I am trying to build boringssl for FIPS Enforced mode and the build is failing. So far, I have enabled two flags "FIPS", and "FIPS_DELOCATE" in cmake command, followed by ninja build.
I am using Oreo 8.1. codebase and I have been struggling with this for quite some time. Here are the steps I followed.
external/boringssl/src$ cmake -DANDROID_ABI=arm64-v8a -DCMAKE_TOOLCHAIN_FILE=${ANDROID_NDK}/build/cmake/android.toolchain.cmake -DANDROID_NATIVE_API_LEVEL=27 -DFIPS=1 -DFIPS_DELOCATE=1
// This command executes successfully, and all config files are generated
external/boringssl/src$ ninja
// This command giving below error
siyachin@pcz-siyachin:/u/siyachin/Project_O3/external/boringssl/src$ ninja
[244/388] Building C object crypto/fipsmodule/CMakeFiles/bcm_c_generated_asm.dir/bcm.c.o
clang: warning: argument unused during compilation: '-Wa,--noexecstack' [-Wunused-command-line-argument]
[252/388] Generating bcm-delocated.S
FAILED: cd /u/siyachin/Project_O3/external/boringssl/src && go run util/fipstools/delocate.go util/fipstools/delocate.peg.go util/fipstools/ar.go util/fipstools/const.go -a /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/libbcm_c_generated_asm.a -o /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/bcm-delocated.S /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/aesv8-armx.S /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/armv8-mont.S /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/ghashv8-armx.S /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/sha1-armv8.S /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/sha256-armv8.S /u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/sha512-armv8.S
error while parsing "/u/siyachin/Project_O3/external/boringssl/src/crypto/fipsmodule/libbcm_c_generated_asm.a":
parse error near WS (line 57 symbol 29 - line 57 symbol 34):
" "
exit status 1
ninja: build stopped: subcommand failed.
I think, the build failing with util/fipstools/delocate.go. I tried to put some debug logs, and its failing while trying to pars libbcm_c_generated_asm.a from delocate.go.
Also, is there any way, I can run go files from from Android.bp?, as FIPS Relaxed mode is building properly with my Android.bp?
I ran into the same issue. I was trying to compile boringssl in fips mode for x86 ( x86_64 works ). I was able to get past the "parse" issues by modifying "delocate.peg", regenerating "delocate.peg.go" ( using https://github.com/pointlander/peg ) but eventually got stuck. If you look at line number 141 in file https://boringssl.googlesource.com/boringssl/+/refs/tags/fips-20180730/util/fipstools/delocate.go, you will see that the FIPS mode is only supported for x86_64 and ppc64le, It is currently not supported for ARM or x86.
See supported arch at https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2964.pdf