Add allocation failure test with bump allocator

Tests that the toplevel API correctly handles allocation failures by:
- Returning MLD_ERR_OUT_OF_MEMORY on allocation failure
- Cleaning up all allocated memory (no leaks)
- Freeing in LIFO order (enabling bump allocator use)

Uses custom bump allocator with LIFO tracking to systematically inject
failures at each allocation point and verify error handling.

Signed-off-by: Hanno Becker <beckphan@amazon.co.uk>

Author: hanno-becker

BIBLIOGRAPHY.md

@@ -53,6 +53,7 @@ source code and documentation.
   - [test/custom_zeroize_config.h](test/custom_zeroize_config.h)
   - [test/no_asm_config.h](test/no_asm_config.h)
   - [test/serial_fips202_config.h](test/serial_fips202_config.h)
+  - [test/test_alloc_config.h](test/test_alloc_config.h)
 
 ### `FIPS202`
 
@@ -107,6 +108,7 @@ source code and documentation.
   - [test/custom_zeroize_config.h](test/custom_zeroize_config.h)
   - [test/no_asm_config.h](test/no_asm_config.h)
   - [test/serial_fips202_config.h](test/serial_fips202_config.h)
+  - [test/test_alloc_config.h](test/test_alloc_config.h)
 
 ### `HYBRID`
 

Makefile

@@ -2,14 +2,14 @@
 # Copyright (c) The mldsa-native project authors
 # SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
 
-.PHONY: func kat acvp stack unit \
-	func_44 kat_44 acvp_44 stack_44 unit_44 \
-	func_65 kat_65 acvp_65 stack_65 unit_65 \
-	func_87 kat_87 acvp_87 stack_87 unit_87 \
-	run_func run_kat run_acvp run_stack run_unit \
-	run_func_44 run_kat_44 run_stack_44 run_unit_44 \
-	run_func_65 run_kat_65 run_stack_65 run_unit_65 \
-	run_func_87 run_kat_87 run_stack_87 run_unit_87 \
+.PHONY: func kat acvp stack unit alloc \
+	func_44 kat_44 acvp_44 stack_44 unit_44 alloc_44 \
+	func_65 kat_65 acvp_65 stack_65 unit_65 alloc_65 \
+	func_87 kat_87 acvp_87 stack_87 unit_87 alloc_87 \
+	run_func run_kat run_acvp run_stack run_unit run_alloc \
+	run_func_44 run_kat_44 run_stack_44 run_unit_44 run_alloc_44 \
+	run_func_65 run_kat_65 run_stack_65 run_unit_65 run_alloc_65 \
+	run_func_87 run_kat_87 run_stack_87 run_unit_87 run_alloc_87 \
 	bench_44 bench_65 bench_87 bench \
 	run_bench_44 run_bench_65 run_bench_87 run_bench \
 	bench_components_44 bench_components_65 bench_components_87 bench_components \
@@ -48,7 +48,7 @@ quickcheck: test
 build: func kat acvp
 	$(Q)echo "  Everything builds fine!"
 
-test: run_kat run_func run_acvp run_unit
+test: run_kat run_func run_acvp run_unit run_alloc
 	$(Q)echo "  Everything checks fine!"
 
 # Detect available SHA256 command
@@ -115,7 +115,7 @@ acvp_65:  $(MLDSA65_DIR)/bin/acvp_mldsa65
 acvp_87: $(MLDSA87_DIR)/bin/acvp_mldsa87
 	$(Q)echo "  ACVP       ML-DSA-87:  $^"
 acvp: acvp_44 acvp_65 acvp_87
-	
+
 ifeq ($(HOST_PLATFORM),Linux-aarch64)
 # valgrind does not work with the AArch64 SHA3 extension
 # Use armv8-a as the target architecture, overwriting a
@@ -141,6 +141,22 @@ run_stack_87: stack_87
 	$(Q)python3 scripts/stack $(MLDSA87_DIR)/bin/test_stack87 --build-dir $(MLDSA87_DIR) $(STACK_ANALYSIS_FLAGS)
 run_stack: run_stack_44 run_stack_65 run_stack_87
 
+alloc_44: $(MLDSA44_DIR)/bin/test_alloc44
+	$(Q)echo "  ALLOC   ML-DSA-44:   $^"
+alloc_65: $(MLDSA65_DIR)/bin/test_alloc65
+	$(Q)echo "  ALLOC   ML-DSA-65:   $^"
+alloc_87: $(MLDSA87_DIR)/bin/test_alloc87
+	$(Q)echo "  ALLOC   ML-DSA-87:  $^"
+alloc: alloc_44 alloc_65 alloc_87
+
+run_alloc_44: alloc_44
+	$(W) $(MLDSA44_DIR)/bin/test_alloc44
+run_alloc_65: alloc_65
+	$(W) $(MLDSA65_DIR)/bin/test_alloc65
+run_alloc_87: alloc_87
+	$(W) $(MLDSA87_DIR)/bin/test_alloc87
+run_alloc: run_alloc_44 run_alloc_65 run_alloc_87
+
 lib: $(BUILD_DIR)/libmldsa.a $(BUILD_DIR)/libmldsa44.a $(BUILD_DIR)/libmldsa65.a $(BUILD_DIR)/libmldsa87.a
 
 # Enforce setting CYCLES make variable when

mldsa/src/sign.c

@@ -119,8 +119,8 @@ static int mld_check_pct(uint8_t const pk[MLDSA_CRYPTO_PUBLICKEYBYTES],
 
 cleanup:
   /* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */
-  MLD_FREE(signature, uint8_t, MLDSA_CRYPTO_BYTES);
   MLD_FREE(pk_test, uint8_t, MLDSA_CRYPTO_PUBLICKEYBYTES);
+  MLD_FREE(signature, uint8_t, MLDSA_CRYPTO_BYTES);
 
   return ret;
 }
@@ -274,9 +274,9 @@ __contract__(
 
 cleanup:
   /* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */
-  MLD_FREE(mat, mld_polymat, 1);
-  MLD_FREE(s1hat, mld_polyvecl, 1);
   MLD_FREE(t, mld_polyveck, 1);
+  MLD_FREE(s1hat, mld_polyvecl, 1);
+  MLD_FREE(mat, mld_polymat, 1);
   return ret;
 }
 
@@ -332,19 +332,24 @@ int crypto_sign_keypair_internal(uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES],
   /* Constant time: pk is the public key, inherently public data */
   MLD_CT_TESTING_DECLASSIFY(pk, MLDSA_CRYPTO_PUBLICKEYBYTES);
 
-  /* Pairwise Consistency Test (PCT) @[FIPS140_3_IG, p.87] */
-  ret = mld_check_pct(pk, sk);
-
 cleanup:
   /* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */
-  MLD_FREE(seedbuf, uint8_t, 2 * MLDSA_SEEDBYTES + MLDSA_CRHBYTES);
-  MLD_FREE(inbuf, uint8_t, MLDSA_SEEDBYTES + 2);
-  MLD_FREE(tr, uint8_t, MLDSA_TRBYTES);
-  MLD_FREE(s1, mld_polyvecl, 1);
-  MLD_FREE(s2, mld_polyveck, 1);
-  MLD_FREE(t1, mld_polyveck, 1);
   MLD_FREE(t0, mld_polyveck, 1);
-  return ret;
+  MLD_FREE(t1, mld_polyveck, 1);
+  MLD_FREE(s2, mld_polyveck, 1);
+  MLD_FREE(s1, mld_polyvecl, 1);
+  MLD_FREE(tr, uint8_t, MLDSA_TRBYTES);
+  MLD_FREE(inbuf, uint8_t, MLDSA_SEEDBYTES + 2);
+  MLD_FREE(seedbuf, uint8_t, 2 * MLDSA_SEEDBYTES + MLDSA_CRHBYTES);
+
+  if (ret != 0)
+  {
+    return ret;
+  }
+
+  /* Pairwise Consistency Test (PCT) @[FIPS140_3_IG, p.87] */
+  /* Do this after freeing all temporaries. */
+  return mld_check_pct(pk, sk);
 }
 
