Google Git
Sign in
cobalt / cobalt / 25902c6cb1ab9cfd8ae2ee6b0fb52953f73deda5 / . / third_party / boringssl / BUILD.gn
blob: ad88eb2d5f6c690e7b9bf869631d4edb1256754c [file] [log] [blame]
# Copyright 2014 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import("//build/config/android/config.gni")
import("//build/config/arm.gni")
import("//build/config/compiler/compiler.gni")
import("//build/config/rust.gni")
import("//build/config/sanitizers/sanitizers.gni")
import("//build_overrides/build.gni")
import("//testing/libfuzzer/fuzzer_test.gni")
import("BUILD.generated.gni")
import("BUILD.generated_tests.gni")
if (enable_rust) {
import("//build/rust/cargo_crate.gni")
import("//build/rust/rust_bindgen.gni")
}
# Config for us and everybody else depending on BoringSSL.
config("external_config") {
include_dirs = [ "src/include" ]
if (is_component_build) {
defines = [ "BORINGSSL_SHARED_LIBRARY" ]
}
if (use_cobalt_customizations) {
if (is_starboard) {
include_dirs += [ "src/config/starboard" ]
} else if (is_native_target_build) {
include_dirs += [ "src/config/native_target" ]
}
}
}
# The config used by the :boringssl component itself, and the fuzzer copies.
config("component_config") {
visibility = [ ":*" ] # Only targets in this file can depend on this.
configs = [ ":internal_config" ]
defines = [ "BORINGSSL_IMPLEMENTATION" ]
}
# This config is used by anything that consumes internal headers. Tests consume
# this rather than :component_config.
config("internal_config") {
visibility = [ ":*" ] # Only targets in this file can depend on this.
defines = [
"BORINGSSL_ALLOW_CXX_RUNTIME",
"BORINGSSL_NO_STATIC_INITIALIZER",
"OPENSSL_SMALL",
]
if (is_starboard) {
defines += [
"NO_SYS_PARAM_H",
"NO_SYS_UN_H",
"NO_SYSLOG",
"OPENSSL_NO_CAMELLIA",
"OPENSSL_NO_CAPIENG",
"OPENSSL_NO_CAST",
"OPENSSL_NO_CMS",
"OPENSSL_NO_DYNAMIC_ENGINE",
"OPENSSL_NO_EC_NISTP_64_GCC_128",
"OPENSSL_NO_GMP",
"OPENSSL_NO_IDEA",
"OPENSSL_NO_JPAKE",
"OPENSSL_NO_KRB5",
"OPENSSL_NO_MDC2",
"OPENSSL_NO_OCSP",
"OPENSSL_NO_RC5",
"OPENSSL_NO_RFC3779",
"OPENSSL_NO_SCTP",
"OPENSSL_NO_SEED",
"OPENSSL_NO_STORE",
"OPENSSL_NO_SOCK", # Added by Cobalt to remove unused socket code.
"OPENSSL_NO_WHIRLPOOL",
"OPENSSL_NO_POSIX_IO",
]
}
}
config("no_asm_config") {
visibility = [ ":*" ] # Only targets in this file can depend on this.
defines = [ "OPENSSL_NO_ASM" ]
}
all_sources = crypto_sources + ssl_sources
all_headers = crypto_headers + ssl_headers
if (enable_rust_boringssl) {
rust_bindgen("raw_bssl_sys_bindings") {
header = "src/rust/bssl-sys/wrapper.h"
deps = [ ":boringssl" ]
bindgen_flags = [
"no-derive-default",
"enable-function-attribute-detection",
"use-core",
"default-macro-constant-type=signed",
"rustified-enum=point_conversion_form_t",
"allowlist-file=.*[[:punct:]]include[[:punct:]]openssl[[:punct:]].*\\.h",
"allowlist-file=.*[[:punct:]]rust_wrapper\\.h",
]
visibility = [ ":*" ] # private, should only be exposed through bssl_crypto
}
# Low level, bindgen generates system bindings to boringssl
cargo_crate("bssl_sys") {
crate_type = "rlib"
crate_root = "src/rust/bssl-sys/src/lib.rs"
sources = [ "src/rust/bssl-sys/src/lib.rs" ]
edition = "2021"
deps = [
":boringssl",
":raw_bssl_sys_bindings",
]
visibility = [ ":*" ] # private, should only be exposed through bssl_crypto
_bindgen_output = get_target_outputs(":raw_bssl_sys_bindings")
rustenv = [ "BINDGEN_RS_FILE=" + rebase_path(_bindgen_output[0]) ]
}
# Rust bindings to boringssl
cargo_crate("bssl_crypto") {
crate_type = "rlib"
crate_root = "src/rust/bssl-crypto/src/lib.rs"
sources = [ "src/rust/bssl-crypto/src/lib.rs" ]
edition = "2021"
deps = [ ":bssl_sys" ]
