FIPS强制模式的Oreo 8.1 Boringssl构建失败

时间:2019-02-20 16:15:54

标签: android android-ndk android-ndk-r7

我正在尝试为FIPS强制模式构建boringssl,并且构建失败。到目前为止,我已经在cmake命令中启用了两个标志“ FIPS”和“ FIPS_DELOCATE”,然后进行了忍者构建。

我正在使用Oreo 8.1。代码库,我已经为此苦苦挣扎了一段时间。这是我遵循的步骤。 

external/boringssl/src$ cmake -DANDROID_ABI=arm64-v8a -DCMAKE_TOOLCHAIN_FILE=${ANDROID_NDK}/build/cmake/android.toolchain.cmake -DANDROID_NATIVE_API_LEVEL=27  -DFIPS=1 -DFIPS_DELOCATE=1
// This command executes successfully, and all config files are generated 

external/boringssl/src$ ninja 

// This command giving below error

siyachin@pcz-siyachin:/u/siyachin/Project_O3/external/boringssl/src$ ninja
[244/388] Building C object crypto/fipsmodule/CMakeFiles/bcm_c_generated_asm.dir/bcm.c.o
clang: warning: argument unused during compilation: '-Wa,--noexecstack' [-Wunused-command-line-argument]
[252/388] Generating bcm-delocated.S
FAILED: cd /u/siyachin/Project_O3/external/boringssl/src && go run util/fipstools/delocate.go util/fipstools/delocate.peg.go util/fipstools/ar.go util/fipstools/const.go -a /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/libbcm_c_generated_asm.a -o /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/bcm-delocated.S /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/aesv8-armx.S /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/armv8-mont.S /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/ghashv8-armx.S /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/sha1-armv8.S /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/sha256-armv8.S /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/sha512-armv8.S
error while parsing "/u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/libbcm_c_generated_asm.a":
parse error near WS (line 57 symbol 29 - line 57 symbol 34):
"     "

exit status 1
ninja: build stopped: subcommand failed.

我认为,使用util / fipstools / delocate.go的构建失败。我试图放入一些调试日志,但尝试从delocate.go解析libbcm_c_genic_asm.a时却失败了。

还有什么办法,我可以从Android.bp运行go文件吗,因为FIPS Relaxed模式可以通过Android.bp正常构建吗?

1 个答案:

答案 0 :(得分:1)

我遇到了同样的问题。我试图在fips模式下为x86编译boringssl(x86_64可以工作)。 通过修改“ delocate.peg”,重新生成“ delocate.peg.go”(使用https://github.com/pointlander/peg),我能够解决“解析”问题,但是最终陷入了困境。 如果查看文件https://boringssl.googlesource.com/boringssl/+/refs/tags/fips-20180730/util/fipstools/delocate.go中的行号141,您会看到FIPS模式仅适用于x86_64和ppc64le,而目前不支持ARM或x86。

https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2964.pdf上查看受支持的拱门

相关问题
最新问题