| # Copyright 2017 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import("BUILD.generated.gni") |
| import("BUILD.generated_tests.gni") |
| |
| ################################################################################ |
| # Public targets |
| |
| group("boringssl") { |
| public_deps = [ |
| ":crypto", |
| ":ssl", |
| ] |
| } |
| |
| group("boringssl-shared") { |
| public_deps = [ |
| ":crypto-shared", |
| ":ssl-shared", |
| ] |
| } |
| |
| group("boringssl-static") { |
| public_deps = [ |
| ":crypto-static", |
| ":ssl-static", |
| ] |
| } |
| |
| crypto_sources += crypto_sources_asm |
| |
| # TODO(https://fxbug.dev/42122741): remove this added source. |
| crypto_sources += [ "src/decrepit/xts/xts.c" ] |
| |
| # TODO(https://fxbug.dev/42122741): Required for TPM2.0 TSS Library //third_party/tpm2-tss. |
| crypto_sources += [ "src/decrepit/cfb/cfb.c" ] |
| |
| ################ |
| # libcrypto.so # |
| ################ |
| |
| if (is_kernel) { |
| lib_types = [] |
| lib_names = [] |
| } else { |
| lib_types = [ |
| "static", |
| "shared", |
| ] |
| lib_names = [ |
| "crypto", |
| "ssl", |
| ] |
| } |
| |
| foreach(lib_type, lib_types) { |
| target("${lib_type}_library", "crypto-${lib_type}") { |
| if (default_library_type == "${lib_type}_library") { |
| output_name = "crypto" |
| } |
| sources = crypto_sources |
| public = crypto_headers |
| public_configs = [ ":boringssl_config" ] |
| configs += [ |
| ":internal_config", |
| ":export_symbols", |
| ] |
| if (is_host && lib_type == "static") { |
| configs -= [ ":export_symbols" ] |
| } |
| if (is_fuchsia) { |
| # TODO(https://fxbug.dev/42138737): profile instrumentation significantly affects performance. |
| configs += [ "//build/config:no_profile" ] |
| |
| # boringssl should always be optimized for speed because otherwise performance is |
| # significantly worse, impacting pave and boot times on debug builds. See |
| # https://fxbug.dev/42133086. |
| configs -= [ "//build/config:default_optimize" ] |
| configs += [ "//build/config:optimize_speed" ] |
| |
| # sysrand() uses Zircon system call. |
| deps = [ "//src/zircon/lib/zircon" ] |
| } |
| } |
| |
| target("${lib_type}_library", "ssl-${lib_type}") { |
| if (default_library_type == "${lib_type}_library") { |
| output_name = "ssl" |
| } |
| sources = ssl_sources |
| public = ssl_headers |
| public_configs = [ ":boringssl_config" ] |
| configs += [ |
| ":internal_config", |
| ":export_symbols", |
| ] |
| |
| # For this and the crypto lib, do not export symbols if building a binary for the host if |
| # building a static library. This prevents potential name conflicts if this is statically |
| # included in a .so and the .so is then used via dlopen. |
| if (is_linux && lib_type == "static") { |
| configs -= [ ":export_symbols" ] |
| } |
| deps = [ ":crypto-${lib_type}" ] |
| if (is_fuchsia) { |
| # boringssl should always be optimized for speed because otherwise performance is significantly |
| # worse, impacting pave and boot times on debug builds (https://fxbug.dev/42133086) |
| configs -= [ "//build/config:default_optimize" ] |
| configs += [ "//build/config:optimize_speed" ] |
| } |
| } |
| } |
| |
| foreach(lib_name, lib_names) { |
| group("$lib_name") { |
| if (default_library_type == "shared_library") { |
| public_deps = [ ":${lib_name}-shared" ] |
| } else if (default_library_type == "static_library") { |
| public_deps = [ ":${lib_name}-static" ] |
| } else { |
| assert(false, "unsupported default_library_type: $default_library_type") |
| } |
| } |
| } |
| |
| if (!is_kernel) { |
| import("//build/fuzz.gni") |
| import("//build/test.gni") |
| |
| if (is_fuchsia) { |
| import("//build/components.gni") |
| } |
| |
| source_set("crypto_unsafe") { |
| testonly = true |
| visibility = [ ":*" ] |
| sources = crypto_sources |
| public = crypto_headers |
| configs += [ ":fuzz_config" ] |
| |
