1#!/bin/bash
2# Copyright 2020 The Go Authors. All rights reserved.
3# Use of this source code is governed by a BSD-style
4# license that can be found in the LICENSE file.
5
6# Do not run directly; run build.sh, which runs this in Docker.
7# This script builds boringssl, which has already been unpacked in /boring/boringssl.
8
9set -e
10id
11date
12cd /boring
13
14# Go requires -fPIC for linux/amd64 cgo builds.
15# Setting -fPIC only affects the compilation of the non-module code in libcrypto.a,
16# because the FIPS module itself is already built with -fPIC.
17echo '#!/bin/bash
18exec clang-'$ClangV' -DGOBORING -fPIC "$@"
19' >/usr/local/bin/clang
20echo '#!/bin/bash
21exec clang++-'$ClangV' -DGOBORING -fPIC "$@"
22' >/usr/local/bin/clang++
23chmod +x /usr/local/bin/clang /usr/local/bin/clang++
24
25# The BoringSSL tests use Go, and cgo would look for gcc.
26export CGO_ENABLED=0
27
28# Modify the support code crypto/mem.c (outside the FIPS module)
29# to not try to use weak symbols, because they don't work with some
30# Go toolchain / clang toolchain combinations.
31perl -p -i -e 's/defined.*ELF.*defined.*GNUC.*/$0 \&\& !defined(GOBORING)/' boringssl/crypto/mem.c
32
33# Verbatim instructions from BoringCrypto build docs.
34printf "set(CMAKE_C_COMPILER \"clang\")\nset(CMAKE_CXX_COMPILER \"clang++\")\n" >${HOME}/toolchain
35cd boringssl
36mkdir build && cd build && cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=${HOME}/toolchain -DFIPS=1 -DCMAKE_BUILD_TYPE=Release ..
37ninja
38./crypto/crypto_test
39cd ../..
40
41if [ "$(./boringssl/build/tool/bssl isfips)" != 1 ]; then
42 echo "NOT FIPS"
43 exit 2
44fi
View as plain text