}
}
if (!use_cobalt_customizations) {
# Windows' assembly is built with NASM. The other platforms use the platform
# assembler. Exclude Windows ARM64 because NASM targets x86 and x64 only.
if (is_win && !is_msan && current_cpu != "arm64") {
import("//third_party/nasm/nasm_assemble.gni")
nasm_assemble("boringssl_asm") {
if (current_cpu == "x64") {
sources = crypto_sources_win_x86_64
} else if (current_cpu == "x86") {
sources = crypto_sources_win_x86
}
}
} else {
# This has no sources on some platforms so must be a source_set.
source_set("boringssl_asm") {
visibility = [ ":*" ] # Only targets in this file can depend on this.
sources = []
asmflags = []
include_dirs = [ "src/include" ]
if (is_msan) {
public_configs = [ ":no_asm_config" ]
} else if (current_cpu == "x64") {
if (is_apple) {
sources += crypto_sources_apple_x86_64
} else if (is_linux || is_chromeos || is_android) {
sources += crypto_sources_linux_x86_64
} else {
public_configs = [ ":no_asm_config" ]
}
} else if (current_cpu == "x86") {
if (is_apple) {
sources += crypto_sources_apple_x86
} else if (is_linux || is_chromeos || is_android) {
sources += crypto_sources_linux_x86
} else {
public_configs = [ ":no_asm_config" ]
}
} else if (current_cpu == "arm") {
if (is_linux || is_chromeos || is_android) {
sources += crypto_sources_linux_arm
} else if (is_apple) {
sources += crypto_sources_apple_arm
} else {
public_configs = [ ":no_asm_config" ]
}
} else if (current_cpu == "arm64") {
if (is_linux || is_chromeos || is_android) {
sources += crypto_sources_linux_aarch64
} else if (is_apple) {
sources += crypto_sources_apple_aarch64
} else if (is_win) {
sources += crypto_sources_win_aarch64
} else {
public_configs = [ ":no_asm_config" ]
}
} else {
public_configs = [ ":no_asm_config" ]
}
}
}
}
component("boringssl") {
sources = all_sources
public = all_headers
friend = [ ":*" ]
deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ]
if (!use_cobalt_customizations) {
# Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM
# config is forwarded to callers. In particular, boringssl_crypto_tests
# requires it.
public_deps = [ ":boringssl_asm" ]
}
public_configs = [ ":external_config" ]
configs += [ ":component_config" ]
if (use_cobalt_customizations) {
all_dependent_configs = [ ":external_config" ]
} else {
configs -= [ "//build/config/compiler:chromium_code" ]
configs += [ "//build/config/compiler:no_chromium_code" ]
}
if (is_nacl) {
deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
}
if (!use_cobalt_customizations) {
if (!is_debug && !optimize_for_size) {
configs -= [ "//build/config/compiler:default_optimization" ]
configs += [ "//build/config/compiler:optimize_max" ]
}
if (is_linux && is_component_build) {
version_script = "boringssl.map"
inputs = [ version_script ]
ldflags = [ "-Wl,--version-script=" +
rebase_path(version_script, root_build_dir) ]
}
}
if (is_starboard) {
sources -= [
"src/crypto/rand_extra/deterministic.c",
"src/crypto/rand_extra/fuchsia.c",
"src/crypto/rand_extra/windows.c",
]
sources += [
"src/crypto/cpu-starboard.c",
"src/crypto/rand_extra/starboard.c",
"src/crypto/refcount_starboard.c",
"src/crypto/thread_starboard.cc",
]
public -= [ "src/include/openssl/opensslconf.h" ]
public_deps = [
"//starboard:starboard_headers_only",
]
configs -= [ "//starboard/build/config:size" ]
configs += [ "//starboard/build/config:speed" ]
if (sb_is_modular) {
calling_convention = sabi_variables.calling_convention
if ((calling_convention != "aarch64" && calling_convention != "eabi" &&
calling_convention != "sysv" && calling_convention != "windows") ||
