blob: c0c0f6d32d3d6146d54428b0e9a50f9f40a02c09 [file] [log] [blame]
# Copyright 2017 The Fuchsia Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import("//build/fuzzing/fuzzer.gni")
import("//build/test.gni")
import("BUILD.generated.gni")
import("BUILD.generated_tests.gni")
if (is_fuchsia) {
import("//build/components.gni")
}
################################################################################
# Public targets
group("boringssl") {
public_deps = [
":crypto",
":ssl",
]
}
group("boringssl-shared") {
public_deps = [
":crypto-shared",
":ssl-shared",
]
}
group("boringssl-static") {
public_deps = [
":crypto-static",
":ssl-static",
]
}
if (current_cpu == "arm64" && (is_fuchsia || is_linux)) {
crypto_sources += crypto_sources_linux_aarch64
} else if (current_cpu == "x64" && (is_fuchsia || is_linux)) {
crypto_sources += crypto_sources_linux_x86_64
} else if (current_cpu == "x64" && is_mac) {
crypto_sources += crypto_sources_apple_x86_64
} else if (!is_kernel) {
assert(false, "unsupported OS or CPU: $current_os/$current_cpu")
}
# TODO(46139): remove this added source.
crypto_sources += [ "src/decrepit/xts/xts.c" ]
################
# libcrypto.so #
################
if (is_kernel) {
lib_types = []
lib_names = []
} else {
lib_types = [
"static",
"shared",
]
lib_names = [
"crypto",
"ssl",
]
}
foreach(lib_type, lib_types) {
target("${lib_type}_library", "crypto-${lib_type}") {
if (default_library_type == "${lib_type}_library") {
output_name = "crypto"
}
sources = crypto_sources
public = crypto_headers
public_configs = [ ":boringssl_config" ]
configs += [ ":internal_config" ]
if (is_fuchsia) {
# TODO(46910): UBSan has found an instance of undefined behavior in this target.
# Disable UBSan for this target temporarily until it is migrated into CI/CQ.
configs += [ "//build/config:temporarily_disable_ubsan_do_not_use" ]
# TODO(60545): profile instrumentation significantly affects performance.
configs += [ "//build/config:no_profile" ]
# boringssl should always be optimized for speed because otherwise performance is significantly
# worse, impacting pave and boot times on debug builds (fxb/55456)
configs -= [ "//build/config:default_optimize" ]
configs += [ "//build/config:optimize_speed" ]
# sysrand() uses Zircon system call.
deps = [ "//src/zircon/lib/zircon" ]
}
}
target("${lib_type}_library", "ssl-${lib_type}") {
if (default_library_type == "${lib_type}_library") {
output_name = "ssl"
}
sources = ssl_sources
public = ssl_headers
public_configs = [ ":boringssl_config" ]
configs += [ ":internal_config" ]
deps = [ ":crypto-${lib_type}" ]
if (is_fuchsia) {
# boringssl should always be optimized for speed because otherwise performance is significantly
# worse, impacting pave and boot times on debug builds (fxb/55456)
configs -= [ "//build/config:default_optimize" ]
configs += [ "//build/config:optimize_speed" ]
}
}
}
foreach(lib_name, lib_names) {
group("$lib_name") {
if (default_library_type == "shared_library") {
public_deps = [ ":${lib_name}-shared" ]
} else if (default_library_type == "static_library") {
public_deps = [ ":${lib_name}-static" ]
} else {
assert(false, "unsupported default_library_type: $default_library_type")
}
}
}
if (!is_kernel) {
source_set("crypto_unsafe") {
testonly = true
visibility = [ ":*" ]
sources = crypto_sources
public = crypto_headers
configs += [ ":fuzz_config" ]
if (is_fuchsia) {
# TODO(46910): UBSan has found an instance of undefined behavior in this target.
# Disable UBSan for this target temporarily until it is migrated into CI/CQ.
configs += [ "//build/config:temporarily_disable_ubsan_do_not_use" ]