| if (is_fuchsia) { |
| # sysrand() uses Zircon system call. |
| deps = [ "//src/zircon/lib/zircon" ] |
| } |
| } |
| |
| source_set("ssl_unsafe") { |
| testonly = true |
| visibility = [ ":*" ] |
| sources = ssl_sources |
| public = ssl_headers |
| configs += [ ":fuzz_config" ] |
| deps = [ ":crypto_unsafe" ] |
| } |
| |
| ########################## |
| # bssl command line tool # |
| ########################## |
| if (is_fuchsia) { |
| fuchsia_package("boringssl_tool") { |
| deps = [ ":bssl" ] |
| } |
| } else { |
| group("boringssl_tool") { |
| deps = [ ":bssl" ] |
| } |
| } |
| |
| # See //third_party/boringssl/tool/CMakeLists.txt |
| executable("bssl") { |
| visibility = [ ":*" ] |
| sources = tool_sources |
| configs += [ |
| ":internal_config", |
| ":export_symbols", |
| ] |
| deps = [ |
| ":crypto", |
| ":ssl", |
| ] |
| } |
| |
| ############## |
| # Unit tests # |
| ############## |
| |
| crypto_tests = [] |
| common_crypto_test_sources = [ |
| # This test does nothing when BORINGSSL_SHARED_LIBRARY is defined and is |
| # needed to resolve missing symbols. /shrug |
| "src/crypto/test/file_test_gtest.cc", |
| "src/crypto/test/gtest_main.cc", |
| ] |
| shared_library("crypto_test_data") { |
| # This file is enormous (embeds ~27MiB of data as of when this was written) |
| # and simply including it as a source file with each test results in debug |
| # builds taking up hundreds of megabytes after compression, since each |
| # binary embeds the full file contents. To avoid excessive binary size |
| # bloat, we compile this as a shared library, so that each test binary will |
| # share a single copy of the test data. |
| sources = [ "crypto_test_data.cc" ] |
| configs += [ ":test_config" ] |
| visibility = [ ":*" ] |
| } |
| _crypto_test_sources = crypto_test_sources - common_crypto_test_sources - |
| [ "crypto_test_data.cc" ] |
| foreach(crypto_test_source, _crypto_test_sources) { |
| name = get_path_info(crypto_test_source, "name") |
| target_name = "${name}_crypto_test" |
| crypto_tests += [ target_name ] |
| test(target_name) { |
| visibility = [ ":*" ] |
| sources = [ crypto_test_source ] + common_crypto_test_sources + |
| test_support_sources |
| configs += [ ":test_config" ] |
| deps = [ |
| ":crypto", |
| ":crypto_test_data", |
| "//third_party/googletest:gmock", |
| "//third_party/googletest:gtest", |
| ] |
| } |
| } |
| |
| test("ssl_test") { |
| visibility = [ ":*" ] |
| sources = ssl_test_sources + test_support_sources |
| configs += [ ":test_config" ] |
| deps = [ |
| ":crypto", |
| ":ssl", |
| "//third_party/googletest:gmock", |
| "//third_party/googletest:gtest", |
| ] |
| } |
| |
| if (is_fuchsia) { |
| crypto_test_components = [] |
| needs_custom_component_manifest = [ "bio_test_crypto_test" ] |
| foreach(crypto_test, crypto_tests) { |
| _component_name = "${crypto_test}_component" |
| crypto_test_components += [ ":${_component_name}" ] |
| fuchsia_unittest_component(_component_name) { |
| if (needs_custom_component_manifest + [ crypto_test ] - |
| [ crypto_test ] != needs_custom_component_manifest) { |
| manifest = "meta/${crypto_test}.cml" |
| } |
| deps = [ ":${crypto_test}" ] |
| } |
| } |
| fuchsia_unittest_component("ssl_test_component") { |
| deps = [ ":ssl_test" ] |
| } |
| fuchsia_test_package("boringssl_tests") { |
| test_components = crypto_test_components + [ ":ssl_test_component" ] |
| deps = [ |
| "//src/connectivity/network/netstack:component", |
| "//src/sys/stash:stash_secure_v2", |
| ] |
| } |
| } |
| |
| group("tests") { |
| testonly = true |
| if (is_fuchsia) { |
| deps = [ ":boringssl_tests" ] |
| } else { |
| deps = [ ":ssl_test" ] |
| foreach(crypto_test, crypto_tests) { |
| deps += [ ":${crypto_test}" ] |
| } |
| } |
| } |
| |
| ################################################################################ |
| # Fuzzers |
| |
