xref: /aosp_15_r20/external/cronet/third_party/boringssl/BUILD.gn (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1# Copyright 2014 The Chromium Authors
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import("//build/config/android/config.gni")
6import("//build/config/arm.gni")
7import("//build/config/compiler/compiler.gni")
8import("//build/config/rust.gni")
9import("//build/config/sanitizers/sanitizers.gni")
10import("//build_overrides/build.gni")
11import("BUILD.generated.gni")
12import("BUILD.generated_tests.gni")
13
14if (enable_rust) {
15  import("//build/rust/cargo_crate.gni")
16  import("//build/rust/rust_bindgen.gni")
17}
18
19# Config for us and everybody else depending on BoringSSL.
20config("external_config") {
21  include_dirs = [ "src/include" ]
22  if (is_component_build) {
23    defines = [ "BORINGSSL_SHARED_LIBRARY" ]
24  }
25}
26
27# The config used by the :boringssl component itself, and the fuzzer copies.
28config("component_config") {
29  visibility = [ ":*" ]  # Only targets in this file can depend on this.
30  configs = [ ":internal_config" ]
31  defines = [ "BORINGSSL_IMPLEMENTATION" ]
32}
33
34# This config is used by anything that consumes internal headers. Tests consume
35# this rather than :component_config.
36config("internal_config") {
37  visibility = [ ":*" ]  # Only targets in this file can depend on this.
38  defines = [
39    "BORINGSSL_ALLOW_CXX_RUNTIME",
40    "BORINGSSL_NO_STATIC_INITIALIZER",
41    "OPENSSL_SMALL",
42  ]
43}
44
45config("no_asm_config") {
46  visibility = [ ":*" ]  # Only targets in this file can depend on this.
47  defines = [ "OPENSSL_NO_ASM" ]
48}
49
50# TODO(crbug.com/1496373): having the headers in all_sources is hacky and should
51# be fixed. It is caused by issues with the fuzzer target.
52all_sources = crypto_sources + ssl_sources + pki_sources + pki_internal_headers
53all_headers = crypto_headers + ssl_headers + pki_headers + pki_internal_headers
54
55if (enable_rust) {
56  rust_bindgen("raw_bssl_sys_bindings") {
57    header = "src/rust/bssl-sys/wrapper.h"
58    deps = [ ":boringssl" ]
59    bindgen_flags = [
60      "no-derive-default",
61      "enable-function-attribute-detection",
62      "use-core",
63      "default-macro-constant-type=signed",
64
65      # These two functions use `va_list`, which causes bindgen errors on
66      # some platforms: i.e. "`extern` block uses type `[u64; 4]`, which is not
67      # FFI-safe"
68      "blocklist-function=BIO_vsnprintf",
69      "blocklist-function=OPENSSL_vasprintf",
70      "rustified-enum=point_conversion_form_t",
71      "allowlist-file=.*[[:punct:]]include[[:punct:]]openssl[[:punct:]].*\\.h",
72    ]
73    wrap_static_fns = true
74    visibility = [ ":*" ]  # private, should only be exposed through bssl_crypto
75  }
76
77  # Low level, bindgen generates system bindings to boringssl
78  cargo_crate("bssl_sys") {
79    crate_type = "rlib"
80    crate_root = "src/rust/bssl-sys/src/lib.rs"
81    sources = rust_bssl_sys
82    edition = "2021"
83    deps = [
84      ":boringssl",
85      ":raw_bssl_sys_bindings",
86      ":raw_bssl_sys_bindings_static_fns",
87    ]
88
89    visibility = [
90      ":*",  # private, should only be exposed through bssl_crypto
91    ]
92    bindgen_output = get_target_outputs(":raw_bssl_sys_bindings")
93    inputs = bindgen_output
94    rustenv =
95        [ "BINDGEN_RS_FILE=" +
96          rebase_path(bindgen_output[0], get_path_info(crate_root, "dir")) ]
97  }
98
99  # Rust bindings to boringssl
100  cargo_crate("bssl_crypto") {
101    crate_type = "rlib"
102    crate_root = "src/rust/bssl-crypto/src/lib.rs"
103    sources = rust_bssl_crypto
104    edition = "2021"
105    deps = [ ":bssl_sys" ]
106  }
107}
108
109if (is_msan) {
110  # MSan instrumentation is incompatible with assembly optimizations.
