• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2014 The Chromium Authors
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import("//build/config/android/config.gni")
6import("//build/config/arm.gni")
7import("//build/config/compiler/compiler.gni")
8import("//build/config/sanitizers/sanitizers.gni")
9import("//build_overrides/build.gni")
10import("//testing/libfuzzer/fuzzer_test.gni")
11import("BUILD.generated.gni")
12import("BUILD.generated_tests.gni")
13
14if (enable_rust) {
15  import("//build/rust/cargo_crate.gni")
16  import("//build/rust/rust_bindgen.gni")
17}
18
19# Config for us and everybody else depending on BoringSSL.
20config("external_config") {
21  include_dirs = [ "src/include" ]
22  if (is_component_build) {
23    defines = [ "BORINGSSL_SHARED_LIBRARY" ]
24  }
25}
26
27# The config used by the :boringssl component itself, and the fuzzer copies.
28config("component_config") {
29  visibility = [ ":*" ]  # Only targets in this file can depend on this.
30  configs = [ ":internal_config" ]
31  defines = [
32    "BORINGSSL_IMPLEMENTATION",
33    "_BORINGSSL_LIBPKI_",
34  ]
35}
36
37# This config is used by anything that consumes internal headers. Tests consume
38# this rather than :component_config.
39config("internal_config") {
40  visibility = [ ":*" ]  # Only targets in this file can depend on this.
41  defines = [
42    "BORINGSSL_ALLOW_CXX_RUNTIME",
43    "BORINGSSL_NO_STATIC_INITIALIZER",
44    "_BORINGSSL_LIBPKI_",
45    "OPENSSL_SMALL",
46  ]
47}
48
49config("no_asm_config") {
50  visibility = [ ":*" ]  # Only targets in this file can depend on this.
51  defines = [ "OPENSSL_NO_ASM" ]
52}
53
54# TODO(crbug.com/1496373): having the headers in all_sources is hacky and should
55# be fixed. It is caused by issues with the fuzzer target.
56all_sources = crypto_sources + ssl_sources + pki_sources + pki_internal_headers
57all_headers = crypto_headers + ssl_headers + pki_internal_headers
58
59if (enable_rust_boringssl) {
60  rust_bindgen("raw_bssl_sys_bindings") {
61    header = "src/rust/bssl-sys/wrapper.h"
62    deps = [ ":boringssl" ]
63    bindgen_flags = [
64      "no-derive-default",
65      "enable-function-attribute-detection",
66      "use-core",
67      "default-macro-constant-type=signed",
68      "rustified-enum=point_conversion_form_t",
69      "allowlist-file=.*[[:punct:]]include[[:punct:]]openssl[[:punct:]].*\\.h",
70      "allowlist-file=.*[[:punct:]]rust_wrapper\\.h",
71    ]
72    visibility = [ ":*" ]  # private, should only be exposed through bssl_crypto
73  }
74
75  # Low level, bindgen generates system bindings to boringssl
76  cargo_crate("bssl_sys") {
77    crate_type = "rlib"
78    crate_root = "src/rust/bssl-sys/src/lib.rs"
79    sources = [ "src/rust/bssl-sys/src/lib.rs" ]
80    edition = "2021"
81    deps = [
82      ":boringssl",
83      ":raw_bssl_sys_bindings",
84    ]
85    visibility = [ ":*" ]  # private, should only be exposed through bssl_crypto
86
87    bindgen_output = get_target_outputs(":raw_bssl_sys_bindings")
88    inputs = bindgen_output
89    rustenv =
90        [ "BINDGEN_RS_FILE=" +
91          rebase_path(bindgen_output[0], get_path_info(crate_root, "dir")) ]
92  }
93
94  # Rust bindings to boringssl
95  cargo_crate("bssl_crypto") {
96    crate_type = "rlib"
97    crate_root = "src/rust/bssl-crypto/src/lib.rs"
98    sources = [
99      "src/rust/bssl-crypto/src/aead.rs",
100      "src/rust/bssl-crypto/src/aes.rs",
101      "src/rust/bssl-crypto/src/bn.rs",
102      "src/rust/bssl-crypto/src/cipher/aes_cbc.rs",
103      "src/rust/bssl-crypto/src/cipher/aes_ctr.rs",
104      "src/rust/bssl-crypto/src/cipher/mod.rs",
105      "src/rust/bssl-crypto/src/digest.rs",
106      "src/rust/bssl-crypto/src/ec.rs",
107      "src/rust/bssl-crypto/src/ecdh.rs",
108      "src/rust/bssl-crypto/src/ed25519.rs",
109      "src/rust/bssl-crypto/src/hkdf.rs",
110      "src/rust/bssl-crypto/src/hmac.rs",
111      "src/rust/bssl-crypto/src/lib.rs",
112      "src/rust/bssl-crypto/src/mem.rs",
113      "src/rust/bssl-crypto/src/pkey.rs",
114      "src/rust/bssl-crypto/src/rand.rs",
115      "src/rust/bssl-crypto/src/test_helpers.rs",
116      "src/rust/bssl-crypto/src/x25519.rs",
117    ]
118    edition = "2021"
119    deps = [ ":bssl_sys" ]
120  }
121}
122
123if (is_msan) {
124  # MSan instrumentation is incompatible with assembly optimizations.
