ENV LANG=C
ENV LANGUAGE=
-# Following NIST submission draft dated July 3, 2021.
-# This corresponds to boringssl.googlesource.com/boringssl tag fips-20210429.
-ENV ClangV=12
+# Following NIST submission draft for In Progress module validation.
+# This corresponds to boringssl.googlesource.com/boringssl tag fips-20220613.
RUN apt-get update && \
- apt-get install --no-install-recommends -y cmake xz-utils wget unzip ca-certificates clang-$ClangV python
+ apt-get install --no-install-recommends -y cmake xz-utils wget unzip ca-certificates python lsb-release software-properties-common gnupg
+
+# Install Clang.
+ENV ClangV=14
+RUN \
+ wget https://apt.llvm.org/llvm.sh && \
+ chmod +x llvm.sh && \
+ ./llvm.sh $ClangV
# Download, validate, unpack, build, and install Ninja.
-ENV NinjaV=1.10.2
-ENV NinjaH=ce35865411f0490368a8fc383f29071de6690cbadc27704734978221f25e2bed
+ENV NinjaV=1.10.1
+ENV NinjaH=a6b6f7ac360d4aabd54e299cc1d8fa7b234cd81b9401693da21221c62569a23e
RUN \
wget https://github.com/ninja-build/ninja/archive/refs/tags/v$NinjaV.tar.gz && \
echo "$NinjaH v$NinjaV.tar.gz" >sha && sha256sum -c sha && \
# Download, validate, unpack, and install Go.
ARG GOARCH
-ENV GoV=1.16.5
-ENV GoHamd64=b12c23023b68de22f74c0524f10b753e7b08b1504cb7e417eccebdd3fae49061
-ENV GoHarm64=d5446b46ef6f36fdffa852f73dfbbe78c1ddf010b99fa4964944b9ae8b4d6799
+ENV GoV=1.18.1
+ENV GoHamd64=b3b815f47ababac13810fc6021eb73d65478e0b2db4b09d348eefad9581a2334
+ENV GoHarm64=56a91851c97fb4697077abbca38860f735c32b38993ff79b088dac46e4735633
RUN \
eval GoH=\${GoH$GOARCH} && \
wget https://golang.org/dl/go$GoV.linux-$GOARCH.tar.gz && \
ln -s /usr/local/go/bin/go /usr/local/bin/
# Download, validate, and unpack BoringCrypto.
-ENV BoringV=853ca1ea1168dff08011e5d42d94609cc0ca2e27
-ENV BoringH=a4d069ccef6f3c7bc0c68de82b91414f05cb817494cd1ab483dcf3368883c7c2
+ENV BoringV=0c6f40132b828e92ba365c6b7680e32820c63fa7
+ENV BoringH=62f733289f2d677c2723f556aa58034c438f3a7bbca6c12b156538a88e38da8a
RUN \
wget https://commondatastorage.googleapis.com/chromium-boringssl-fips/boringssl-$BoringV.tar.xz && \
echo "$BoringH boringssl-$BoringV.tar.xz" >sha && sha256sum -c sha && \
The goboringcrypto_linux_amd64.syso object file is built
from BoringSSL source code by build/build.sh and is covered
by the BoringSSL license reproduced below and also at
-https://boringssl.googlesource.com/boringssl/+/fips-20190808/LICENSE.
+https://boringssl.googlesource.com/boringssl/+/fips-20220613/LICENSE.
BoringSSL is a fork of OpenSSL. As such, large parts of it fall under OpenSSL
licensing. Files that are completely new have a Google copyright and an ISC
GOARCH=arm64 ./build.sh
-Both run on an x86 Debian Linux system using Docker.
+Both run using Docker.
+
For the arm64 build to run on an x86 system, you need
apt-get install qemu-user-static qemu-binfmt-support
to allow the x86 kernel to run arm64 binaries via QEMU.
-See build.sh for more details about the build.
-
+For the amd64 build to run on an Apple Silicon macOS, you need Rosetta 2.
+See build.sh for more details about the build.
awk -f boringh.awk goboringcrypto.h # writes goboringcrypto[01].h
ls -l ../boringssl/include
-clang++ -std=c++11 -fPIC -I../boringssl/include -O2 -o a.out goboringcrypto.cc
+clang++ -fPIC -I../boringssl/include -O2 -o a.out goboringcrypto.cc
./a.out || exit 2
# clang implements u128 % u128 -> u128 by calling __umodti3,
buildargs=""
case "$GOARCH" in
amd64)
+ if ! docker run --rm -t amd64/ubuntu:focal uname -m >/dev/null 2>&1; then
+ echo "# Docker cannot run amd64 binaries."
+ exit 1
+ fi
+ platform="--platform linux/amd64"
+ buildargs="--build-arg ubuntu=amd64/ubuntu"
;;
arm64)
if ! docker run --rm -t arm64v8/ubuntu:focal uname -m >/dev/null 2>&1; then
int _goboringcrypto_EVP_AEAD_CTX_seal(const GO_EVP_AEAD_CTX*, uint8_t*, size_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t);
int _goboringcrypto_EVP_AEAD_CTX_open(const GO_EVP_AEAD_CTX*, uint8_t*, size_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t);
const GO_EVP_AEAD* _goboringcrypto_EVP_aead_aes_128_gcm_tls12(void);
+const GO_EVP_AEAD* _goboringcrypto_EVP_aead_aes_128_gcm_tls13(void);
const GO_EVP_AEAD* _goboringcrypto_EVP_aead_aes_256_gcm_tls12(void);
+const GO_EVP_AEAD* _goboringcrypto_EVP_aead_aes_256_gcm_tls13(void);
enum go_evp_aead_direction_t {
go_evp_aead_open = 0,
go_evp_aead_seal = 1