(target_cpu != "x86" && target_cpu != "x64" &&
target_cpu != "arm" && target_cpu != "arm64") || is_host_win) { # is_host_win : windows host modular builds need OPENSSL_NO_ASM )
defines = [ "OPENSSL_NO_ASM" ]
} else {
if (calling_convention == "aarch64" || calling_convention == "eabi" ||
calling_convention == "sysv") {
if (target_cpu == "x86") {
sources += crypto_sources_linux_x86
} else if (target_cpu == "x64") {
sources += crypto_sources_linux_x86_64
} else if (target_cpu == "arm") {
sources += crypto_sources_linux_arm
} else if (target_cpu == "arm64") {
sources += crypto_sources_linux_aarch64
} else if (calling_convention == "windows") {
if (target_cpu == "x86") {
sources += crypto_sources_win_x86
} else if (target_cpu == "x64") {
sources += crypto_sources_win_x86_64
}
}
}
}
} else {
if ((!is_linux && !is_android && !is_apple) ||
(target_cpu != "x86" && target_cpu != "x64" &&
target_cpu != "arm" && target_cpu != "arm64")) {
defines = [ "OPENSSL_NO_ASM" ]
} else if (is_linux || is_android) {
if (target_cpu == "x86") {
sources += crypto_sources_linux_x86
} else if (target_cpu == "x64") {
sources += crypto_sources_linux_x86_64
} else if (target_cpu == "arm") {
sources += crypto_sources_linux_arm
} else if (target_cpu == "arm64") {
sources += crypto_sources_linux_aarch64
}
} else if (is_apple) {
if (target_cpu == "arm64") {
sources += crypto_sources_apple_aarch64
} else if (target_cpu == "x64") {
defines = [ "OPENSSL_NO_ASM" ]
}
}
}
} else if (is_native_target_build) {
sources += [ "src/crypto/mem_native_target.c" ]
public -= [ "src/include/openssl/opensslconf.h" ]
if (is_linux || is_android) {
if (target_cpu == "x64") {
sources += crypto_sources_linux_x86_64
} else if (target_cpu == "arm") {
sources += crypto_sources_linux_arm
} else {
assert(false, "Unsupported Linux or Android arch for native build")
}
} else {
assert(false, "Unsupported OS for native build")
}
}
}
if (build_with_chromium) {
# These targets are named "_tests" rather than "_test" to avoid colliding with
# a historical "boringssl_ssl_test" target. This works around a bug with the
# iOS build rules.
bundle_data("boringssl_crypto_tests_bundle_data") {
sources = crypto_test_data
testonly = true
outputs = [ "{{bundle_resources_dir}}/" +
"{{source_root_relative_dir}}/{{source_file_part}}" ]
}
test("boringssl_crypto_tests") {
sources = crypto_test_sources + test_support_sources
data = crypto_test_data
deps = [
":boringssl",
":boringssl_crypto_tests_bundle_data",
"//testing/gtest",
]
configs -= [ "//build/config/compiler:chromium_code" ]
configs += [
":internal_config",
"//build/config/compiler:no_chromium_code",
]
# Chromium infrastructure does not support GTest, only the //base wrapper.
sources -= [ "src/crypto/test/gtest_main.cc" ]
sources += [
"gtest_main_chromium.cc",
"test_data_chromium.cc",
]
deps += [ "//base/test:test_support" ]
if (is_fuchsia) {
additional_manifest_fragments =
[ "//build/config/fuchsia/test/network.shard.test-cml" ]
}
}
test("boringssl_ssl_tests") {
sources = ssl_test_sources + test_support_sources
deps = [
":boringssl",
"//testing/gtest",
]
configs -= [ "//build/config/compiler:chromium_code" ]
configs += [
":internal_config",
"//build/config/compiler:no_chromium_code",
]
# Chromium infrastructure does not support GTest, only the //base wrapper.
sources -= [ "src/crypto/test/gtest_main.cc" ]
sources += [ "gtest_main_chromium.cc" ]
deps += [ "//base/test:test_support" ]
}
config("fuzzer_config") {
visibility = [ ":*" ] # Only targets in this file can depend on this.
