From 4e846d8ddb690eeb56216b37a492e6e13afad599 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 9 Apr 2018 12:16:19 +0200 Subject: Bug 1451395 - update hacl* version with fixed poly305 32-bit proof, r=ttaubert Also move the HACL* verification to the hacl tool job, out of the image build to work around taskcluster issues. Differential Revision: https://phabricator.services.mozilla.com/D885 --- automation/taskcluster/docker-hacl/Dockerfile | 2 +- automation/taskcluster/docker-hacl/setup-user.sh | 1 - automation/taskcluster/scripts/run_hacl.sh | 3 +++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/automation/taskcluster/docker-hacl/Dockerfile b/automation/taskcluster/docker-hacl/Dockerfile index 632aeb8df..a124e7f00 100644 --- a/automation/taskcluster/docker-hacl/Dockerfile +++ b/automation/taskcluster/docker-hacl/Dockerfile @@ -9,7 +9,7 @@ ENV haclrepo https://github.com/mitls/hacl-star.git # Define versions of dependencies ENV opamv 4.04.2 -ENV haclversion d10bcb3394f3203318f43259ac8f492c8d28aa66 +ENV haclversion e13326efee1a9910004dccbb56f3d7be6639e0b8 # Install required packages and set versions ADD setup.sh /tmp/setup.sh diff --git a/automation/taskcluster/docker-hacl/setup-user.sh b/automation/taskcluster/docker-hacl/setup-user.sh index b8accaf58..e2c0b857b 100644 --- a/automation/taskcluster/docker-hacl/setup-user.sh +++ b/automation/taskcluster/docker-hacl/setup-user.sh @@ -16,7 +16,6 @@ git -C hacl-star checkout ${haclversion} # This caches the extracted c code (pins the HACL* version). All we need to do # on CI now is comparing the code in this docker image with the one in NSS. opam config exec -- make -C hacl-star prepare -j$(nproc) -make -C hacl-star verify-nss -j$(nproc) make -C hacl-star -f Makefile.build snapshots/nss -j$(nproc) KOPTS="-funroll-loops 5" make -C hacl-star/code/curve25519 test -j$(nproc) make -C hacl-star/code/salsa-family test -j$(nproc) diff --git a/automation/taskcluster/scripts/run_hacl.sh b/automation/taskcluster/scripts/run_hacl.sh index e038197eb..6cbda49b4 100755 --- a/automation/taskcluster/scripts/run_hacl.sh +++ b/automation/taskcluster/scripts/run_hacl.sh @@ -12,6 +12,9 @@ set -e -x -v # The extracted C code from HACL* is already generated and the HACL* tests were # successfully executed. +# Verify HACL*. Taskcluster fails when we do this in the image build. +make -C hacl-star verify-nss -j$(nproc) + # Add license header to specs spec_files=($(find ~/hacl-star/specs -type f -name '*.fst')) for f in "${spec_files[@]}"; do -- cgit v1.2.1