 #if !defined(MLD_CONFIG_NO_RANDOMIZED_API)
@@ -610,13 +615,13 @@ __contract__(
 
 cleanup:
   /* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */
-  MLD_FREE(challenge_bytes, uint8_t, MLDSA_CTILDEBYTES);
-  MLD_FREE(y, mld_polyvecl, 1);
-  MLD_FREE(z, mld_polyvecl, 1);
-  MLD_FREE(w1, mld_polyveck, 1);
-  MLD_FREE(w0, mld_polyveck, 1);
-  MLD_FREE(h, mld_polyveck, 1);
   MLD_FREE(cp, mld_poly, 1);
+  MLD_FREE(h, mld_polyveck, 1);
+  MLD_FREE(w0, mld_polyveck, 1);
+  MLD_FREE(w1, mld_polyveck, 1);
+  MLD_FREE(z, mld_polyvecl, 1);
+  MLD_FREE(y, mld_polyvecl, 1);
+  MLD_FREE(challenge_bytes, uint8_t, MLDSA_CTILDEBYTES);
 
   return res;
 }
@@ -735,12 +740,12 @@ int crypto_sign_signature_internal(
   }
 
   /* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */
-  MLD_FREE(seedbuf, uint8_t,
-           2 * MLDSA_SEEDBYTES + MLDSA_TRBYTES + 2 * MLDSA_CRHBYTES);
-  MLD_FREE(mat, mld_polymat, 1);
-  MLD_FREE(s1, mld_polyvecl, 1);
   MLD_FREE(s2, mld_polyveck, 1);
   MLD_FREE(t0, mld_polyveck, 1);
+  MLD_FREE(s1, mld_polyvecl, 1);
+  MLD_FREE(mat, mld_polymat, 1);
+  MLD_FREE(seedbuf, uint8_t,
+           2 * MLDSA_SEEDBYTES + MLDSA_TRBYTES + 2 * MLDSA_CRHBYTES);
   return ret;
 }
 
@@ -794,8 +799,8 @@ int crypto_sign_signature(uint8_t sig[MLDSA_CRYPTO_BYTES], size_t *siglen,
   }
 
   /* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */
-  MLD_FREE(pre, uint8_t, MLD_DOMAIN_SEPARATION_MAX_BYTES);
   MLD_FREE(rnd, uint8_t, MLDSA_RNDBYTES);
+  MLD_FREE(pre, uint8_t, MLD_DOMAIN_SEPARATION_MAX_BYTES);
 
   return ret;
 }
@@ -971,18 +976,18 @@ int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen,
 
 cleanup:
   /* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */
-  MLD_FREE(buf, uint8_t, (MLDSA_K * MLDSA_POLYW1_PACKEDBYTES));
-  MLD_FREE(rho, uint8_t, MLDSA_SEEDBYTES);
-  MLD_FREE(mu, uint8_t, MLDSA_CRHBYTES);
-  MLD_FREE(c, uint8_t, MLDSA_CTILDEBYTES);
-  MLD_FREE(c2, uint8_t, MLDSA_CTILDEBYTES);
-  MLD_FREE(cp, mld_poly, 1);
-  MLD_FREE(mat, mld_polymat, 1);
-  MLD_FREE(z, mld_polyvecl, 1);
-  MLD_FREE(t1, mld_polyveck, 1);
-  MLD_FREE(w1, mld_polyveck, 1);
-  MLD_FREE(tmp, mld_polyveck, 1);
   MLD_FREE(h, mld_polyveck, 1);
+  MLD_FREE(tmp, mld_polyveck, 1);
+  MLD_FREE(w1, mld_polyveck, 1);
+  MLD_FREE(t1, mld_polyveck, 1);
+  MLD_FREE(z, mld_polyvecl, 1);
+  MLD_FREE(mat, mld_polymat, 1);
+  MLD_FREE(cp, mld_poly, 1);
+  MLD_FREE(c2, uint8_t, MLDSA_CTILDEBYTES);
+  MLD_FREE(c, uint8_t, MLDSA_CTILDEBYTES);
+  MLD_FREE(mu, uint8_t, MLDSA_CRHBYTES);
+  MLD_FREE(rho, uint8_t, MLDSA_SEEDBYTES);
+  MLD_FREE(buf, uint8_t, (MLDSA_K * MLDSA_POLYW1_PACKEDBYTES));
   return res;
 }
 