defines = [
"BORINGSSL_UNSAFE_FUZZER_MODE",
"BORINGSSL_UNSAFE_DETERMINISTIC_MODE",
]
}
# The same as boringssl, but builds with BORINGSSL_UNSAFE_FUZZER_MODE.
# TODO(https://crbug.com/boringssl/258): Fold this into the normal target.
component("boringssl_fuzzer") {
visibility = [ ":*" ] # Only targets in this file can depend on this.
sources = all_sources
deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ]
# Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM
# config is forwarded to callers. In particular, boringssl_crypto_tests
# requires it.
public_deps = [ ":boringssl_asm" ]
public_configs = [
":external_config",
":fuzzer_config",
]
configs += [ ":component_config" ]
configs -= [ "//build/config/compiler:chromium_code" ]
configs += [ "//build/config/compiler:no_chromium_code" ]
if (is_nacl) {
deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
}
}
foreach(fuzzer, fuzzers) {
fuzzer_test("boringssl_${fuzzer}_fuzzer") {
sources = [
"src/fuzz/${fuzzer}.cc",
"src/ssl/test/fuzzer.h",
"src/ssl/test/fuzzer_tags.h",
]
additional_configs = [ ":internal_config" ]
deps = [ ":boringssl_fuzzer" ]
seed_corpus = "src/fuzz/${fuzzer}_corpus"
if ("cert" == fuzzer) {
libfuzzer_options = [ "max_len=3072" ]
} else if ("client" == fuzzer) {
libfuzzer_options = [ "max_len=20000" ]
} else if ("pkcs8" == fuzzer) {
libfuzzer_options = [ "max_len=2048" ]
} else if ("privkey" == fuzzer) {
libfuzzer_options = [ "max_len=2048" ]
} else if ("read_pem" == fuzzer) {
libfuzzer_options = [ "max_len=512" ]
} else if ("session" == fuzzer) {
libfuzzer_options = [ "max_len=8192" ]
} else if ("server" == fuzzer) {
libfuzzer_options = [ "max_len=4096" ]
} else if ("spki" == fuzzer) {
libfuzzer_options = [ "max_len=1024" ]
} else if ("ssl_ctx_api" == fuzzer) {
libfuzzer_options = [ "max_len=256" ]
}
}
}
config("fuzzer_no_fuzzer_mode_config") {
visibility = [ ":*" ] # Only targets in this file can depend on this.
defines = [ "BORINGSSL_UNSAFE_DETERMINISTIC_MODE" ]
}
# The same as boringssl, but builds with BORINGSSL_UNSAFE_DETERMINISTIC_MODE.
# TODO(https://crbug.com/boringssl/258): Fold this into the normal target.
component("boringssl_fuzzer_no_fuzzer_mode") {
visibility = [ ":*" ] # Only targets in this file can depend on this.
sources = all_sources
deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ]
# Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM
# config is forwarded to callers. In particular, boringssl_crypto_tests
# requires it.
public_deps = [ ":boringssl_asm" ]
public_configs = [
":external_config",
":fuzzer_no_fuzzer_mode_config",
]
configs += [ ":component_config" ]
configs -= [ "//build/config/compiler:chromium_code" ]
configs += [ "//build/config/compiler:no_chromium_code" ]
if (is_nacl) {
deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
}
}
fuzzer_test("boringssl_client_no_fuzzer_mode_fuzzer") {
sources = [
"src/fuzz/client.cc",
"src/ssl/test/fuzzer.h",
"src/ssl/test/fuzzer_tags.h",
]
additional_configs = [ ":internal_config" ]
deps = [ ":boringssl_fuzzer_no_fuzzer_mode" ]
seed_corpus = "src/fuzz/client_corpus_no_fuzzer_mode"
}
fuzzer_test("boringssl_server_no_fuzzer_mode_fuzzer") {
sources = [
"src/fuzz/server.cc",
"src/ssl/test/fuzzer.h",
"src/ssl/test/fuzzer_tags.h",
]
additional_configs = [ ":internal_config" ]
deps = [ ":boringssl_fuzzer_no_fuzzer_mode" ]
seed_corpus = "src/fuzz/server_corpus_no_fuzzer_mode"
}
}