forked from openssl/openssl
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaarch64-more-cross-compiles.yml
More file actions
202 lines (190 loc) · 8.41 KB
/
Copy pathaarch64-more-cross-compiles.yml
File metadata and controls
202 lines (190 loc) · 8.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
# Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Cross Compile for AArch64 Extensions
on:
pull_request:
types: [opened, reopened, edited, synchronize]
push:
schedule:
- cron: '05 03 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
cross-compilation-aarch64:
# pull request title contains 'aarch64'
# pull request title contains 'arm64'
# pull request body contains '[aarch64 ci]'
# push event commit message contains '[aarch64 ci]'
# cron job
# manual dispatch
if: contains(github.event.pull_request.title, 'aarch64') || contains(github.event.pull_request.title, 'AArch64') || contains(github.event.pull_request.title, 'arm64') || contains(github.event.pull_request.body, '[aarch64 ci]') || contains(github.event.head_commit.message, '[aarch64 ci]') || (github.event_name == 'schedule' && github.repository == 'openssl/openssl') || github.event_name == 'workflow_dispatch'
strategy:
fail-fast: false
matrix:
# The platform matrix specifies:
# arch: the architecture to build for, this defines the tool-chain
# prefix {arch}- and the Debian compiler package gcc-{arch}
# name.
# libs: the Debian package for the necessary link/runtime libraries.
# target: the OpenSSL configuration target to use, this is passed
# directly to the config command line.
# fips: set to "no" to disable building FIPS, leave unset to
# build the FIPS provider.
# tests: omit this to run all the tests using QEMU, set it to "none"
# to never run the tests, otherwise its value is passed to
# the "make test" command to allow selective disabling of
# tests.
# qemucpu: optional; string that describes CPU properties.
# The string will be used to set the QEMU_CPU variable.
# opensslcapsname: optional; string that describes the postfix of the
# OpenSSL environment variable that defines CPU
# capabilities. E.g. "foo" will result in an
# environment variable with the name OPENSSL_foo.
# opensslcaps: optional; if opensslcapsname (see above) is set, then
# this string will be used as content for the OpenSSL
# capabilities variable.
# capslabel: label used for artifacts.
platform: [
{
# Baseline Armv8 crypto extensions:
# include/crypto/aes_platform.h
# providers/implementations/ciphers/cipher_aes_hw_armv8.inc
# crypto/sha/asm/sha1-armv8.pl
# crypto/aes/asm/aes-sha256-armv8.pl
arch: aarch64-linux-gnu,
libs: libc6-dev-arm64-cross,
target: linux-aarch64,
fips: no,
qemucpu: max,
opensslcapsname: armcap, # OPENSSL_armcap
opensslcaps: "0x1d",
capslabel: armv8-crypto
}, {
# PMULL-enabled AES-GCM / GHASH:
# include/crypto/aes_platform.h
# crypto/modes/asm/aes-gcm-armv8_64.pl
# crypto/modes/asm/ghashv8-armx.pl
arch: aarch64-linux-gnu,
libs: libc6-dev-arm64-cross,
target: linux-aarch64,
fips: no,
qemucpu: max,
opensslcapsname: armcap, # OPENSSL_armcap
opensslcaps: "0x3d",
capslabel: armv8-pmull
}, {
# SHA512 extension:
# crypto/aes/asm/aes-sha512-armv8.pl
arch: aarch64-linux-gnu,
libs: libc6-dev-arm64-cross,
target: linux-aarch64,
fips: no,
qemucpu: max,
opensslcapsname: armcap, # OPENSSL_armcap
opensslcaps: "0x7d",
capslabel: armv8-sha512
}, {
# SHA3-accelerated path. Since OPENSSL_armcap short-circuits runtime
# detection, include the derived "worth using" and unroll bits too:
# crypto/sha/sha3.c
# providers/implementations/digests/sha3_prov.c
# providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc
# providers/implementations/ciphers/cipher_aes_hw_armv8.inc
arch: aarch64-linux-gnu,
libs: libc6-dev-arm64-cross,
target: linux-aarch64,
fips: no,
qemucpu: max,
opensslcapsname: armcap, # OPENSSL_armcap
opensslcaps: "0x1987d",
capslabel: armv8-sha3
}, {
# SVE2 Poly1305 path. OPENSSL_armcap requires the derived
# ARMV9_SVE2_POLY1305 bit to be set explicitly when capability
# probing is overridden:
# crypto/poly1305/asm/poly1305-armv8.pl
# crypto/chacha/asm/chacha-armv8-sve.pl
arch: aarch64-linux-gnu,
libs: libc6-dev-arm64-cross,
target: linux-aarch64,
fips: no,
qemucpu: max,
opensslcapsname: armcap, # OPENSSL_armcap
opensslcaps: "0x2601d",
capslabel: armv9-sve2-poly1305
}
]
runs-on: ubuntu-latest
steps:
- name: install packages
run: |
sudo apt-get update
sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install \
gcc-${{ matrix.platform.arch }} \
${{ matrix.platform.libs }}
- uses: actions/checkout@v6
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config with FIPS
if: matrix.platform.fips != 'no'
run: |
./config --banner=Configured --strict-warnings enable-fips enable-lms \
--cross-compile-prefix=${{ matrix.platform.arch }}- \
${{ matrix.platform.target }}
- name: config without FIPS
if: matrix.platform.fips == 'no'
run: |
./config --banner=Configured --strict-warnings enable-lms \
--cross-compile-prefix=${{ matrix.platform.arch }}- \
${{ matrix.platform.target }}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: install qemu
if: matrix.platform.tests != 'none'
run: sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install qemu-user
- name: Set QEMU environment
if: matrix.platform.qemucpu != ''
run: echo "QEMU_CPU=${{ matrix.platform.qemucpu }}" >> $GITHUB_ENV
- name: Set OpenSSL caps environment
if: matrix.platform.opensslcapsname != ''
run: echo "OPENSSL_${{ matrix.platform.opensslcapsname }}=\
${{ matrix.platform.opensslcaps }}" >> $GITHUB_ENV
- name: get cpu info
run: cat /proc/cpuinfo
- name: get openssl cpu info
if: matrix.platform.tests != 'none'
run: QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} ./util/opensslwrap.sh info -cpusettings
- name: make all tests
if: github.event_name == 'push' && matrix.platform.tests == ''
run: |
.github/workflows/make-test \
TESTS="-test_afalg" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: make some tests
if: github.event_name == 'push' && matrix.platform.tests != 'none' && matrix.platform.tests != ''
run: |
.github/workflows/make-test \
TESTS="${{ matrix.platform.tests }} -test_afalg" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: make evp tests
if: github.event_name == 'pull_request' && matrix.platform.tests != 'none'
run: |
.github/workflows/make-test \
TESTS="test_evp*" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "cross-compiles-aarch64@${{ matrix.platform.capslabel }}"
path: artifacts.tar.gz
if-no-files-found: ignore