1# Copyright 2014 The Chromium Authors 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5import("//build/config/android/config.gni") 6import("//build/config/arm.gni") 7import("//build/config/compiler/compiler.gni") 8import("//build/config/sanitizers/sanitizers.gni") 9import("//build_overrides/build.gni") 10import("//testing/libfuzzer/fuzzer_test.gni") 11import("BUILD.generated.gni") 12import("BUILD.generated_tests.gni") 13 14if (enable_rust) { 15 import("//build/rust/cargo_crate.gni") 16 import("//build/rust/rust_bindgen.gni") 17} 18 19# Config for us and everybody else depending on BoringSSL. 20config("external_config") { 21 include_dirs = [ "src/include" ] 22 if (is_component_build) { 23 defines = [ "BORINGSSL_SHARED_LIBRARY" ] 24 } 25} 26 27# The config used by the :boringssl component itself, and the fuzzer copies. 28config("component_config") { 29 visibility = [ ":*" ] # Only targets in this file can depend on this. 30 configs = [ ":internal_config" ] 31 defines = [ "BORINGSSL_IMPLEMENTATION" ] 32} 33 34# This config is used by anything that consumes internal headers. Tests consume 35# this rather than :component_config. 36config("internal_config") { 37 visibility = [ ":*" ] # Only targets in this file can depend on this. 38 defines = [ 39 "BORINGSSL_ALLOW_CXX_RUNTIME", 40 "BORINGSSL_NO_STATIC_INITIALIZER", 41 "OPENSSL_SMALL", 42 ] 43} 44 45config("no_asm_config") { 46 visibility = [ ":*" ] # Only targets in this file can depend on this. 47 defines = [ "OPENSSL_NO_ASM" ] 48} 49 50all_sources = crypto_sources + ssl_sources 51all_headers = crypto_headers + ssl_headers 52 53if (enable_rust_boringssl) { 54 rust_bindgen("raw_bssl_sys_bindings") { 55 header = "src/rust/bssl-sys/wrapper.h" 56 deps = [ ":boringssl" ] 57 bindgen_flags = [ 58 "no-derive-default", 59 "enable-function-attribute-detection", 60 "use-core", 61 "default-macro-constant-type=signed", 62 "rustified-enum=point_conversion_form_t", 63 "allowlist-file=.*[[:punct:]]include[[:punct:]]openssl[[:punct:]].*\\.h", 64 "allowlist-file=.*[[:punct:]]rust_wrapper\\.h", 65 ] 66 visibility = [ ":*" ] # private, should only be exposed through bssl_crypto 67 } 68 69 # Low level, bindgen generates system bindings to boringssl 70 cargo_crate("bssl_sys") { 71 crate_type = "rlib" 72 crate_root = "src/rust/bssl-sys/src/lib.rs" 73 sources = [ "src/rust/bssl-sys/src/lib.rs" ] 74 edition = "2021" 75 deps = [ 76 ":boringssl", 77 ":raw_bssl_sys_bindings", 78 ] 79 visibility = [ ":*" ] # private, should only be exposed through bssl_crypto 80 81 _bindgen_output = get_target_outputs(":raw_bssl_sys_bindings") 82 rustenv = [ "BINDGEN_RS_FILE=" + rebase_path(_bindgen_output[0]) ] 83 } 84 85 # Rust bindings to boringssl 86 cargo_crate("bssl_crypto") { 87 crate_type = "rlib" 88 crate_root = "src/rust/bssl-crypto/src/lib.rs" 89 sources = [ "src/rust/bssl-crypto/src/lib.rs" ] 90 edition = "2021" 91 deps = [ ":bssl_sys" ] 92 } 93} 94 95# Windows' assembly is built with NASM. The other platforms use the platform 96# assembler. Exclude Windows ARM64 because NASM targets x86 and x64 only. 97if (is_win && !is_msan && current_cpu != "arm64") { 98 import("//third_party/nasm/nasm_assemble.gni") 99 nasm_assemble("boringssl_asm") { 100 if (current_cpu == "x64") { 101 sources = crypto_sources_win_x86_64 102 } else if (current_cpu == "x86") { 103 sources = crypto_sources_win_x86 104 } 105 } 106} else { 107 # This has no sources on some platforms so must be a source_set. 108 source_set("boringssl_asm") { 109 visibility = [ ":*" ] # Only targets in this file can depend on this. 110 111 sources = [] 112 asmflags = [] 113 include_dirs = [ "src/include" ] 114 115 if (is_msan) { 116 public_configs = [ ":no_asm_config" ] 117 } else if (current_cpu == "x64") { 118 if (is_apple) { 119 sources += crypto_sources_apple_x86_64 120 } else if (is_linux || is_chromeos || is_android) { 121 sources += crypto_sources_linux_x86_64 