1
0
mirror of https://github.com/golang/go synced 2024-11-11 17:51:49 -07:00

crypto/internal/boring: disable LFS64 interfaces

Comment out the definition in the libcrypto I/O code which enables
the LFS64 interfaces. We don't use any of the I/O bits and pieces, and
it's outside of the FIPS module, and it fixes some breakage in certain
scenarios.

Change-Id: Ie6597813726f94e23780b77d907cc1b9ccef36f0
Reviewed-on: https://go-review.googlesource.com/c/go/+/609976
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
This commit is contained in:
Roland Shoemaker 2024-08-30 21:11:09 -07:00 committed by Roland Shoemaker
parent dfae83c9db
commit a5708231ac
3 changed files with 9 additions and 0 deletions

View File

@ -30,6 +30,15 @@ export CGO_ENABLED=0
# Go toolchain / clang toolchain combinations.
perl -p -i -e 's/defined.*ELF.*defined.*GNUC.*/$0 \&\& !defined(GOBORING)/' boringssl/crypto/mem.c
# We build all of libcrypto, which includes a bunch of I/O operations that we
# don't actually care about, since we only really want the BoringCrypto module.
# In libcrypto, they use the LFS64 interfaces where available in order to
# traverse files larger than 2GB. In some scenarios this can cause breakage, so
# we comment out the _FILE_OFFSET_BITS definition which enables the LFS64
# interfaces. Since this code is outside of the FIPS module, it doesn't affect
# the certification status of the module. See b/364606941 for additional context.
perl -p -i -e 's/(#define _FILE_OFFSET_BITS 64)/\/\/ $1/' boringssl/crypto/bio/file.c
# Verbatim instructions from BoringCrypto build docs.
printf "set(CMAKE_C_COMPILER \"clang\")\nset(CMAKE_CXX_COMPILER \"clang++\")\n" >${HOME}/toolchain
cd boringssl