125  # BoringSSL's GAS-compatible assembly knows how to detect MSan, but the NASM
126  # assembly does not, so we check for MSan explicitly.
127  source_set("boringssl_asm") {
128    visibility = [ ":*" ]  # Only targets in this file can depend on this.
129
130    public_configs = [ ":no_asm_config" ]
131  }
132} else if (is_win && (current_cpu == "x86" || current_cpu == "x64")) {
133  # Windows' x86 and x86_64 assembly is built with NASM.
134  import("//third_party/nasm/nasm_assemble.gni")
135  nasm_assemble("boringssl_asm") {
136    sources = crypto_sources_nasm
137    visibility = [ ":*" ]  # Only targets in this file can depend on this.
138  }
139} else {
140  # All other targets use GAS-compatible assembler. BoringSSL's assembly files
141  # are all wrapped in processor checks for the corresponding target, so there
142  # is no need to add target conditions in the build.
143  source_set("boringssl_asm") {
144    visibility = [ ":*" ]  # Only targets in this file can depend on this.
145
146    sources = crypto_sources_asm
147    include_dirs = [ "src/include" ]
148  }
149}
150
151component("boringssl") {
152  sources = all_sources
153  public = all_headers
154  friend = [ ":*" ]
155  deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ]
156
157  # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM
158  # config is forwarded to callers. In particular, boringssl_crypto_tests
159  # requires it.
160  public_deps = [ ":boringssl_asm" ]
161
162  public_configs = [ ":external_config" ]
163  configs += [ ":component_config" ]
164
165  configs -= [ "//build/config/compiler:chromium_code" ]
166  configs += [ "//build/config/compiler:no_chromium_code" ]
167
168  if (is_nacl) {
169    deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
170  }
171
172  if (!is_debug && !(is_fuchsia && optimize_for_size)) {
173    configs -= [ "//build/config/compiler:default_optimization" ]
174    configs += [ "//build/config/compiler:optimize_max" ]
175  }
176
177  if (is_linux && is_component_build) {
178    version_script = "boringssl.map"
179    inputs = [ version_script ]
180    ldflags = [ "-Wl,--version-script=" +
181                rebase_path(version_script, root_build_dir) ]
182  }
183}
184
185if (build_with_chromium) {
186  # These targets are named "_tests" rather than "_test" to avoid colliding with
187  # a historical "boringssl_ssl_test" target. This works around a bug with the
188  # iOS build rules.
189
190  bundle_data("boringssl_crypto_tests_bundle_data") {
191    sources = crypto_test_data
192    testonly = true
193    outputs = [ "{{bundle_resources_dir}}/" +
194                "{{source_root_relative_dir}}/{{source_file_part}}" ]
195  }
196
197  test("boringssl_crypto_tests") {
198    sources = crypto_test_sources + test_support_sources
199    data = crypto_test_data
200    deps = [
201      ":boringssl",
202      ":boringssl_crypto_tests_bundle_data",
203      "//testing/gtest",
204    ]
205
206    configs -= [ "//build/config/compiler:chromium_code" ]
207    configs += [
208      ":internal_config",
209      "//build/config/compiler:no_chromium_code",
210    ]
211
212    # Chromium infrastructure does not support GTest, only the //base wrapper.
213    sources -= [ "src/crypto/test/gtest_main.cc" ]
214    sources += [
215      "gtest_main_chromium.cc",
216      "test_data_chromium.cc",
217    ]
218    deps += [ "//base/test:test_support" ]
219
220    if (is_fuchsia) {
221      additional_manifest_fragments =
222          [ "//build/config/fuchsia/test/network.shard.test-cml" ]
223    }
224  }
225
226  test("boringssl_ssl_tests") {
227    sources = ssl_test_sources + test_support_sources
228    deps = [
229      ":boringssl",
230      "//testing/gtest",
231    ]
232
233    configs -= [ "//build/config/compiler:chromium_code" ]
234    configs += [
235      ":internal_config",
236      "//build/config/compiler:no_chromium_code",
237    ]
238
239    # Chromium infrastructure does not support GTest, only the //base wrapper.
240    sources -= [ "src/crypto/test/gtest_main.cc" ]
241    sources += [ "gtest_main_chromium.cc" ]
242    deps += [ "//base/test:test_support" ]
243  }
244
245  test("boringssl_pki_tests") {
246    sources = pki_test_sources + test_support_sources
247    data = pki_test_data
248    deps = [
249      ":boringssl",
250      "//testing/gtest",
251    ]
252
253    configs -= [ "//build/config/compiler:chromium_code" ]
254    configs += [
255      ":internal_config",
256      "//build/config/compiler:no_chromium_code",
257    ]
258
259    # Chromium infrastructure does not support GTest, only the //base wrapper.
260    sources -= [ "src/crypto/test/gtest_main.cc" ]
261    sources += [ "gtest_main_chromium.cc" ]
262    deps += [ "//base/test:test_support" ]
263  }
264
265  config("fuzzer_config") {
266    visibility = [ ":*" ]  # Only targets in this file can depend on this.
