CI integration for 2019 HACL* code
Categories
(NSS :: Test, enhancement, P2)
Tracking
(Not tracked)
People
(Reporter: jcj, Assigned: franziskus)
References
(Blocks 1 open bug, Regressed 1 open bug)
Details
Attachments
(3 files)
The HACL* continuous integration test currently verifies the existing verified code against an old version of the hacl-star project. We'll need to update the existing test to cover the new algorithms to-be-landed, while not breaking the test for older algorithms that haven't yet been upgraded.
This may require adding a second continuous integration test task, perhaps a "hacl-new" that can be used to point to new code when available, and a no-op when it's all caught up.
Reporter | ||
Updated•5 years ago
|
Assignee | ||
Comment 1•4 years ago
|
||
This is the HACLv2 code that we want to pick up to replace the code that's in NSS. This is not the final code, but please leave some comments if you have any. The code won't change much for the final version.
This only replaces what we have already. Once this landed NSS can pick up more (faster) code from HACL.
Assignee | ||
Comment 2•4 years ago
|
||
This patch contains the changes in NSS, necessary to pick up HACL*v2 in D55413.
Note that this is not the final patch yet but I want to get a first round of reviews in.
Two issues currently remain but shouldn't impact this patch a lot.
- The chacha20 saw verification fails for some reason. We either have to disable or fix it (I'll look into it).
- The hacl task on CI requires Bug 1593647 to get fixed.
Depends on D55413.
Assignee | ||
Comment 3•4 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/ac51d2490f9c3fccae9fd1408f4b5ef3b20c9cb4
https://hg.mozilla.org/projects/nss/rev/c351b2f60b400c8cc4ecffe3418cb8b2d0e5520b
Reporter | ||
Comment 4•4 years ago
|
||
Backed out for crashes on early SSE4 CPUs, see bug 1605369 for crash signature.
https://hg.mozilla.org/projects/nss/rev/f6d8c73584e02111ee3385aaaffed23c3f05a799
https://hg.mozilla.org/projects/nss/rev/b6eb18f04260ea45d119e9c9e5e698d254845dcf
Reporter | ||
Comment 5•4 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/a8df94132dd35aaa51cc7d7151e6a4c748e9ce76
https://hg.mozilla.org/projects/nss/rev/5bf2547d671fceb7548c928d930b4a2272af45bf
Comment 6•4 years ago
|
||
The addition of an AVX support check in ChaCha20Poly1305_Seal
seems to have stopped the Encrypt crashes on old Intel CPUs, however we're seeing new reports from Hacl_Chacha20Poly1305_128_aead_decrypt
(which is called from ChaCha20Poly1305_Open
). This needs an AVX check as well...
Reporter | ||
Updated•4 years ago
|
Reporter | ||
Comment 7•4 years ago
|
||
This change broke the build for ppc64le. I've sent a patch to the upstream here:
https://github.com/FStarLang/kremlin/issues/166
The kremlin project has integrated the patch. The NSS ppc64le build should be fixed when you next update it.
Description
•