122 } else { 123 public_configs = [ ":no_asm_config" ] 124 } 125 } else if (current_cpu == "x86") { 126 if (is_apple) { 127 sources += crypto_sources_apple_x86 128 } else if (is_linux || is_chromeos || is_android) { 129 sources += crypto_sources_linux_x86 130 } else { 131 public_configs = [ ":no_asm_config" ] 132 } 133 } else if (current_cpu == "arm") { 134 if (is_linux || is_chromeos || is_android) { 135 sources += crypto_sources_linux_arm 136 } else if (is_apple) { 137 sources += crypto_sources_apple_arm 138 } else { 139 public_configs = [ ":no_asm_config" ] 140 } 141 } else if (current_cpu == "arm64") { 142 if (is_linux || is_chromeos || is_android) { 143 sources += crypto_sources_linux_aarch64 144 } else if (is_apple) { 145 sources += crypto_sources_apple_aarch64 146 } else if (is_win) { 147 sources += crypto_sources_win_aarch64 148 } else { 149 public_configs = [ ":no_asm_config" ] 150 } 151 } else { 152 public_configs = [ ":no_asm_config" ] 153 } 154 } 155} 156 157component("boringssl") { 158 sources = all_sources 159 public = all_headers 160 friend = [ ":*" ] 161 deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ] 162 163 # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM 164 # config is forwarded to callers. In particular, boringssl_crypto_tests 165 # requires it. 166 public_deps = [ ":boringssl_asm" ] 167 168 public_configs = [ ":external_config" ] 169 configs += [ ":component_config" ] 170 171 configs -= [ "//build/config/compiler:chromium_code" ] 172 configs += [ "//build/config/compiler:no_chromium_code" ] 173 174 if (is_nacl) { 175 deps += [ "//native_client_sdk/src/libraries/nacl_io" ] 176 } 177 178 if (!is_debug && !optimize_for_size) { 179 configs -= [ "//build/config/compiler:default_optimization" ] 180 configs += [ "//build/config/compiler:optimize_max" ] 181 } 182 183 if (is_linux && is_component_build) { 184 version_script = "boringssl.map" 185 inputs = [ version_script ] 186 ldflags = [ "-Wl,--version-script=" + 187 rebase_path(version_script, root_build_dir) ] 188 } 189} 190 191if (build_with_chromium) { 192 # These targets are named "_tests" rather than "_test" to avoid colliding with 193 # a historical "boringssl_ssl_test" target. This works around a bug with the 194 # iOS build rules. 195 196 bundle_data("boringssl_crypto_tests_bundle_data") { 197 sources = crypto_test_data 198 testonly = true 199 outputs = [ "{{bundle_resources_dir}}/" + 200 "{{source_root_relative_dir}}/{{source_file_part}}" ] 201 } 202 203 test("boringssl_crypto_tests") { 204 sources = crypto_test_sources + test_support_sources 205 data = crypto_test_data 206 deps = [ 207 ":boringssl", 208 ":boringssl_crypto_tests_bundle_data", 209 "//testing/gtest", 210 ] 211 212 configs -= [ "//build/config/compiler:chromium_code" ] 213 configs += [ 214 ":internal_config", 215 "//build/config/compiler:no_chromium_code", 216 ] 217 218 # Chromium infrastructure does not support GTest, only the //base wrapper. 219 sources -= [ "src/crypto/test/gtest_main.cc" ] 220 sources += [ 221 "gtest_main_chromium.cc", 222 "test_data_chromium.cc", 223 ] 224 deps += [ "//base/test:test_support" ] 225 226 if (is_fuchsia) { 227 additional_manifest_fragments = 228 [ "//build/config/fuchsia/test/network.shard.test-cml" ] 229 } 230 } 231 232 test("boringssl_ssl_tests") { 233 sources = ssl_test_sources + test_support_sources 234 deps = [ 235 ":boringssl", 236 "//testing/gtest", 237 ] 238 239 configs -= [ "//build/config/compiler:chromium_code" ] 240 configs += [ 241 ":internal_config", 242 "//build/config/compiler:no_chromium_code", 243 ] 244 245 # Chromium infrastructure does not support GTest, only the //base wrapper. 