From e7655b7ded6c6154c4d4059635dbecbb8eb76115 Mon Sep 17 00:00:00 2001 From: Justin Smith Date: Tue, 5 Nov 2024 14:11:10 -0500 Subject: [PATCH 1/6] Revert "Trim some redundant Arm feature detection files" This reverts commit d36bf857472525c5c8b794c32ad3f117445547ca. --- crypto/fipsmodule/bcm.c | 2 + .../fipsmodule/cpucap/cpu_aarch64_freebsd.c | 61 +++++++++++++++++++ .../fipsmodule/cpucap/cpu_aarch64_openbsd.c | 58 ++++++++++++++++++ crypto/fipsmodule/cpucap/cpu_aarch64_sysreg.c | 8 +-- crypto/fipsmodule/cpucap/internal.h | 10 +-- 5 files changed, 126 insertions(+), 13 deletions(-) create mode 100644 crypto/fipsmodule/cpucap/cpu_aarch64_freebsd.c create mode 100644 crypto/fipsmodule/cpucap/cpu_aarch64_openbsd.c diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c index 0b0fa81202..ce8a3462d0 100644 --- a/crypto/fipsmodule/bcm.c +++ b/crypto/fipsmodule/bcm.c @@ -75,8 +75,10 @@ #include "cpucap/cpu_aarch64.c" #include "cpucap/cpu_aarch64_sysreg.c" #include "cpucap/cpu_aarch64_apple.c" +#include "cpucap/cpu_aarch64_freebsd.c" #include "cpucap/cpu_aarch64_fuchsia.c" #include "cpucap/cpu_aarch64_linux.c" +#include "cpucap/cpu_aarch64_openbsd.c" #include "cpucap/cpu_aarch64_win.c" #include "cpucap/cpu_arm_freebsd.c" #include "cpucap/cpu_arm_linux.c" diff --git a/crypto/fipsmodule/cpucap/cpu_aarch64_freebsd.c b/crypto/fipsmodule/cpucap/cpu_aarch64_freebsd.c new file mode 100644 index 0000000000..9910261abf --- /dev/null +++ b/crypto/fipsmodule/cpucap/cpu_aarch64_freebsd.c @@ -0,0 +1,61 @@ +/* Copyright (c) 2022, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "internal.h" + +#if defined(OPENSSL_AARCH64) && defined(OPENSSL_FREEBSD) && \ + !defined(OPENSSL_STATIC_ARMCAP) + +#include +#include + +#include + + +// ID_AA64ISAR0_*_VAL are defined starting FreeBSD 13.0. When FreeBSD +// 12.x is out of support, these compatibility macros can be removed. + +#ifndef ID_AA64ISAR0_AES_VAL +#define ID_AA64ISAR0_AES_VAL ID_AA64ISAR0_AES +#endif +#ifndef ID_AA64ISAR0_SHA1_VAL +#define ID_AA64ISAR0_SHA1_VAL ID_AA64ISAR0_SHA1 +#endif +#ifndef ID_AA64ISAR0_SHA2_VAL +#define ID_AA64ISAR0_SHA2_VAL ID_AA64ISAR0_SHA2 +#endif + +void OPENSSL_cpuid_setup(void) { + uint64_t id_aa64isar0 = READ_SPECIALREG(id_aa64isar0_el1); + + OPENSSL_armcap_P |= ARMV7_NEON; + + if (ID_AA64ISAR0_AES_VAL(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE) { + OPENSSL_armcap_P |= ARMV8_AES; + } + if (ID_AA64ISAR0_AES_VAL(id_aa64isar0) >= ID_AA64ISAR0_AES_PMULL) { + OPENSSL_armcap_P |= ARMV8_PMULL; + } + if (ID_AA64ISAR0_SHA1_VAL(id_aa64isar0) >= ID_AA64ISAR0_SHA1_BASE) { + OPENSSL_armcap_P |= ARMV8_SHA1; + } + if (ID_AA64ISAR0_SHA2_VAL(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE) { + OPENSSL_armcap_P |= ARMV8_SHA256; + } + if (ID_AA64ISAR0_SHA2_VAL(id_aa64isar0) >= ID_AA64ISAR0_SHA2_512) { + OPENSSL_armcap_P |= ARMV8_SHA512; + } +} + +#endif // OPENSSL_AARCH64 && OPENSSL_FREEBSD && !OPENSSL_STATIC_ARMCAP diff --git a/crypto/fipsmodule/cpucap/cpu_aarch64_openbsd.c b/crypto/fipsmodule/cpucap/cpu_aarch64_openbsd.c new file mode 100644 index 0000000000..6ceb636430 --- /dev/null +++ b/crypto/fipsmodule/cpucap/cpu_aarch64_openbsd.c @@ -0,0 +1,58 @@ +/* Copyright (c) 2022, Robert Nagy + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + +#if defined(OPENSSL_AARCH64) && defined(OPENSSL_OPENBSD) && \ + !defined(OPENSSL_STATIC_ARMCAP) + +#include +#include +#include +#include + +#include + +#include "internal.h" + + +void OPENSSL_cpuid_setup(void) { + // CTL_MACHDEP from sys/sysctl.h + // CPU_ID_AA64ISAR0 from machine/cpu.h + int isar0_mib[] = { CTL_MACHDEP, CPU_ID_AA64ISAR0 }; + size_t len = sizeof(uint64_t); + uint64_t cpu_id = 0; + + if (sysctl(isar0_mib, 2, &cpu_id, &len, NULL, 0) < 0) + return; + + OPENSSL_armcap_P |= ARMV7_NEON; + + if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_BASE) + OPENSSL_armcap_P |= ARMV8_AES; + + if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_PMULL) + OPENSSL_armcap_P |= ARMV8_PMULL; + + if (ID_AA64ISAR0_SHA1(cpu_id) >= ID_AA64ISAR0_SHA1_BASE) + OPENSSL_armcap_P |= ARMV8_SHA1; + + if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_BASE) + OPENSSL_armcap_P |= ARMV8_SHA256; + + if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_512) + OPENSSL_armcap_P |= ARMV8_SHA512; +} + +#endif // OPENSSL_AARCH64 && OPENSSL_OPENBSD && !OPENSSL_STATIC_ARMCAP diff --git a/crypto/fipsmodule/cpucap/cpu_aarch64_sysreg.c b/crypto/fipsmodule/cpucap/cpu_aarch64_sysreg.c index 6564f1145a..c8ea296fd1 100644 --- a/crypto/fipsmodule/cpucap/cpu_aarch64_sysreg.c +++ b/crypto/fipsmodule/cpucap/cpu_aarch64_sysreg.c @@ -14,11 +14,8 @@ #include "../../internal.h" -// While Arm system registers are normally not available to userspace, FreeBSD -// expects userspace to simply read them. It traps the reads and fills in CPU -// capabilities. #if defined(OPENSSL_AARCH64) && !defined(OPENSSL_STATIC_ARMCAP) && \ - (defined(ANDROID_BAREMETAL) || defined(OPENSSL_FREEBSD)) + defined(ANDROID_BAREMETAL) #include @@ -89,5 +86,4 @@ static uint32_t read_armcap(void) { void OPENSSL_cpuid_setup(void) { OPENSSL_armcap_P |= read_armcap(); } -#endif // OPENSSL_AARCH64 && !OPENSSL_STATIC_ARMCAP && - // (ANDROID_BAREMETAL || OPENSSL_FREEBSD) +#endif // OPENSSL_AARCH64 && !OPENSSL_STATIC_ARMCAP && ANDROID_BAREMETAL diff --git a/crypto/fipsmodule/cpucap/internal.h b/crypto/fipsmodule/cpucap/internal.h index 784698a873..bccb8260c6 100644 --- a/crypto/fipsmodule/cpucap/internal.h +++ b/crypto/fipsmodule/cpucap/internal.h @@ -180,13 +180,9 @@ OPENSSL_INLINE int CRYPTO_cpu_perf_is_like_silvermont(void) { #if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) -// We do not detect any features at runtime on several 32-bit Arm platforms. -// Apple platforms and OpenBSD require NEON and moved to 64-bit to pick up Armv8 -// extensions. Android baremetal does not aim to support 32-bit Arm at all, but -// it simplifies things to make it build. -#if defined(OPENSSL_ARM) && !defined(OPENSSL_STATIC_ARMCAP) && \ - (defined(OPENSSL_APPLE) || defined(OPENSSL_OPENBSD) || \ - defined(ANDROID_BAREMETAL)) +#if defined(OPENSSL_APPLE) && defined(OPENSSL_ARM) +// We do not detect any features at runtime for Apple's 32-bit ARM platforms. On +// 64-bit ARM, we detect some post-ARMv8.0 features. #define OPENSSL_STATIC_ARMCAP #endif From 95dd2419960c77b0458260af867273bde0e5ff58 Mon Sep 17 00:00:00 2001 From: Justin Smith Date: Mon, 11 Nov 2024 13:55:32 -0500 Subject: [PATCH 2/6] CI for *BSD on ARM64 --- .github/workflows/actions-ci.