Closed Bug 1574643 (hacl-ci-2) Opened 5 years ago Closed 4 years ago

CI integration for 2019 HACL* code

Categories

(NSS :: Test, enhancement, P2)

Product:
NSS
Component:
Test
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jcj, Assigned: franziskus)

References

(Blocks 1 open bug, Regressed 1 open bug)

Details

Attachments

(3 files)

Bug 1574643 - haclv2 code
47 bytes, text/x-phabricator-request
Details | Review
Bug 1574643 - NSS changes for haclv2
47 bytes, text/x-phabricator-request
Details | Review
Bug 1574643 - Check for AVX support before using vectorized ChaCha20 decrypt
47 bytes, text/x-phabricator-request
Details | Review

The HACL* continuous integration test currently verifies the existing verified code against an old version of the hacl-star project. We'll need to update the existing test to cover the new algorithms to-be-landed, while not breaking the test for older algorithms that haven't yet been upgraded.

This may require adding a second continuous integration test task, perhaps a "hacl-new" that can be used to point to new code when available, and a no-op when it's all caught up.

Priority: -- → P2
Depends on: 1593647

This is the HACLv2 code that we want to pick up to replace the code that's in NSS. This is not the final code, but please leave some comments if you have any. The code won't change much for the final version.
This only replaces what we have already. Once this landed NSS can pick up more (faster) code from HACL.

See Also: → 1604130

This patch contains the changes in NSS, necessary to pick up HACL*v2 in D55413.
Note that this is not the final patch yet but I want to get a first round of reviews in.
Two issues currently remain but shouldn't impact this patch a lot.

  • The chacha20 saw verification fails for some reason. We either have to disable or fix it (I'll look into it).
  • The hacl task on CI requires Bug 1593647 to get fixed.

Depends on D55413.

https://hg.mozilla.org/projects/nss/rev/ac51d2490f9c3fccae9fd1408f4b5ef3b20c9cb4
https://hg.mozilla.org/projects/nss/rev/c351b2f60b400c8cc4ecffe3418cb8b2d0e5520b

Assignee: nobody → franziskuskiefer
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.49
Regressions: 1605369

Backed out for crashes on early SSE4 CPUs, see bug 1605369 for crash signature.

https://hg.mozilla.org/projects/nss/rev/f6d8c73584e02111ee3385aaaffed23c3f05a799
https://hg.mozilla.org/projects/nss/rev/b6eb18f04260ea45d119e9c9e5e698d254845dcf

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

https://hg.mozilla.org/projects/nss/rev/a8df94132dd35aaa51cc7d7151e6a4c748e9ce76
https://hg.mozilla.org/projects/nss/rev/5bf2547d671fceb7548c928d930b4a2272af45bf

Status: REOPENED → RESOLVED
Closed: 4 years ago4 years ago
Resolution: --- → FIXED
Target Milestone: 3.49 → 3.50

The addition of an AVX support check in ChaCha20Poly1305_Seal seems to have stopped the Encrypt crashes on old Intel CPUs, however we're seeing new reports from Hacl_Chacha20Poly1305_128_aead_decrypt (which is called from ChaCha20Poly1305_Open). This needs an AVX check as well...

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

https://hg.mozilla.org/projects/nss/rev/5f9f410d0b60990ad622e41d13886bcbcddc39cd

Status: REOPENED → RESOLVED
Closed: 4 years ago4 years ago
Resolution: --- → FIXED
Regressions: 1609569

This change broke the build for ppc64le. I've sent a patch to the upstream here:
https://github.com/FStarLang/kremlin/issues/166

The kremlin project has integrated the patch. The NSS ppc64le build should be fixed when you next update it.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: