Skip to content

Commit

Permalink
crypto/internal/boring: disable LFS64 interfaces
Browse files Browse the repository at this point in the history 
Comment out the definition in the libcrypto I/O code which enables
the LFS64 interfaces. We don't use any of the I/O bits and pieces, and
it's outside of the FIPS module, and it fixes some breakage in certain
scenarios.

Change-Id: Ie6597813726f94e23780b77d907cc1b9ccef36f0
Reviewed-on: https://go-review.googlesource.com/c/go/+/609976
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
  • Loading branch information
@rolandshoemaker
rolandshoemaker committed Sep 4, 2024
1 parent dfae83c commit a570823
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions src/crypto/internal/boring/build-boring.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,15 @@ export CGO_ENABLED=0
# Go toolchain / clang toolchain combinations.
perl -p -i -e 's/defined.*ELF.*defined.*GNUC.*/$0 \&\& !defined(GOBORING)/' boringssl/crypto/mem.c

# We build all of libcrypto, which includes a bunch of I/O operations that we
# don't actually care about, since we only really want the BoringCrypto module.
# In libcrypto, they use the LFS64 interfaces where available in order to
# traverse files larger than 2GB. In some scenarios this can cause breakage, so
# we comment out the _FILE_OFFSET_BITS definition which enables the LFS64
# interfaces. Since this code is outside of the FIPS module, it doesn't affect
# the certification status of the module. See b/364606941 for additional context.
perl -p -i -e 's/(#define _FILE_OFFSET_BITS 64)/\/\/ $1/' boringssl/crypto/bio/file.c

# Verbatim instructions from BoringCrypto build docs.
printf "set(CMAKE_C_COMPILER \"clang\")\nset(CMAKE_CXX_COMPILER \"clang++\")\n" >${HOME}/toolchain
cd boringssl
Expand Down
Binary file modified src/crypto/internal/boring/syso/goboringcrypto_linux_amd64.syso
View file
Binary file not shown.
Binary file modified src/crypto/internal/boring/syso/goboringcrypto_linux_arm64.syso
View file
Binary file not shown.

0 comments on commit a570823

Please sign in to comment.