|
| 1 | +# Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. |
| 2 | +# |
| 3 | +# Licensed under the Apache License 2.0 (the "License"). You may not use |
| 4 | +# this file except in compliance with the License. You can obtain a copy |
| 5 | +# in the file LICENSE in the source distribution or at |
| 6 | +# https://www.openssl.org/source/license.html |
| 7 | + |
| 8 | +name: Cross Compile for AArch64 Extensions |
| 9 | + |
| 10 | +on: |
| 11 | + pull_request: |
| 12 | + types: [opened, reopened, edited, synchronize] |
| 13 | + push: |
| 14 | + schedule: |
| 15 | + - cron: '05 03 * * *' |
| 16 | + workflow_dispatch: |
| 17 | + |
| 18 | +permissions: |
| 19 | + contents: read |
| 20 | + |
| 21 | +jobs: |
| 22 | + cross-compilation-aarch64: |
| 23 | + # pull request title contains 'aarch64' |
| 24 | + # pull request title contains 'arm64' |
| 25 | + # pull request body contains '[aarch64 ci]' |
| 26 | + # push event commit message contains '[aarch64 ci]' |
| 27 | + # cron job |
| 28 | + # manual dispatch |
| 29 | + if: contains(github.event.pull_request.title, 'aarch64') || contains(github.event.pull_request.title, 'AArch64') || contains(github.event.pull_request.title, 'arm64') || contains(github.event.pull_request.body, '[aarch64 ci]') || contains(github.event.head_commit.message, '[aarch64 ci]') || (github.event_name == 'schedule' && github.repository == 'openssl/openssl') || github.event_name == 'workflow_dispatch' |
| 30 | + strategy: |
| 31 | + fail-fast: false |
| 32 | + matrix: |
| 33 | + # The platform matrix specifies: |
| 34 | + # arch: the architecture to build for, this defines the tool-chain |
| 35 | + # prefix {arch}- and the Debian compiler package gcc-{arch} |
| 36 | + # name. |
| 37 | + # libs: the Debian package for the necessary link/runtime libraries. |
| 38 | + # target: the OpenSSL configuration target to use, this is passed |
| 39 | + # directly to the config command line. |
| 40 | + # fips: set to "no" to disable building FIPS, leave unset to |
| 41 | + # build the FIPS provider. |
| 42 | + # tests: omit this to run all the tests using QEMU, set it to "none" |
| 43 | + # to never run the tests, otherwise its value is passed to |
| 44 | + # the "make test" command to allow selective disabling of |
| 45 | + # tests. |
| 46 | + # qemucpu: optional; string that describes CPU properties. |
| 47 | + # The string will be used to set the QEMU_CPU variable. |
| 48 | + # opensslcapsname: optional; string that describes the postfix of the |
| 49 | + # OpenSSL environment variable that defines CPU |
| 50 | + # capabilities. E.g. "foo" will result in an |
| 51 | + # environment variable with the name OPENSSL_foo. |
| 52 | + # opensslcaps: optional; if opensslcapsname (see above) is set, then |
| 53 | + # this string will be used as content for the OpenSSL |
| 54 | + # capabilities variable. |
| 55 | + # capslabel: label used for artifacts. |
| 56 | + platform: [ |
| 57 | + { |
| 58 | + # Baseline Armv8 crypto extensions: |
| 59 | + # include/crypto/aes_platform.h |
| 60 | + # providers/implementations/ciphers/cipher_aes_hw_armv8.inc |
| 61 | + # crypto/sha/asm/sha1-armv8.pl |
| 62 | + # crypto/aes/asm/aes-sha256-armv8.pl |
| 63 | + arch: aarch64-linux-gnu, |
| 64 | + libs: libc6-dev-arm64-cross, |
| 65 | + target: linux-aarch64, |
| 66 | + fips: no, |
| 67 | + qemucpu: max, |
| 68 | + opensslcapsname: armcap, # OPENSSL_armcap |
| 69 | + opensslcaps: "0x1d", |
| 70 | + capslabel: armv8-crypto |
| 71 | + }, { |
| 72 | + # PMULL-enabled AES-GCM / GHASH: |
| 73 | + # include/crypto/aes_platform.h |
| 74 | + # crypto/modes/asm/aes-gcm-armv8_64.pl |
| 75 | + # crypto/modes/asm/ghashv8-armx.pl |
| 76 | + arch: aarch64-linux-gnu, |
| 77 | + libs: libc6-dev-arm64-cross, |
| 78 | + target: linux-aarch64, |
| 79 | + fips: no, |
| 80 | + qemucpu: max, |
| 81 | + opensslcapsname: armcap, # OPENSSL_armcap |
| 82 | + opensslcaps: "0x3d", |
| 83 | + capslabel: armv8-pmull |
| 84 | + }, { |
| 85 | + # SHA512 extension: |
| 86 | + # crypto/aes/asm/aes-sha512-armv8.pl |
| 87 | + arch: aarch64-linux-gnu, |
| 88 | + libs: libc6-dev-arm64-cross, |
| 89 | + target: linux-aarch64, |
| 90 | + fips: no, |
| 91 | + qemucpu: max, |
| 92 | + opensslcapsname: armcap, # OPENSSL_armcap |
| 93 | + opensslcaps: "0x7d", |
| 94 | + capslabel: armv8-sha512 |
| 95 | + }, { |
| 96 | + # SHA3-accelerated path. Since OPENSSL_armcap short-circuits runtime |
| 97 | + # detection, include the derived "worth using" and unroll bits too: |