@@ -1349,15 +1354,15 @@ int crypto_sign_pk_from_sk(uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES],
 
 cleanup:
   /* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */
-  MLD_FREE(rho, uint8_t, MLDSA_SEEDBYTES);
-  MLD_FREE(tr, uint8_t, MLDSA_TRBYTES);
-  MLD_FREE(tr_computed, uint8_t, MLDSA_TRBYTES);
-  MLD_FREE(key, uint8_t, MLDSA_SEEDBYTES);
-  MLD_FREE(s1, mld_polyvecl, 1);
-  MLD_FREE(s2, mld_polyveck, 1);
-  MLD_FREE(t0, mld_polyveck, 1);
-  MLD_FREE(t0_computed, mld_polyveck, 1);
   MLD_FREE(t1, mld_polyveck, 1);
+  MLD_FREE(t0_computed, mld_polyveck, 1);
+  MLD_FREE(t0, mld_polyveck, 1);
+  MLD_FREE(s2, mld_polyveck, 1);
+  MLD_FREE(s1, mld_polyvecl, 1);
+  MLD_FREE(key, uint8_t, MLDSA_SEEDBYTES);
+  MLD_FREE(tr_computed, uint8_t, MLDSA_TRBYTES);
+  MLD_FREE(tr, uint8_t, MLDSA_TRBYTES);
+  MLD_FREE(rho, uint8_t, MLDSA_SEEDBYTES);
 
   return ret;
 }

test/configs.yml

@@ -411,3 +411,21 @@ configs:
           #endif /* !__ASSEMBLER__ */
       MLD_CONFIG_FILE:
         comment: "/* No need to set this -- we _are_ already in a custom config */"
+
+  - path: test/test_alloc_config.h
+    description: "Using custom allocation that can be made fail at specific invocation"
+    defines:
+      MLD_CONFIG_NAMESPACE_PREFIX: mld
+      MLD_CONFIG_KEYGEN_PCT: true
+      MLD_CONFIG_CUSTOM_ALLOC_FREE:
+        content: |
+          #define MLD_CONFIG_CUSTOM_ALLOC_FREE
+          #if !defined(__ASSEMBLER__)
+          #include <stdlib.h>
+          void * custom_alloc(size_t sz, const char *file, int line, const char *var, const char *type);
+          void custom_free(void *p, size_t sz, const char *file, int line, const char *var, const char *type);
+          #define MLD_CUSTOM_ALLOC(v, T, N) T *v = custom_alloc(sizeof(T)*(N), __FILE__, __LINE__, #v, #T)
+          #define MLD_CUSTOM_FREE(v, T, N) custom_free(v, sizeof(T)*(N), __FILE__, __LINE__, #v, #T)
+          #endif /* !__ASSEMBLER__ */
+      MLD_CONFIG_FILE:
+        comment: "/* No need to set this -- we _are_ already in a custom config */"

test/mk/components.mk

@@ -14,7 +14,7 @@ ifeq ($(OPT),1)
 	CFLAGS += -DMLD_CONFIG_USE_NATIVE_BACKEND_ARITH -DMLD_CONFIG_USE_NATIVE_BACKEND_FIPS202
 endif
 
-ALL_TESTS = test_mldsa test_unit acvp_mldsa bench_mldsa bench_components_mldsa gen_KAT test_stack
+ALL_TESTS = test_mldsa test_unit acvp_mldsa bench_mldsa bench_components_mldsa gen_KAT test_stack test_alloc
 
 MLDSA44_DIR = $(BUILD_DIR)/mldsa44
 MLDSA65_DIR = $(BUILD_DIR)/mldsa65
@@ -35,6 +35,14 @@ $(MLDSA65_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=65 -DMLD_STATIC_TESTA
 MLDSA87_UNIT_OBJS = $(call MAKE_OBJS,$(MLDSA87_DIR)/unit,$(SOURCES) $(FIPS202_SRCS))
 $(MLDSA87_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=87 -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
 
