 6s -50%
poly_caddq 3s 2s +50%
poly_chknorm 3s 3s +0%
poly_chknorm_native 3s 2s +50%
poly_invntt_tomont 3s 2s +50%
poly_invntt_tomont_native 3s 4s -25%
poly_ntt_c 3s 4s -25%
poly_reduce 3s 3s +0%
poly_use_hint_native 3s 4s -25%
polyeta_pack 3s 3s +0%
polyveck_chknorm 3s 6s -50%
polyvecl_pack_eta 3s 4s -25%
polyvecl_pointwise_acc_montgomery 3s 4s -25%
polyvecl_unpack_eta 3s 4s -25%
polyz_pack 3s 2s +50%
polyz_unpack 3s 4s -25%
rej_eta_c 3s 3s +0%
shake128_squeeze 3s 2s +50%
shake128x4_absorb_once 3s 4s -25%
shake128x4_squeezeblocks 3s 3s +0%
shake256x4_squeezeblocks 3s 7s -57%
sign_signature_pre_hash_shake256 3s 6s -50%
use_hint 3s 3s +0%
intt_native_x86_64 2s 4s -50%
keccak_init 2s 4s -50%
keccakf1600_xor_bytes 2s 4s -50%
keccakf1600x4_extract_bytes 2s 2s +0%
keccakf1600x4_xor_bytes 2s 3s -33%
make_hint 2s 3s -33%
mld_ct_abs_i32 2s 2s +0%
mld_ct_cmask_neg_i32 2s 2s +0%
mld_ct_get_optblocker_u8 2s 1s +100%
mld_value_barrier_u32 2s 4s -50%
ntt_native_x86_64 2s 3s -33%
pack_sk 2s 3s -33%
poly_caddq_native_aarch64 2s 2s +0%
poly_decompose_native 2s 2s +0%
poly_ntt 2s 3s -33%
poly_ntt_native 2s 2s +0%
poly_use_hint 2s 2s +0%
polyt1_unpack 2s 3s -33%
polyveck_pack_eta 2s 4s -50%
polyveck_pack_t0 2s 3s -33%
polyvecl_permute_bitrev_to_custom 2s 2s +0%
polyw1_pack 2s 4s -50%
polyz_unpack_native 2s 6s -67%
power2round 2s 2s +0%
reduce32 2s 3s -33%
shake128_absorb 2s 2s +0%
shake128_init 2s 2s +0%
shake128_release 2s 3s -33%
shake256_finalize 2s 3s -33%
shake256_init 2s 1s +100%
shake256_squeeze 2s 2s +0%
sys_check_capability 2s 4s -50%
unpack_sig 2s 5s -60%
caddq 1s 4s -75%
mld_value_barrier_i64 1s 4s -75%
poly_uniform 1s 4s -75%
shake128_finalize 1s 3s -67%
shake256 1s 2s -50%
shake256x4_absorb_once 1s 2s -50%

@mkannwischer mkannwischer force-pushed the config-disable-apis branch 2 times, most recently from 0e7f1ba to 6b89fae Compare March 21, 2026 02:42
@mkannwischer mkannwischer marked this pull request as ready for review March 21, 2026 03:52
@mkannwischer mkannwischer requested a review from a team as a code owner March 21, 2026 03:52
hanno-becker
hanno-becker reviewed Mar 23, 2026
View reviewed changes
hanno-becker
hanno-becker reviewed Mar 23, 2026
View reviewed changes
examples/disabled_apis_native/Makefile
CFLAGS += -DMLD_CONFIG_USE_NATIVE_BACKEND_ARITH
CFLAGS += -DMLD_CONFIG_USE_NATIVE_BACKEND_FIPS202

# Disabled API flags
Copy link
Contributor

@hanno-becker hanno-becker Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why don't we use auto-generated configs here?

Copy link
Contributor

@flynd flynd Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if this question was directed at me. The disabled_apis and disabled_apis_native tests were added as a separate commit by @mkannwischer.

flynd added 8 commits March 23, 2026 12:17
@flynd @andolo-axis
aarch64/src/polyz_unpack_table.c: Disable unused tables
9eb83c8 
Only one table is used for each parameter set, so add conditions to
remove the unused table from non-shared builds.