267    defines = [
268      "BORINGSSL_UNSAFE_FUZZER_MODE",
269      "BORINGSSL_UNSAFE_DETERMINISTIC_MODE",
270    ]
271  }
272
273  # The same as boringssl, but builds with BORINGSSL_UNSAFE_FUZZER_MODE.
274  # TODO(https://crbug.com/boringssl/258): Fold this into the normal target.
275  component("boringssl_fuzzer") {
276    visibility = [ ":*" ]  # Only targets in this file can depend on this.
277
278    sources = all_sources
279    deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ]
280
281    # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM
282    # config is forwarded to callers. In particular, boringssl_crypto_tests
283    # requires it.
284    public_deps = [ ":boringssl_asm" ]
285
286    public_configs = [
287      ":external_config",
288      ":fuzzer_config",
289    ]
290    configs += [ ":component_config" ]
291
292    configs -= [ "//build/config/compiler:chromium_code" ]
293    configs += [ "//build/config/compiler:no_chromium_code" ]
294
295    if (is_nacl) {
296      deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
297    }
298  }
299
300  # Do not run the fuzzers on windows until 1477042 is fixed, they
301  # make the fuzzer infrastructure exceed the windows command line
302  # length.
303  foreach(fuzzer, fuzzers) {
304    fuzzer_test("boringssl_${fuzzer}_fuzzer") {
305      sources = [
306        "src/fuzz/${fuzzer}.cc",
307        "src/ssl/test/fuzzer.h",
308        "src/ssl/test/fuzzer_tags.h",
309      ]
310      additional_configs = [ ":internal_config" ]
311      deps = [ ":boringssl_fuzzer" ]
312      seed_corpus = "src/fuzz/${fuzzer}_corpus"
313
314      if ("cert" == fuzzer) {
315        libfuzzer_options = [ "max_len=3072" ]
316      } else if ("client" == fuzzer) {
317        libfuzzer_options = [ "max_len=20000" ]
318      } else if ("pkcs8" == fuzzer) {
319        libfuzzer_options = [ "max_len=2048" ]
320      } else if ("privkey" == fuzzer) {
321        libfuzzer_options = [ "max_len=2048" ]
322      } else if ("read_pem" == fuzzer) {
323        libfuzzer_options = [ "max_len=512" ]
324      } else if ("session" == fuzzer) {
325        libfuzzer_options = [ "max_len=8192" ]
326      } else if ("server" == fuzzer) {
327        libfuzzer_options = [ "max_len=4096" ]
328      } else if ("spki" == fuzzer) {
329        libfuzzer_options = [ "max_len=1024" ]
330      } else if ("ssl_ctx_api" == fuzzer) {
331        libfuzzer_options = [ "max_len=256" ]
332      }
333    }
334  }
335
336  config("fuzzer_no_fuzzer_mode_config") {
337    visibility = [ ":*" ]  # Only targets in this file can depend on this.
338    defines = [ "BORINGSSL_UNSAFE_DETERMINISTIC_MODE" ]
339  }
340
341  # The same as boringssl, but builds with BORINGSSL_UNSAFE_DETERMINISTIC_MODE.
342  # TODO(https://crbug.com/boringssl/258): Fold this into the normal target.
343  component("boringssl_fuzzer_no_fuzzer_mode") {
344    visibility = [ ":*" ]  # Only targets in this file can depend on this.
345
346    sources = all_sources
347    deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ]
348
349    # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM
350    # config is forwarded to callers. In particular, boringssl_crypto_tests
351    # requires it.
352    public_deps = [ ":boringssl_asm" ]
353
354    public_configs = [
355      ":external_config",
356      ":fuzzer_no_fuzzer_mode_config",
357    ]
358    configs += [ ":component_config" ]
359
360    configs -= [ "//build/config/compiler:chromium_code" ]
361    configs += [ "//build/config/compiler:no_chromium_code" ]
362
363    if (is_nacl) {
364      deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
365    }
366  }
367
368  fuzzer_test("boringssl_client_no_fuzzer_mode_fuzzer") {
369    sources = [
370      "src/fuzz/client.cc",
371      "src/ssl/test/fuzzer.h",
372      "src/ssl/test/fuzzer_tags.h",
373    ]
374    additional_configs = [ ":internal_config" ]
375    deps = [ ":boringssl_fuzzer_no_fuzzer_mode" ]
376    seed_corpus = "src/fuzz/client_corpus_no_fuzzer_mode"
377  }
378
379  fuzzer_test("boringssl_server_no_fuzzer_mode_fuzzer") {
380    sources = [
381      "src/fuzz/server.cc",
382      "src/ssl/test/fuzzer.h",
383      "src/ssl/test/fuzzer_tags.h",
384    ]
385    additional_configs = [ ":internal_config" ]
386    deps = [ ":boringssl_fuzzer_no_fuzzer_mode" ]
387    seed_corpus = "src/fuzz/server_corpus_no_fuzzer_mode"
388  }
389}
390