+# Alloc test object files - same sources but with custom alloc config
+MLDSA44_ALLOC_OBJS = $(call MAKE_OBJS,$(MLDSA44_DIR)/alloc,$(SOURCES) $(FIPS202_SRCS))
+$(MLDSA44_ALLOC_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=44 -DMLD_CONFIG_FILE=\"../test/test_alloc_config.h\"
+MLDSA65_ALLOC_OBJS = $(call MAKE_OBJS,$(MLDSA65_DIR)/alloc,$(SOURCES) $(FIPS202_SRCS))
+$(MLDSA65_ALLOC_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=65 -DMLD_CONFIG_FILE=\"../test/test_alloc_config.h\"
+MLDSA87_ALLOC_OBJS = $(call MAKE_OBJS,$(MLDSA87_DIR)/alloc,$(SOURCES) $(FIPS202_SRCS))
+$(MLDSA87_ALLOC_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=87 -DMLD_CONFIG_FILE=\"../test/test_alloc_config.h\"
+
 
 
 CFLAGS += -Imldsa
@@ -48,6 +56,11 @@ $(BUILD_DIR)/libmldsa44_unit.a: $(MLDSA44_UNIT_OBJS)
 $(BUILD_DIR)/libmldsa65_unit.a: $(MLDSA65_UNIT_OBJS)
 $(BUILD_DIR)/libmldsa87_unit.a: $(MLDSA87_UNIT_OBJS)
 
+# Alloc test libraries with custom alloc config
+$(BUILD_DIR)/libmldsa44_alloc.a: $(MLDSA44_ALLOC_OBJS)
+$(BUILD_DIR)/libmldsa65_alloc.a: $(MLDSA65_ALLOC_OBJS)
+$(BUILD_DIR)/libmldsa87_alloc.a: $(MLDSA87_ALLOC_OBJS)
+
 
 $(BUILD_DIR)/libmldsa.a: $(MLDSA44_OBJS) $(MLDSA65_OBJS) $(MLDSA87_OBJS)
 
@@ -62,6 +75,10 @@ $(MLDSA44_DIR)/bin/test_stack44: CFLAGS += -Imldsa -fstack-usage
 $(MLDSA65_DIR)/bin/test_stack65: CFLAGS += -Imldsa -fstack-usage
 $(MLDSA87_DIR)/bin/test_stack87: CFLAGS += -Imldsa -fstack-usage
 
+$(MLDSA44_DIR)/test/test_alloc.c.o: CFLAGS += -DMLD_CONFIG_FILE=\"../test/test_alloc_config.h\"
+$(MLDSA65_DIR)/test/test_alloc.c.o: CFLAGS += -DMLD_CONFIG_FILE=\"../test/test_alloc_config.h\"
+$(MLDSA87_DIR)/test/test_alloc.c.o: CFLAGS += -DMLD_CONFIG_FILE=\"../test/test_alloc_config.h\"
+
 $(MLDSA44_DIR)/bin/test_unit44: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
 $(MLDSA65_DIR)/bin/test_unit65: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
 $(MLDSA87_DIR)/bin/test_unit87: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
@@ -96,9 +113,15 @@ $(BUILD_DIR)/$(1)/bin/test_unit$(subst mldsa,,$(1)): LDLIBS += -L$(BUILD_DIR) -l
 $(BUILD_DIR)/$(1)/bin/test_unit$(subst mldsa,,$(1)): $(BUILD_DIR)/$(1)/test/test_unit.c.o $(BUILD_DIR)/lib$(1)_unit.a $(call MAKE_OBJS, $(BUILD_DIR)/$(1), $(wildcard test/notrandombytes/*.c))
 endef
 