| 98 | + # crypto/sha/sha3.c |
| 99 | + # providers/implementations/digests/sha3_prov.c |
| 100 | + # providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc |
| 101 | + # providers/implementations/ciphers/cipher_aes_hw_armv8.inc |
| 102 | + arch: aarch64-linux-gnu, |
| 103 | + libs: libc6-dev-arm64-cross, |
| 104 | + target: linux-aarch64, |
| 105 | + fips: no, |
| 106 | + qemucpu: max, |
| 107 | + opensslcapsname: armcap, # OPENSSL_armcap |
| 108 | + opensslcaps: "0x1987d", |
| 109 | + capslabel: armv8-sha3 |
| 110 | + }, { |
| 111 | + # SVE2 Poly1305 path. OPENSSL_armcap requires the derived |
| 112 | + # ARMV9_SVE2_POLY1305 bit to be set explicitly when capability |
| 113 | + # probing is overridden: |
| 114 | + # crypto/poly1305/asm/poly1305-armv8.pl |
| 115 | + # crypto/chacha/asm/chacha-armv8-sve.pl |
| 116 | + arch: aarch64-linux-gnu, |
| 117 | + libs: libc6-dev-arm64-cross, |
| 118 | + target: linux-aarch64, |
| 119 | + fips: no, |
| 120 | + qemucpu: max, |
| 121 | + opensslcapsname: armcap, # OPENSSL_armcap |
| 122 | + opensslcaps: "0x2601d", |
| 123 | + capslabel: armv9-sve2-poly1305 |
| 124 | + } |
| 125 | + ] |
| 126 | + runs-on: ubuntu-latest |
| 127 | + steps: |
| 128 | + - name: install packages |
| 129 | + run: | |
| 130 | + sudo apt-get update |
| 131 | + sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install \ |
| 132 | + gcc-${{ matrix.platform.arch }} \ |
| 133 | + ${{ matrix.platform.libs }} |
| 134 | + - uses: actions/checkout@v6 |
| 135 | + with: |
| 136 | + persist-credentials: false |
| 137 | + - name: checkout fuzz/corpora submodule |
| 138 | + run: git submodule update --init --depth 1 fuzz/corpora |
| 139 | + |
| 140 | + - name: config with FIPS |
| 141 | + if: matrix.platform.fips != 'no' |
| 142 | + run: | |
| 143 | + ./config --banner=Configured --strict-warnings enable-fips enable-lms \ |
| 144 | + --cross-compile-prefix=${{ matrix.platform.arch }}- \ |
| 145 | + ${{ matrix.platform.target }} |
| 146 | + - name: config without FIPS |
| 147 | + if: matrix.platform.fips == 'no' |
| 148 | + run: | |
| 149 | + ./config --banner=Configured --strict-warnings enable-lms \ |
| 150 | + --cross-compile-prefix=${{ matrix.platform.arch }}- \ |
| 151 | + ${{ matrix.platform.target }} |
| 152 | + - name: config dump |
| 153 | + run: ./configdata.pm --dump |
| 154 | + |
| 155 | + - name: make |
| 156 | + run: make -s -j4 |
| 157 | + |
| 158 | + - name: install qemu |
| 159 | + if: matrix.platform.tests != 'none' |
| 160 | + run: sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install qemu-user |
| 161 | + |
| 162 | + - name: Set QEMU environment |
| 163 | + if: matrix.platform.qemucpu != '' |
| 164 | + run: echo "QEMU_CPU=${{ matrix.platform.qemucpu }}" >> $GITHUB_ENV |
| 165 | + |
| 166 | + - name: Set OpenSSL caps environment |
| 167 | + if: matrix.platform.opensslcapsname != '' |
| 168 | + run: echo "OPENSSL_${{ matrix.platform.opensslcapsname }}=\ |
| 169 | + ${{ matrix.platform.opensslcaps }}" >> $GITHUB_ENV |
| 170 | + |
| 171 | + - name: get cpu info |
| 172 | + run: cat /proc/cpuinfo |
| 173 | + |
| 174 | + - name: get openssl cpu info |
| 175 | + if: matrix.platform.tests != 'none' |
| 176 | + run: QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} ./util/opensslwrap.sh info -cpusettings |
| 177 | + |
| 178 | + - name: make all tests |
| 179 | + if: github.event_name == 'push' && matrix.platform.tests == '' |
| 180 | + run: | |
| 181 | + .github/workflows/make-test \ |
| 182 | + TESTS="-test_afalg" \ |
| 183 | + QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} |
| 184 | + - name: make some tests |
| 185 | + if: github.event_name == 'push' && matrix.platform.tests != 'none' && matrix.platform.tests != '' |
| 186 | + run: | |
| 187 | + .github/workflows/make-test \ |
| 188 | + TESTS="${{ matrix.platform.tests }} -test_afalg" \ |
| 189 | + QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} |
| 190 | + - name: make evp tests |
| 191 | + if: github.event_name == 'pull_request' && matrix.platform.tests != 'none' |
| 192 | + run: | |
| 193 | + .github/workflows/make-test \ |
| 194 | + TESTS="test_evp*" \ |
| 195 | + QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} |
| 196 | + - name: save artifacts |
| 197 | + if: success() || failure() |
| 198 | + uses: actions/upload-artifact@v5 |
| 199 | + with: |
| 200 | + name: "cross-compiles-aarch64@${{ matrix.platform.capslabel }}" |
| 201 | + path: artifacts.tar.gz |
| 202 | + if-no-files-found: ignore |
0 commit comments