Signed-off-by: Anders Sonmark <Anders.Sonmark@axis.com>
@flynd @andolo-axis
Add config to disable key generation API
1699e65 
Make it possible to exclude key generation when not needed, together
with all internal functions not needed for signature creation or
verification.

Signed-off-by: Anders Sonmark <Anders.Sonmark@axis.com>
@flynd @andolo-axis
Add config to disable signature creation API
0497f64 
Make it possible to exclude signature creation when not needed, together
with all internal functions not needed for key generation or signature
verification.

Signed-off-by: Anders Sonmark <Anders.Sonmark@axis.com>
@flynd @andolo-axis
Add config to disable signature verification API
eaf3f14 
Make it possible to exclude signature verification when not needed,
together with all internal functions not needed for key generation or
signature creation.

Signed-off-by: Anders Sonmark <Anders.Sonmark@axis.com>
@flynd @andolo-axis
Disable functions not used for key generation
cbe18a0 
Make it possible to exclude code only used for signature creation or
verification.

Signed-off-by: Anders Sonmark <Anders.Sonmark@axis.com>
@flynd @andolo-axis
Disable functions not used for signature creation
2a18f58 
Make it possible to exclude code only used for key generation or
verification.

Signed-off-by: Anders Sonmark <Anders.Sonmark@axis.com>
@flynd @andolo-axis
Disable functions not used for signature verification
ffe57e2 
Make it possible to exclude code only used for key generation or
signature creation.

Signed-off-by: Anders Sonmark <Anders.Sonmark@axis.com>
@flynd @andolo-axis
Add config to use only the internal API
fd8dae9 
Make it possible to exclude the wrapper APIs if not needed and build
only the internal API functions.

Signed-off-by: Anders Sonmark <Anders.Sonmark@axis.com>
@flynd flynd force-pushed the config-disable-apis branch from 69d203c to 54b3c74 Compare March 23, 2026 11:32
flynd and others added 5 commits March 23, 2026 14:17
@flynd
fips202: Don't build Keccak-f1600x2/x4 unless used
4ca54eb 
When building with MLD_CONFIG_REDUCE_RAM and only verifying or with
MLD_CONFIG_SERIAL_FIPS202_ONLY, Keccak-f1600x2/x4 is not used and can
be skipped.

Signed-off-by: Anders Sonmark <Anders.Sonmark@axis.com>
@mkannwischer @flynd
Examples: Add disabled_apis and disabled_apis_native examples
112caf3 
Add examples testing four disabled API combinations (keygen-only,
sign-only, verify-only, sign+verify) across all three parameter sets.
disabled_apis_native additionally enables native arithmetic and FIPS-202
backends.

Signed-off-by: Matthias J. Kannwischer <matthias@zerorisc.com>
@mkannwischer @flynd
Autogen: Preserve NO_XXX_API config guards in generated table files
fc9bf1e 
Signed-off-by: Matthias J. Kannwischer <matthias@zerorisc.com>
@mkannwischer @flynd
Add config validation: MLD_CONFIG_KEYGEN_PCT requires sign and verify…
e2af388 
… APIs

The PCT implementation internally calls crypto_sign_signature() and
crypto_sign_verify(), so it is incompatible with MLD_CONFIG_NO_SIGN_API
and MLD_CONFIG_NO_VERIFY_API.

Signed-off-by: Matthias J. Kannwischer <matthias@zerorisc.com>
@mkannwischer @flynd
FIPS202/x86_64: Don't use native x4 backend on x86_64 when not needed
ec9c236 
Match the AArch64 behavior and skip the native Keccak-f1600x4 backend
when MLD_CONFIG_SERIAL_FIPS202_ONLY or MLD_CONFIG_REDUCE_RAM is set.

Signed-off-by: Matthias J. Kannwischer <matthias@zerorisc.com>
@flynd flynd force-pushed the config-disable-apis branch from 54b3c74 to ec9c236 Compare March 23, 2026 13:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@flynd flynd flynd left review comments

@hanno-becker hanno-becker hanno-becker left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mkannwischer @oqs-bot @flynd @hanno-becker