246 sources -= [ "src/crypto/test/gtest_main.cc" ] 247 sources += [ "gtest_main_chromium.cc" ] 248 deps += [ "//base/test:test_support" ] 249 } 250 251 config("fuzzer_config") { 252 visibility = [ ":*" ] # Only targets in this file can depend on this. 253 defines = [ 254 "BORINGSSL_UNSAFE_FUZZER_MODE", 255 "BORINGSSL_UNSAFE_DETERMINISTIC_MODE", 256 ] 257 } 258 259 # The same as boringssl, but builds with BORINGSSL_UNSAFE_FUZZER_MODE. 260 # TODO(https://crbug.com/boringssl/258): Fold this into the normal target. 261 component("boringssl_fuzzer") { 262 visibility = [ ":*" ] # Only targets in this file can depend on this. 263 264 sources = all_sources 265 deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ] 266 267 # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM 268 # config is forwarded to callers. In particular, boringssl_crypto_tests 269 # requires it. 270 public_deps = [ ":boringssl_asm" ] 271 272 public_configs = [ 273 ":external_config", 274 ":fuzzer_config", 275 ] 276 configs += [ ":component_config" ] 277 278 configs -= [ "//build/config/compiler:chromium_code" ] 279 configs += [ "//build/config/compiler:no_chromium_code" ] 280 281 if (is_nacl) { 282 deps += [ "//native_client_sdk/src/libraries/nacl_io" ] 283 } 284 } 285 286 foreach(fuzzer, fuzzers) { 287 fuzzer_test("boringssl_${fuzzer}_fuzzer") { 288 sources = [ 289 "src/fuzz/${fuzzer}.cc", 290 "src/ssl/test/fuzzer.h", 291 "src/ssl/test/fuzzer_tags.h", 292 ] 293 additional_configs = [ ":internal_config" ] 294 deps = [ ":boringssl_fuzzer" ] 295 seed_corpus = "src/fuzz/${fuzzer}_corpus" 296 297 if ("cert" == fuzzer) { 298 libfuzzer_options = [ "max_len=3072" ] 299 } else if ("client" == fuzzer) { 300 libfuzzer_options = [ "max_len=20000" ] 301 } else if ("pkcs8" == fuzzer) { 302 libfuzzer_options = [ "max_len=2048" ] 303 } else if ("privkey" == fuzzer) { 304 libfuzzer_options = [ "max_len=2048" ] 305 } else if ("read_pem" == fuzzer) { 306 libfuzzer_options = [ "max_len=512" ] 307 } else if ("session" == fuzzer) { 308 libfuzzer_options = [ "max_len=8192" ] 309 } else if ("server" == fuzzer) { 310 libfuzzer_options = [ "max_len=4096" ] 311 } else if ("spki" == fuzzer) { 312 libfuzzer_options = [ "max_len=1024" ] 313 } else if ("ssl_ctx_api" == fuzzer) { 314 libfuzzer_options = [ "max_len=256" ] 315 } 316 } 317 } 318 319 config("fuzzer_no_fuzzer_mode_config") { 320 visibility = [ ":*" ] # Only targets in this file can depend on this. 321 defines = [ "BORINGSSL_UNSAFE_DETERMINISTIC_MODE" ] 322 } 323 324 # The same as boringssl, but builds with BORINGSSL_UNSAFE_DETERMINISTIC_MODE. 325 # TODO(https://crbug.com/boringssl/258): Fold this into the normal target. 326 component("boringssl_fuzzer_no_fuzzer_mode") { 327 visibility = [ ":*" ] # Only targets in this file can depend on this. 328 329 sources = all_sources 330 deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ] 331 332 # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM 333 # config is forwarded to callers. In particular, boringssl_crypto_tests 334 # requires it. 335 public_deps = [ ":boringssl_asm" ] 336 337 public_configs = [ 338 ":external_config", 339 ":fuzzer_no_fuzzer_mode_config", 340 ] 341 configs += [ ":component_config" ] 342 343 configs -= [ "//build/config/compiler:chromium_code" ] 344 configs += [ "//build/config/compiler:no_chromium_code" ] 345 346 if (is_nacl) { 347 deps += [ "//native_client_sdk/src/libraries/nacl_io" ] 348 } 349 } 350 351 fuzzer_test("boringssl_client_no_fuzzer_mode_fuzzer") { 352 sources = [ 353 "src/fuzz/client.cc", 354 "src/ssl/test/fuzzer.h", 355 "src/ssl/test/fuzzer_tags.h", 356 ] 357 additional_configs = [ ":internal_config" ] 358 deps = [ ":boringssl_fuzzer_no_fuzzer_mode" ] 359 seed_corpus = "src/fuzz/client_corpus_no_fuzzer_mode" 360 } 361 362 fuzzer_test("boringssl_server_no_fuzzer_mode_fuzzer") { 363 sources = [ 364 "src/fuzz/server.cc", 365 "src/ssl/test/fuzzer.h", 366 "src/ssl/test/fuzzer_tags.h", 367 ] 368 additional_configs = [ ":internal_config" ] 369 deps = [ ":boringssl_fuzzer_no_fuzzer_mode" ] 370 seed_corpus = "src/fuzz/server_corpus_no_fuzzer_mode" 371 } 372} 373