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/actions-ci.yml b/.github/workflows/actions-ci.yml index 311d54b17a..d9086b7971 100644 --- a/.github/workflows/actions-ci.yml +++ b/.github/workflows/actions-ci.yml @@ -392,11 +392,13 @@ jobs: - name: Run tests run: cmake --build ./build --target run_tests - OpenBSD-x86-64: + OpenBSD: needs: [sanity-test-run] runs-on: ubuntu-latest + name: OpenBSD ${{ matrix.version }} (${{ matrix.arch }}) test strategy: matrix: + arch: ["x86-64", "arm64"] args: ["", "-f"] version: ["7.4", "7.5"] steps: @@ -411,7 +413,7 @@ jobs: operating_system: openbsd cpu_count: 4 memory: 16G - architecture: x86-64 + architecture: ${{ matrix.arch }} version: '7.4' shell: bash run: | @@ -517,14 +519,17 @@ jobs: # echo ${env:SDEROOT} # .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86 true # - freebsd-13: + freebsd: if: github.repository_owner == 'aws' needs: [sanity-test-run] - name: FreeBSD ${{ matrix.version }} test + name: FreeBSD ${{ matrix.version }} (${{ matrix.arch }}) test runs-on: ubuntu-latest strategy: fail-fast: false matrix: + arch: + - 'x86-64' + - 'arm64' version: - '13.3' - '14.1' @@ -541,7 +546,7 @@ jobs: with: environment_variables: 'AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS AWS_LC_GO_TEST_TIMEOUT GOFLAGS' operating_system: freebsd - architecture: x86-64 + architecture: ${{ matrix.arch }} version: ${{ matrix.version }} shell: bash memory: 16G From 372d9a208b7a9e252ca8c75a2d75d170e72003c0 Mon Sep 17 00:00:00 2001 From: Justin Smith Date: Mon, 11 Nov 2024 16:03:43 -0500 Subject: [PATCH 3/6] Skip other tests for ARM64 --- .github/workflows/actions-ci.yml | 11 +++++------ tests/ci/run_bsd_tests.sh | 6 ++++++ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/actions-ci.yml b/.github/workflows/actions-ci.yml index d9086b7971..59afa861ad 100644 --- a/.github/workflows/actions-ci.yml +++ b/.github/workflows/actions-ci.yml @@ -399,7 +399,6 @@ jobs: strategy: matrix: arch: ["x86-64", "arm64"] - args: ["", "-f"] version: ["7.4", "7.5"] steps: - uses: actions/checkout@v3 @@ -411,8 +410,8 @@ jobs: with: environment_variables: AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS AWS_LC_GO_TEST_TIMEOUT operating_system: openbsd - cpu_count: 4 - memory: 16G + cpu_count: 3 + memory: 12G architecture: ${{ matrix.arch }} version: '7.4' shell: bash @@ -447,7 +446,7 @@ jobs: cd $(pwd) export PATH="${HOME}/bin:${PATH}" env - tests/ci/run_bsd_tests.sh ${{ matrix.args }} + tests/ci/run_bsd_tests.sh EOF gcc-4_8: needs: [sanity-test-run] @@ -549,8 +548,8 @@ jobs: architecture: ${{ matrix.arch }} version: ${{ matrix.version }} shell: bash - memory: 16G - cpu_count: 4 + memory: 12G + cpu_count: 3 run: | sudo pkg install -y git gmake cmake go ninja tests/ci/run_bsd_tests.sh diff --git