# sysrand() uses Zircon system call.
deps = [ "//src/zircon/lib/zircon" ]
}
}
source_set("ssl_unsafe") {
testonly = true
visibility = [ ":*" ]
sources = ssl_sources
public = ssl_headers
configs += [ ":fuzz_config" ]
deps = [ ":crypto_unsafe" ]
}
##########################
# bssl command line tool #
##########################
if (is_fuchsia) {
fuchsia_shell_package("boringssl_tool") {
deps = [ ":bssl" ]
}
} else {
group("boringssl_tool") {
deps = [ ":bssl" ]
}
}
# See //third_party/boringssl/tool/CMakeLists.txt
executable("bssl") {
visibility = [ ":*" ]
sources = tool_sources
configs += [ "//third_party/boringssl:internal_config" ]
deps = [
":crypto",
":ssl",
]
}
##############
# Unit tests #
##############
crypto_tests = []
common_crypto_test_sources = [
"crypto_test_data.cc",
# This test does nothing when BORINGSSL_SHARED_LIBRARY is defined and is
# needed to resolve missing symbols. /shrug
"src/crypto/test/abi_test.cc",
"src/crypto/test/file_test_gtest.cc",
"src/crypto/test/gtest_main.cc",
]
_crypto_test_sources = crypto_test_sources - common_crypto_test_sources
foreach(crypto_test_source, _crypto_test_sources) {
name = get_path_info(crypto_test_source, "name")
target_name = "${name}_crypto_test"
crypto_tests += [ target_name ]
test(target_name) {
visibility = [ ":*" ]
sources = [ crypto_test_source ] + common_crypto_test_sources +
test_support_sources
configs += [ ":test_config" ]
deps = [
":crypto",
"//third_party/googletest:gtest",
]
}
}
test("ssl_test") {
visibility = [ ":*" ]
sources = ssl_test_sources + test_support_sources
configs += [ ":test_config" ]
deps = [
":crypto",
":ssl",
"//third_party/googletest:gtest",
]
}
if (is_fuchsia) {
crypto_test_components = []
needs_custom_component_manifest = [ "bio_test_crypto_test" ]
foreach(crypto_test, crypto_tests) {
_component_name = "${crypto_test}_component"
crypto_test_components += [ ":${_component_name}" ]
fuchsia_unittest_component(_component_name) {
if (needs_custom_component_manifest + [ crypto_test ] -
[ crypto_test ] != needs_custom_component_manifest) {
manifest = "meta/${crypto_test}.cml"
}
deps = [ ":${crypto_test}" ]
}
}
fuchsia_unittest_component("ssl_test_component") {
deps = [ ":ssl_test" ]
}
fuchsia_test_package("boringssl_tests") {
test_components = crypto_test_components + [ ":ssl_test_component" ]
deps = [
"//src/connectivity/network/netstack:component",
"//src/sys/stash:stash_secure_v2",
]
}
}
group("tests") {
testonly = true
if (is_fuchsia) {
deps = [ ":boringssl_tests" ]
} else {
deps = [ ":ssl_test" ]
foreach(crypto_test, crypto_tests) {
deps += [ ":${crypto_test}" ]
}
}
}
################################################################################
# Fuzzers
# Upstream BoringSSL defines a `fuzzers` global variable in the generated
# GNI files; we rename it to avoid colliding with the similarly-named parameter
# on the fuzzers_package.
fuzzer_names = fuzzers
# Explicitly remove the arm_cpuinfo fuzzer, which tests Linux-specific routines
if (is_fuchsia) {
fuzzer_names -= [ "arm_cpuinfo" ]
}
foreach(name, fuzzer_names) {
fuzzer("${name}_fuzzer") {
visibility = [ ":*" ]
sources = [ "src/fuzz/${name}.cc" ]
configs += [ ":fuzz_config" ]
deps = [
":crypto_unsafe",
":ssl_unsafe",
]
}
}
fuzzers_package("boringssl_fuzzers") {
fuzzers = []
foreach(name, fuzzer_names) {
fuzzers += [ ":${name}_fuzzer" ]
}
}
}
################################################################################
# Configs
# Note that //zircon/kernel/lib/crypto/boringssl/BUILD.gn uses this config but
# it doesn't use the rest of this file's targets or configs for kernel cases.
config("boringssl_config") {
include_dirs = [ "src/include" ]
cflags = [
"-Wno-conversion",
"-Wno-unused-but-set-variable",
"-Wno-unused-function",
]
cflags_cc = [ "-Wno-deprecated-copy" ]
if (is_gcc) {
cflags_cc += [ "-Wno-extra-semi" ]
} else {
cflags += [ "-Wno-extra-semi" ]
}
}
config("internal_config") {
visibility = [ ":*" ]
defines = [
"BORINGSSL_ALLOW_CXX_RUNTIME",
"BORINGSSL_IMPLEMENTATION",
"BORINGSSL_NO_STATIC_INITIALIZER",
"BORINGSSL_SHARED_LIBRARY",
"OPENSSL_SMALL",
]
if (is_linux) {
# pthread_rwlock_t on Linux requires a feature flag.
defines += [ "_XOPEN_SOURCE=700" ]
}
configs = [
":boringssl_config",
"//build/config:shared_library_config",
]
if (is_fuchsia) {
configs += [ "//build/config/fuchsia:static_cpp_standard_library" ]
}
}
config("test_config") {
visibility = [ ":*" ]
include_dirs = [
"src/crypto/test",
"src/ssl/test",
]
configs = [ ":internal_config" ]
# TODO(fxbug.dev/11049): Newer googletest's are spamming about an API rename, but
# BoringSSL hasn't updated yet.
cflags = [ "-Wno-deprecated-declarations" ]
}
config("fuzz_config") {
visibility = [ ":*" ]
# BoringSSL explicitly decided against using the common LLVM fuzzing macro:
# https://boringssl-review.googlesource.com/c/boringssl/+/31244
defines = [ "BORINGSSL_UNSAFE_DETERMINISTIC_MODE" ]
configs = [ ":internal_config" ]
}