1#!/bin/bash 2# Copyright 2020 The Go Authors. All rights reserved. 3# Use of this source code is governed by a BSD-style 4# license that can be found in the LICENSE file. 5 6# Do not run directly; run build.sh, which runs this in Docker. 7# This script builds boringssl, which has already been unpacked in /boring/boringssl. 8 9set -e 10id 11date 12cd /boring 13 14# Go requires -fPIC for linux/amd64 cgo builds. 15# Setting -fPIC only affects the compilation of the non-module code in libcrypto.a, 16# because the FIPS module itself is already built with -fPIC. 17echo '#!/bin/bash 18exec clang-'$ClangV' -DGOBORING -fPIC "$@" 19' >/usr/local/bin/clang 20echo '#!/bin/bash 21exec clang++-'$ClangV' -DGOBORING -fPIC "$@" 22' >/usr/local/bin/clang++ 23chmod +x /usr/local/bin/clang /usr/local/bin/clang++ 24 25# The BoringSSL tests use Go, and cgo would look for gcc. 26export CGO_ENABLED=0 27 28# Modify the support code crypto/mem.c (outside the FIPS module) 29# to not try to use weak symbols, because they don't work with some 30# Go toolchain / clang toolchain combinations. 31perl -p -i -e 's/defined.*ELF.*defined.*GNUC.*/$0 \&\& !defined(GOBORING)/' boringssl/crypto/mem.c 32 33# Verbatim instructions from BoringCrypto build docs. 34printf "set(CMAKE_C_COMPILER \"clang\")\nset(CMAKE_CXX_COMPILER \"clang++\")\n" >${HOME}/toolchain 35cd boringssl 36mkdir build && cd build && cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=${HOME}/toolchain -DFIPS=1 -DCMAKE_BUILD_TYPE=Release .. 37ninja 38./crypto/crypto_test 39cd ../.. 40 41if [ "$(./boringssl/build/tool/bssl isfips)" != 1 ]; then 42 echo "NOT FIPS" 43 exit 2 44fi 45