[boringssl] Better encapsulate the Zircon BoringSSL build.
This CL removes some ununsed files and extracts the source lists needed
by the Zircon build into a 'zircon.gni' file. This allows the upstream
code and the source lists to be updated atomically.
Bug: 41904
Change-Id: Ibc61ba48424a620ed62e47e40aa9a6c1e673fa49
diff --git a/check-integration b/check-integration
deleted file mode 100755
index 087bd7d..0000000
--- a/check-integration
+++ /dev/null
@@ -1,64 +0,0 @@
-#! /bin/bash
-
-set -euo pipefail
-
-ANC_DIR="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)"
-SRC_DIR="${ANC_DIR}/src"
-REPO="third_party/boringssl"
-
-fatal() {
- echo "error: $1"
- echo "usage: check-integration [integration-repo]"
- echo
- echo "Displays current revisions of the BoringSSL repositories. Checks whether the"
- echo "mirror of upstream matches the revision listed in README.fuchsia in the"
- echo "ancillary repo. Also checks if the revisions of both the upstream and ancillary"
- echo "repos match what is listed in the 'integration-repo' manifest. The"
- echo "'integration-repo' defaults to '\$FUCHSIA_DIR/integration'."
- exit 1
-}
-
-# Get the Jiri integration manifest for BoringSSL
-manifest=
-if [[ $# -gt 1 ]] ; then
- fatal "too many arugments"
-elif [[ $# -eq 1 ]] ; then
- manifest="$1/fuchsia/${REPO}/boringssl"
-elif [[ -z "${FUCHSIA_DIR:-}" ]] ; then
- fatal "FUCHSIA_DIR not set; have you run 'fx set'?"
-else
- manifest="${FUCHSIA_DIR}/integration/${REPO}/boringssl"
-fi
-if [[ ! -r "${manifest}" ]] ; then
- fatal "unable to read '${manifest}'"
-fi
-
-# Collect all the revisions
-anc_git="$(cd ${ANC_DIR} && git rev-list HEAD --max-count=1)"
-src_git="$(cd ${SRC_DIR} && git rev-list HEAD --max-count=1)"
-doc_rev="$(grep ${REPO} ${ANC_DIR}/README.fuchsia | sed "s/.*boringssl...//; s/.$//")"
-anc_int="$(jiri manifest -element=${REPO} -template=\"{{.Revision}}\" ${manifest} | tr -d '"')"
-src_int="$(jiri manifest -element=${REPO}/src -template=\"{{.Revision}}\" ${manifest} | tr -d '"')"
-
-# Display the revisions and compare
-echo
-echo "Upstream mirror (${REPO}/src):"
-echo " git revision: ${src_git}"
-echo " in README.fuchsia: ${doc_rev}"
-echo " in integration: ${src_int}"
-
-echo
-echo "Ancillary sources (${REPO}):"
-echo " git revision: ${anc_git}"
-echo " in integration: ${anc_int}"
-
-echo
-if [[ "${src_git}" != "${doc_rev}" ]] ; then
- echo "[!] ${ANC_DIR}/README.fuchsia doesn't match ${SRC_DIR}"
- echo " BoringSSL is in an inconsistent state; use 'go run roll_boringssl.go'"
-elif [[ "${src_git}" != "${src_int}" ]] || [[ "${anc_git}" != "${anc_int}" ]] ; then
- echo "[-] ${manifest} is out-of-date."
- echo " A roll of the integration repo is needed or pending. Check 'fx pending-commits'"
-else
- echo "[+] ${manifest} is up-to-date."
-fi
diff --git a/fuzzer.cmx b/fuzzer.cmx
deleted file mode 100644
index 11a55b3..0000000
--- a/fuzzer.cmx
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "sandbox": {
- "features": [
- "root-ssl-certificates",
- "deprecated-ambient-replace-as-executable"
- ]
- }
-}
diff --git a/zircon-unused.c b/zircon-unused.c
deleted file mode 100644
index 5829928..0000000
--- a/zircon-unused.c
+++ /dev/null
@@ -1,111 +0,0 @@
-// Copyright 2018 The Fuchsia Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include <stdlib.h>
-
-#include <openssl/aes.h>
-#include <openssl/base.h>
-
-#include "crypto/fipsmodule/modes/internal.h"
-
-// The functions in this file are symbols that appear in Zircon's uboringssl but never used.
-// In some linking approaches the build can't determine that they are unused and will fail with an
-// 'unresolved symbol' error. The simplest solution that keeps the footprint of uboringssl as small
-// as possible is to simply abort if any of these unused functions are in fact used.