| # Upstream BoringSSL defines a `fuzzers` global variable in the generated |
| # GNI files; we rename it to avoid colliding with the similarly-named parameter |
| # on the fuzzer_package. |
| # |
| # TODO(https://fxbug.dev/42056966): Remove once `fuzzers` parameter is removed. |
| fuzzer_names = fuzzers |
| fuzzers = [] |
| |
| # Explicitly remove the arm_cpuinfo fuzzer, which tests Linux-specific routines |
| if (is_fuchsia) { |
| fuzzer_names -= [ "arm_cpuinfo" ] |
| } |
| |
| # Explicitly remove libpki fuzzers |
| # TODO(b/323926212): properly integrate libpki and fix these. |
| if (is_fuchsia) { |
| fuzzer_names -= [ |
| "crl_getcrlstatusforcert_fuzzer", |
| "crl_parse_crl_certificatelist_fuzzer", |
| "crl_parse_crl_tbscertlist_fuzzer", |
| "crl_parse_issuing_distribution_point_fuzzer", |
| "ocsp_parse_ocsp_cert_id_fuzzer", |
| "ocsp_parse_ocsp_response_data_fuzzer", |
| "ocsp_parse_ocsp_response_fuzzer", |
| "ocsp_parse_ocsp_single_response_fuzzer", |
| "parse_authority_key_identifier_fuzzer", |
| "parse_certificate_fuzzer", |
| "parse_crldp_fuzzer", |
| "verify_name_match_fuzzer", |
| "verify_name_match_normalizename_fuzzer", |
| "verify_name_match_verifynameinsubtree_fuzzer", |
| ] |
| } |
| |
| foreach(name, fuzzer_names) { |
| cpp_fuzzer("${name}_fuzzer") { |
| visibility = [ ":*" ] |
| sources = [ "src/fuzz/${name}.cc" ] |
| configs += [ ":fuzz_config" ] |
| deps = [ |
| ":crypto_unsafe", |
| ":ssl_unsafe", |
| ] |
| } |
| } |
| |
| if (is_fuchsia) { |
| foreach(name, fuzzer_names) { |
| fuchsia_fuzzer_component("${name}_fuzzer_component") { |
| manifest = "meta/${name}_fuzzer.cml" |
| deps = [ ":${name}_fuzzer" ] |
| } |
| } |
| |
| fuchsia_fuzzer_package("boringssl-fuzzers") { |
| cpp_fuzzer_components = [] |
| foreach(name, fuzzer_names) { |
| cpp_fuzzer_components += [ ":${name}_fuzzer_component" ] |
| } |
| } |
| |
| group("boringssl_fuzzers") { |
| testonly = true |
| deps = [ ":boringssl-fuzzers" ] |
| } |
| } else { |
| group("boringssl_fuzzers") { |
| testonly = true |
| deps = [] |
| foreach(fuzzer, fuzzer_names) { |
| deps += [ ":${name}_fuzzer" ] |
| } |
| } |
| } |
| } |
| |
| ################################################################################ |
| # Configs |
| |
| # Note that //zircon/kernel/lib/crypto/boringssl/BUILD.gn uses this config but |
| # it doesn't use the rest of this file's targets or configs for kernel cases. |
| config("boringssl_config") { |
| include_dirs = [ "src/include" ] |
| |
| cflags = [ |
| "-Wno-conversion", |
| "-Wno-unused-but-set-variable", |
| "-Wno-unused-function", |
| ] |
| |
| cflags_cc = [ "-Wno-deprecated-copy" ] |
| |
| if (is_gcc) { |
| cflags_cc += [ "-Wno-extra-semi" ] |
| } else { |
| cflags += [ "-Wno-extra-semi" ] |
| } |
| } |
| |
| config("export_symbols") { |
| defines = [ "BORINGSSL_IMPLEMENTATION" ] |
| } |
| |
| config("internal_config") { |
| visibility = [ ":*" ] |
| defines = [ |
| "BORINGSSL_ALLOW_CXX_RUNTIME", |
| "BORINGSSL_NO_STATIC_INITIALIZER", |
| "BORINGSSL_SHARED_LIBRARY", |
| "OPENSSL_SMALL", |
| ] |
| if (is_linux) { |
| # pthread_rwlock_t on Linux requires a feature flag. |
| defines += [ "_XOPEN_SOURCE=700" ] |
| } |
| configs = [ |
| ":boringssl_config", |
| "//build/config:shared_library_config", |
| ] |
| if (is_fuchsia) { |
| configs += [ "//build/config/fuchsia:static_cpp_standard_library" ] |
| } |
| } |
| |
| config("test_config") { |
| visibility = [ ":*" ] |
| include_dirs = [ |
| "src/crypto/test", |
| "src/ssl/test", |
| ] |
| configs = [ |
| ":internal_config", |
| ":export_symbols", |
| ] |
| } |
| |
| config("fuzz_config") { |
| visibility = [ ":*" ] |
| |
| # BoringSSL explicitly decided against using the common LLVM fuzzing macro: |
| # https://boringssl-review.googlesource.com/c/boringssl/+/31244 |
| defines = [ "BORINGSSL_UNSAFE_DETERMINISTIC_MODE" ] |
| configs = [ |
| ":internal_config", |
| ":export_symbols", |
| ] |
| } |