CI for PPC32be and PPC64LE Cross build/test (aws#1329)

Add CI to build/test for ppc32be and ppc64be big-endian

.github/workflows/cross-test.yml

@@ -0,0 +1,42 @@
+name: Cross Build & Test
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+concurrency:
+  group: ppc64be-${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+jobs:
+  ppc64-build-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install qemu
+        run: sudo apt-get -y install qemu-user qemu-user-binfmt
+      - uses: actions/checkout@v4
+      - name: PPC64 Build/Test
+        run: tests/ci/run_cross_tests.sh ppc64 powerpc64-unknown-linux-gnu "-DCMAKE_BUILD_TYPE=Release" "-DCMAKE_BUILD_TYPE=Release -DFIPS=1 -DBUILD_SHARED_LIBS=1"
+  ppc32-non-fips-build-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install qemu
+        run: sudo apt-get -y install qemu-user qemu-user-binfmt
+      - uses: actions/checkout@v4
+      - name: PPC32 Build/Test
+        run: tests/ci/run_cross_tests.sh ppc powerpc-unknown-linux-gnu "-DCMAKE_BUILD_TYPE=Release"
+  ppc32-fips-build-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install qemu
+        run: sudo apt-get -y install qemu-user qemu-user-binfmt
+      - uses: actions/checkout@v4
+      - name: PPC32 Build/Test
+        run: tests/ci/run_cross_tests.sh ppc powerpc-unknown-linux-gnu "-DCMAKE_BUILD_TYPE=Release -DFIPS=1 -DBUILD_SHARED_LIBS=1"
+  ppc64le-build-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install qemu
+        run: sudo apt-get -y install qemu-user qemu-user-binfmt
+      - uses: actions/checkout@v4
+      - name: PPC64LE Build/Test
+        run: tests/ci/run_cross_tests.sh ppc64le powerpc64le-unknown-linux-gnu "-DCMAKE_BUILD_TYPE=Release" "-DCMAKE_BUILD_TYPE=Release -DFIPS=1 -DBUILD_SHARED_LIBS=1"

crypto/fipsmodule/bcm.c

@@ -149,6 +149,16 @@
 
 #if !defined(OPENSSL_ASAN)
 
+static const void* function_entry_ptr(const void* func_sym) {
+#if defined(OPENSSL_PPC64BE)
+  // Function pointers on ppc64 point to a function descriptor.
+  // https://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.html#FUNC-ADDRESS
+  return (const void*)(((uint64_t *)func_sym)[0]);
+#else
+  return (const void*)func_sym;
+#endif
+}
+
 // These symbols are filled in by delocate.go (in static builds) or a linker
 // script (in shared builds). They point to the start and end of the module, and
 // the location of the integrity hash, respectively.
@@ -265,15 +275,15 @@ int BORINGSSL_integrity_test(void) {
   const uint8_t *const start = BORINGSSL_bcm_text_start;
   const uint8_t *const end = BORINGSSL_bcm_text_end;
 
-  assert_within(start, AES_encrypt, "AES_encrypt", end);
-  assert_within(start, RSA_sign, "RSA_sign", end);
-  assert_within(start, RAND_bytes, "RAND_bytes", end);
-  assert_within(start, EC_GROUP_cmp, "EC_GROUP_cmp", end);
-  assert_within(start, SHA256_Update, "SHA256_Update", end);
-  assert_within(start, ECDSA_do_verify, "ECDSA_do_verify", end);
-  assert_within(start, EVP_AEAD_CTX_seal, "EVP_AEAD_CTX_seal", end);
-  assert_not_within(start, OPENSSL_cleanse, "OPENSSL_cleanse", end);
-  assert_not_within(start, CRYPTO_chacha_20, "CRYPTO_chacha_20", end);
+  assert_within(start, function_entry_ptr(AES_encrypt), "AES_encrypt", end);
+  assert_within(start, function_entry_ptr(RSA_sign), "RSA_sign", end);
+  assert_within(start, function_entry_ptr(RAND_bytes), "RAND_bytes", end);
+  assert_within(start, function_entry_ptr(EC_GROUP_cmp), "EC_GROUP_cmp", end);
+  assert_within(start, function_entry_ptr(SHA256_Update), "SHA256_Update", end);
+  assert_within(start, function_entry_ptr(ECDSA_do_verify), "ECDSA_do_verify", end);
+  assert_within(start, function_entry_ptr(EVP_AEAD_CTX_seal), "EVP_AEAD_CTX_seal", end);
+  assert_not_within(start, function_entry_ptr(OPENSSL_cleanse), "OPENSSL_cleanse", end);
+  assert_not_within(start, function_entry_ptr(CRYPTO_chacha_20), "CRYPTO_chacha_20", end);
 #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
   assert_not_within(start, OPENSSL_ia32cap_P, "OPENSSL_ia32cap_P", end);
 #elif defined(OPENSSL_AARCH64)

tests/ci/gtest_util.sh

@@ -22,8 +22,7 @@ function shard_gtest() {
 
     RESULT=0
     for PID in ${PIDS[*]}; do
-        wait -f $PID
-        if "${?}" -ne "0"; then
+        if wait -f $PID; then
           RESULT=${?}
         fi
     done

tests/ci/run_cross_ppc64_tests.sh → tests/ci/run_cross_tests.sh

@@ -4,14 +4,23 @@
 
 set -ex
 
+TARGET_CPU="${1}"
+TARGET_PLATFORM="${2}"
+BUILD_OPTIONS=("${@:3:5}")
+
+if [ "${#BUILD_OPTIONS[@]}" -lt 1 ]; then
+    echo "Must pass build parameters"
+    exit 1
+fi
+
 SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 SCRIPT_DIR="$(readlink -f "${SCRIPT_DIR}")"
 
 source "${SCRIPT_DIR}/common_posix_setup.sh"
 source "${SCRIPT_DIR}/gtest_util.sh"
 