+# Special rule for test_alloc - link against alloc libraries with custom alloc config
+define ADD_SOURCE_ALLOC
+$(BUILD_DIR)/$(1)/bin/test_alloc$(subst mldsa,,$(1)): LDLIBS += -L$(BUILD_DIR) -l$(1)_alloc
+$(BUILD_DIR)/$(1)/bin/test_alloc$(subst mldsa,,$(1)): $(BUILD_DIR)/$(1)/test/test_alloc.c.o $(BUILD_DIR)/lib$(1)_alloc.a $(call MAKE_OBJS, $(BUILD_DIR)/$(1), $(wildcard test/notrandombytes/*.c))
+endef
+
 
 $(foreach scheme,mldsa44 mldsa65 mldsa87, \
-	$(foreach test,$(filter-out test_unit,$(ALL_TESTS)), \
+	$(foreach test,$(filter-out test_unit test_alloc,$(ALL_TESTS)), \
 		$(eval $(call ADD_SOURCE,$(scheme),$(test))) \
 	) \
 )
@@ -107,6 +130,10 @@ $(foreach scheme,mldsa44 mldsa65 mldsa87, \
 	$(eval $(call ADD_SOURCE_UNIT,$(scheme))) \
 )
 
+$(foreach scheme,mldsa44 mldsa65 mldsa87, \
+	$(eval $(call ADD_SOURCE_ALLOC,$(scheme))) \
+)
+
 $(ALL_TESTS:%=$(MLDSA44_DIR)/bin/%44): $(call MAKE_OBJS, $(MLDSA44_DIR), $(wildcard test/notrandombytes/*.c) $(EXTRA_SOURCES))
 $(ALL_TESTS:%=$(MLDSA65_DIR)/bin/%65): $(call MAKE_OBJS, $(MLDSA65_DIR), $(wildcard test/notrandombytes/*.c) $(EXTRA_SOURCES))
 $(ALL_TESTS:%=$(MLDSA87_DIR)/bin/%87): $(call MAKE_OBJS, $(MLDSA87_DIR), $(wildcard test/notrandombytes/*.c) $(EXTRA_SOURCES))

test/mk/rules.mk

@@ -83,3 +83,33 @@ $(BUILD_DIR)/mldsa87/unit/%.S.o: %.S $(CONFIG)
 	$(Q)echo "  AS      $@"
 	$(Q)[ -d $(@D) ] || mkdir -p $(@D)
 	$(Q)$(CC) -c -o $@ $(CFLAGS) $<
+
+$(BUILD_DIR)/mldsa44/alloc/%.c.o: %.c $(CONFIG)
+	$(Q)echo "  CC      $@"
+	$(Q)[ -d $(@D) ] || mkdir -p $(@D)
+	$(Q)$(CC) -c -o $@ $(CFLAGS) $<
+
+$(BUILD_DIR)/mldsa44/alloc/%.S.o: %.S $(CONFIG)
+	$(Q)echo "  AS      $@"
+	$(Q)[ -d $(@D) ] || mkdir -p $(@D)
+	$(Q)$(CC) -c -o $@ $(CFLAGS) $<
+
+$(BUILD_DIR)/mldsa65/alloc/%.c.o: %.c $(CONFIG)
+	$(Q)echo "  CC      $@"
+	$(Q)[ -d $(@D) ] || mkdir -p $(@D)
+	$(Q)$(CC) -c -o $@ $(CFLAGS) $<
+
+$(BUILD_DIR)/mldsa65/alloc/%.S.o: %.S $(CONFIG)
+	$(Q)echo "  AS      $@"
+	$(Q)[ -d $(@D) ] || mkdir -p $(@D)
+	$(Q)$(CC) -c -o $@ $(CFLAGS) $<
+
+$(BUILD_DIR)/mldsa87/alloc/%.c.o: %.c $(CONFIG)
+	$(Q)echo "  CC      $@"
+	$(Q)[ -d $(@D) ] || mkdir -p $(@D)
+	$(Q)$(CC) -c -o $@ $(CFLAGS) $<
+
+$(BUILD_DIR)/mldsa87/alloc/%.S.o: %.S $(CONFIG)
+	$(Q)echo "  AS      $@"
+	$(Q)[ -d $(@D) ] || mkdir -p $(@D)
+	$(Q)$(CC) -c -o $@ $(CFLAGS) $<