a/tests/ci/run_bsd_tests.sh b/tests/ci/run_bsd_tests.sh index 377cda42da..e749cda859 100755 --- a/tests/ci/run_bsd_tests.sh +++ b/tests/ci/run_bsd_tests.sh @@ -9,6 +9,12 @@ source tests/ci/common_posix_setup.sh echo "Testing AWS-LC shared library in release mode." build_and_test -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1 +if [ "$PLATFORM" != "amd64" ] && [ "$PLATFORM" != "x86_64" ]; then + # ARM64 platforms are tested via emulation, so the test durations exceed our 1 hour expectation + echo "Skipping further testing for $KERNEL_NAME $PLATFORM" + exit 0 +fi + echo "Testing AWS-LC static library in release mode." build_and_test -DCMAKE_BUILD_TYPE=Release From 644f3fd9fed863f9071f541eca40f6b8bbc2cfc3 Mon Sep 17 00:00:00 2001 From: Joel Knight Date: Mon, 11 Nov 2024 21:01:46 -0700 Subject: [PATCH 4/6] Actually run OpenBSD CI on the desired version While here, rotate the OpenBSD versions to keep up with the latest release (OpenBSD support model is N and N-1). --- .github/workflows/actions-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/actions-ci.yml b/.github/workflows/actions-ci.yml index 59afa861ad..1e383f7a6d 100644 --- a/.github/workflows/actions-ci.yml +++ b/.github/workflows/actions-ci.yml @@ -399,7 +399,7 @@ jobs: strategy: matrix: arch: ["x86-64", "arm64"] - version: ["7.4", "7.5"] + version: ["7.5", "7.6"] steps: - uses: actions/checkout@v3 - name: OpenBSD @@ -413,7 +413,7 @@ jobs: cpu_count: 3 memory: 12G architecture: ${{ matrix.arch }} - version: '7.4' + version: "${{ matrix.version }}" shell: bash run: | set -x From 62c7f50180541ca8cbe86451c129c6d75865fa4a Mon Sep 17 00:00:00 2001 From: Joel Knight Date: Tue, 12 Nov 2024 15:57:52 -0700 Subject: [PATCH 5/6] Forgot, have to push version of cross-platform-actions There's no tag which supports OpenBSD 7.6, so pinning to the latest commit for now. --- .github/workflows/actions-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/actions-ci.yml b/.github/workflows/actions-ci.yml index 1e383f7a6d..252442f398 100644 --- a/.github/workflows/actions-ci.yml +++ b/.github/workflows/actions-ci.yml @@ -403,7 +403,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: OpenBSD - uses: cross-platform-actions/action@v0.24.0 + uses: cross-platform-actions/action@595d543 env: AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS: 5 AWS_LC_GO_TEST_TIMEOUT: 120m From dd9354403a6db750198cc950a1edee0b027910ae Mon Sep 17 00:00:00 2001 From: Joel Knight Date: Tue, 26 Nov 2024 08:55:30 -0700 Subject: [PATCH 6/6] Full commit hash for cross-platform-actions --- .github/workflows/actions-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/actions-ci.yml b/.github/workflows/actions-ci.yml index 252442f398..ac7ada299c 100644 --- a/.github/workflows/actions-ci.yml +++ b/.github/workflows/actions-ci.yml @@ -403,7 +403,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: OpenBSD - uses: cross-platform-actions/action@595d543 + uses: cross-platform-actions/action@595d543e5d1aeb6d48c0a176965028afe56c7018 env: AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS: 5 AWS_LC_GO_TEST_TIMEOUT: 120m