-
-void CRYPTO_cbc128_decrypt(const uint8_t* in, uint8_t* out, size_t len, const AES_KEY* key,
- uint8_t ivec[16], block128_f block) {
- abort();
-}
-
-void CRYPTO_cbc128_encrypt(const uint8_t* in, uint8_t* out, size_t len, const AES_KEY* key,
- uint8_t ivec[16], block128_f block) {
- abort();
-}
-
-void CRYPTO_cfb128_encrypt(const uint8_t* in, uint8_t* out, size_t len, const AES_KEY* key,
- uint8_t ivec[16], unsigned* num, int enc, block128_f block) {
- abort();
-}
-
-void CRYPTO_ctr128_encrypt(const uint8_t* in, uint8_t* out, size_t len, const AES_KEY* key,
- uint8_t ivec[16], uint8_t ecount_buf[16], unsigned* num,
- block128_f block) {
- abort();
-}
-
-void CRYPTO_ctr128_encrypt_ctr32(const uint8_t* in, uint8_t* out, size_t len, const AES_KEY* key,
- uint8_t ivec[16], uint8_t ecount_buf[16], unsigned* num,
- ctr128_f ctr) {
- abort();
-}
-
-void CRYPTO_ofb128_encrypt(const uint8_t* in, uint8_t* out, size_t len, const AES_KEY* key,
- uint8_t ivec[16], unsigned* num, block128_f block) {
- abort();
-}
-
-int MD4_Final(unsigned char* md, MD4_CTX* c) {
- abort();
-}
-
-int MD4_Init(MD4_CTX* c) {
- abort();
-}
-
-int MD4_Update(MD4_CTX* c, const void* data, size_t len) {
- abort();
-}
-
-int MD5_Final(unsigned char* md, MD5_CTX* c) {
- abort();
-}
-
-int MD5_Init(MD5_CTX* c) {
- abort();
-}
-
-int MD5_Update(MD5_CTX* c, const void* data, size_t len) {
- abort();
-}
-
-int RAND_bytes(uint8_t* out, size_t out_len) {
- abort();
-}
-
-int SHA1_Final(uint8_t* md, SHA_CTX* sha) {
- abort();
-}
-
-int SHA1_Init(SHA_CTX* sha) {
- abort();
-}
-
-int SHA1_Update(SHA_CTX* sha, const void* data, size_t len) {
- abort();
-}
-
-int SHA384_Final(uint8_t* md, SHA512_CTX* sha) {
- abort();
-}
-
-int SHA384_Init(SHA512_CTX* sha) {
- abort();
-}
-
-int SHA384_Update(SHA512_CTX* sha, const void* data, size_t len) {
- abort();
-}
-
-int SHA512_Final(uint8_t* md, SHA512_CTX* sha) {
- abort();
-}
-
-int SHA512_Init(SHA512_CTX* sha) {
- abort();
-}
-
-int SHA512_Update(SHA512_CTX* sha, const void* data, size_t len) {
- abort();
-}
diff --git a/zircon.gni b/zircon.gni
new file mode 100644
index 0000000..648fd00
--- /dev/null
+++ b/zircon.gni
@@ -0,0 +1,71 @@
+# Copyright 2019 The Fuchsia Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# This file defines several variables used by //zircon/third_party/ulib/uboringssl. They are defined
+# here so that they can be changed atomically with an upstream roll.
+
+# Zircon code that depends on BoringSSL should have a "#define BORINGSSL_NO_CXX" statement before
+# any "#include <openssl/...>" statements to avoid pulling in C++ headers.
+boringssl_zircon_include_dirs = [ "src/include" ]
+
+boringssl_zircon_kernel_sources = [
+ "src/crypto/fipsmodule/sha/sha256.c",
+ "src/crypto/chacha/chacha.c",
+]
+
+boringssl_zircon_system_sources = [
+ "src/crypto/fipsmodule/sha/sha256.c",
+ "src/crypto/cipher_extra/e_aesgcmsiv.c",
+ "src/crypto/cpu-aarch64-fuchsia.c",
+ "src/crypto/cpu-arm.c",
+ "src/crypto/cpu-intel.c",
+ "src/crypto/crypto.c",
+ "src/crypto/err/err.c",
+ "src/crypto/fipsmodule/aes/aes.c",
+ "src/crypto/fipsmodule/aes/mode_wrappers.c",
+ "src/crypto/fipsmodule/cipher/aead.c",
+ "src/crypto/fipsmodule/cipher/cipher.c",
+ "src/crypto/fipsmodule/cipher/e_aes.c",
+ "src/crypto/fipsmodule/digest/digest.c",
+ "src/crypto/fipsmodule/digest/digests.c",
+ "src/crypto/fipsmodule/hmac/hmac.c",
+ "src/crypto/fipsmodule/modes/gcm.c",
+ "src/crypto/fipsmodule/modes/polyval.c",
+ "src/crypto/hkdf/hkdf.c",
+ "src/crypto/mem.c",
+ "src/crypto/thread_pthread.c",
+ "src/decrepit/xts/xts.c",
+ "err_data.c",
+]
+
+boringssl_zircon_system_arm64_sources = [
+ "linux-aarch64/crypto/fipsmodule/aesv8-armx64.S",
+ "linux-aarch64/crypto/fipsmodule/ghashv8-armx64.S",
+ "linux-aarch64/crypto/fipsmodule/sha256-armv8.S",
+ "linux-aarch64/crypto/fipsmodule/vpaes-armv8.S",
+]
+
+boringssl_zircon_system_x64_darwin_sources = [
+ "mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S",
+ "mac-x86_64/crypto/fipsmodule/aes-x86_64.S",
+ "mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S",
+ "mac-x86_64/crypto/fipsmodule/aesni-x86_64.S",
+ "mac-x86_64/crypto/fipsmodule/bsaes-x86_64.S",
+ "mac-x86_64/crypto/fipsmodule/ghash-x86_64.S",
+ "mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S",
+ "mac-x86_64/crypto/fipsmodule/sha256-x86_64.S",
+ "mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S",
+]
+
+boringssl_zircon_system_x64_linux_sources = [
+ "linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S",
+ "linux-x86_64/crypto/fipsmodule/aes-x86_64.S",
+ "linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S",
+ "linux-x86_64/crypto/fipsmodule/aesni-x86_64.S",
+ "linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S",
+ "linux-x86_64/crypto/fipsmodule/ghash-x86_64.S",
+ "linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S",
+ "linux-x86_64/crypto/fipsmodule/sha256-x86_64.S",
+ "linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S",
+]