 # Assumes script is executed from the root of aws-lc directory
-SCRATCH_FOLDER="${SYS_ROOT}/SCRATCH_PPC64"
+SCRATCH_FOLDER="${SYS_ROOT}/SCRATCH_${TARGET_CPU}"
 
 if [ -e "${SCRATCH_FOLDER}" ]; then
     # Some directories in the archive lack write permission, preventing deletion of files
@@ -22,38 +31,33 @@ mkdir -p "${SCRATCH_FOLDER}"
 
 pushd "${SCRATCH_FOLDER}"
 
-wget -q https://aws-libcrypto.s3.us-west-2.amazonaws.com/cross-compile-toolchains/host-x86_64-pc-linux-gnu/ppc64-x-tools.tar.xz
-tar Jxf ppc64-x-tools.tar.xz --no-same-owner --no-same-permissions
+wget -q https://aws-libcrypto.s3.us-west-2.amazonaws.com/cross-compile-toolchains/host-x86_64-pc-linux-gnu/${TARGET_CPU}-x-tools.tar.xz
+tar Jxf ${TARGET_CPU}-x-tools.tar.xz --no-same-owner --no-same-permissions
 
-cat <<EOF > ppc64.cmake
+cat <<EOF > ${TARGET_CPU}.cmake
 # Specify the target system
 set(CMAKE_SYSTEM_NAME Linux)
-set(CMAKE_SYSTEM_PROCESSOR ppc64)
+set(CMAKE_SYSTEM_PROCESSOR ${TARGET_CPU})
 
 # Specify the cross-compiler
-set(CMAKE_C_COMPILER ${SCRATCH_FOLDER}/powerpc64-unknown-linux-gnu/bin/powerpc64-unknown-linux-gnu-gcc)
-set(CMAKE_CXX_COMPILER ${SCRATCH_FOLDER}/powerpc64-unknown-linux-gnu/bin/powerpc64-unknown-linux-gnu-g++)
+set(CMAKE_C_COMPILER ${SCRATCH_FOLDER}/${TARGET_PLATFORM}/bin/${TARGET_PLATFORM}-gcc)
+set(CMAKE_CXX_COMPILER ${SCRATCH_FOLDER}/${TARGET_PLATFORM}/bin/${TARGET_PLATFORM}-g++)
 
 # Specify the sysroot for the target system
-set(CMAKE_SYSROOT ${SCRATCH_FOLDER}/powerpc64-unknown-linux-gnu/powerpc64-unknown-linux-gnu/sysroot)
-set(CMAKE_SYSTEM_INCLUDE_PATH ${SCRATCH_FOLDER}/powerpc64-unknown-linux-gnu/powerpc64-unknown-linux-gnu/sysroot/usr/include)
+set(CMAKE_SYSROOT ${SCRATCH_FOLDER}/${TARGET_PLATFORM}/${TARGET_PLATFORM}/sysroot)
+set(CMAKE_SYSTEM_INCLUDE_PATH ${SCRATCH_FOLDER}/${TARGET_PLATFORM}/${TARGET_PLATFORM}/sysroot/usr/include)
 
 set(ENABLE_EXPERIMENTAL_BIG_ENDIAN_SUPPORT true)
 set(CMAKE_GENERATOR Ninja)
 EOF
 
-export QEMU_LD_PREFIX="${SCRATCH_FOLDER}/powerpc64-unknown-linux-gnu/powerpc64-unknown-linux-gnu/sysroot"
-export LD_LIBRARY_PATH="${SCRATCH_FOLDER}/powerpc64-unknown-linux-gnu/powerpc64-unknown-linux-gnu/sysroot/lib"
-
-echo "Testing AWS-LC shared library for PPC64 big-endian."
+export QEMU_LD_PREFIX="${SCRATCH_FOLDER}/${TARGET_PLATFORM}/${TARGET_PLATFORM}/sysroot"
+export LD_LIBRARY_PATH="${SCRATCH_FOLDER}/${TARGET_PLATFORM}/${TARGET_PLATFORM}/sysroot/lib"
 
-BUILD_OPTIONS=()
-BUILD_OPTIONS+=("-DCMAKE_BUILD_TYPE=Release")
-# TODO: Investigate issues with the FIPS build for ppc64be
-#BUILD_OPTIONS+=("-DCMAKE_BUILD_TYPE=Release -DFIPS=1 -DBUILD_SHARED_LIBS=1")
+echo "Testing AWS-LC shared library for ${TARGET_CPU}."
 
 for BO in "${BUILD_OPTIONS[@]}"; do
-  run_build -DCMAKE_TOOLCHAIN_FILE="${SCRATCH_FOLDER}/ppc64.cmake" ${BO}
+  run_build -DCMAKE_TOOLCHAIN_FILE="${SCRATCH_FOLDER}/${TARGET_CPU}.cmake" ${BO}
 
   shard_gtest "${BUILD_ROOT}/crypto/crypto_test --gtest_also_run_disabled_tests"
   shard_gtest ${BUILD_ROOT}/crypto/urandom_test
@@ -63,7 +67,7 @@ for BO in "${BUILD_OPTIONS[@]}"; do
   shard_gtest ${BUILD_ROOT}/ssl/ssl_test
   shard_gtest ${BUILD_ROOT}/ssl/integration_test
 
-  # Due to its special linkage, this is now a Google Test
+  # Due to its special linkage, this does not use GoogleTest
   ${BUILD_ROOT}/crypto/dynamic_loading_test
 done
 popd