111  # BoringSSL's GAS-compatible assembly knows how to detect MSan, but the NASM
112  # assembly does not, so we check for MSan explicitly.
113  source_set("boringssl_asm") {
114    visibility = [ ":*" ]  # Only targets in this file can depend on this.
115
116    public_configs = [ ":no_asm_config" ]
117  }
118} else if (is_win && (current_cpu == "x86" || current_cpu == "x64")) {
119  # Windows' x86 and x86_64 assembly is built with NASM.
120  import("//third_party/nasm/nasm_assemble.gni")
121  nasm_assemble("boringssl_asm") {
122    sources = crypto_sources_nasm
123    visibility = [ ":*" ]  # Only targets in this file can depend on this.
124  }
125} else {
126  # All other targets use GAS-compatible assembler. BoringSSL's assembly files
127  # are all wrapped in processor checks for the corresponding target, so there
128  # is no need to add target conditions in the build.
129  source_set("boringssl_asm") {
130    visibility = [ ":*" ]  # Only targets in this file can depend on this.
131
132    sources = crypto_sources_asm
133    include_dirs = [ "src/include" ]
134  }
135}
136
137component("boringssl") {
138  sources = all_sources
139  public = all_headers
140  friend = [ ":*" ]
141  deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ]
142
143  # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM
144  # config is forwarded to callers. In particular, boringssl_crypto_tests
145  # requires it.
146  public_deps = [ ":boringssl_asm" ]
147
148  public_configs = [ ":external_config" ]
149  configs += [ ":component_config" ]
150
151  configs -= [ "//build/config/compiler:chromium_code" ]
152  configs += [ "//build/config/compiler:no_chromium_code" ]
153
154  if (is_nacl) {
155    deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
156  }
157
158  if (!is_debug && !(is_fuchsia && optimize_for_size)) {
159    configs -= [ "//build/config/compiler:default_optimization" ]
160    configs += [ "//build/config/compiler:optimize_max" ]
161  }
162
163  if (is_linux && is_component_build) {
164    version_script = "boringssl.map"
165    inputs = [ version_script ]
166    ldflags = [ "-Wl,--version-script=" +
167                rebase_path(version_script, root_build_dir) ]
168  }
169}
170
171if (build_with_chromium) {
172  import("//testing/libfuzzer/fuzzer_test.gni")
173
174  source_set("test_support") {
175    # TODO(crbug.com/boringssl/542): When we switch to the new source lists,
176    # we will have separate variables for the sources and headers.
177    sources = filter_exclude(test_support_sources, [ "*.h" ])
178    public = filter_include(test_support_sources, [ "*.h" ])
179    testonly = true
180
181    # Test data in Chromium is complex. Swap out GetTestData with a
182    # Chromium-specific implementation.
183    sources += [ "test_data_chromium.cc" ]
184    defines = [ "BORINGSSL_CUSTOM_GET_TEST_DATA" ]
185
186    deps = [
187      ":boringssl",
188      "//base",
189      "//testing/gtest",
190    ]
191  }
192
193  # These targets are named "_tests" rather than "_test" to avoid colliding with
194  # a historical "boringssl_ssl_test" target. This works around a bug with the
195  # iOS build rules.
196
197  bundle_data("boringssl_crypto_tests_bundle_data") {
198    sources = crypto_test_data
199    testonly = true
200    outputs = [ "{{bundle_resources_dir}}/" +
201                "{{source_root_relative_dir}}/{{source_file_part}}" ]
202  }
203
204  test("boringssl_crypto_tests") {
205    sources = crypto_test_sources
206    data = crypto_test_data
207    deps = [
208      ":boringssl",
209      ":boringssl_crypto_tests_bundle_data",
210      ":test_support",
211      "//testing/gtest",
212    ]
213
214    configs -= [ "//build/config/compiler:chromium_code" ]
215    configs += [
216      ":internal_config",
217      "//build/config/compiler:no_chromium_code",
218    ]
219
220    # Chromium infrastructure does not support GTest, only the //base wrapper.
221    sources -= [ "src/crypto/test/gtest_main.cc" ]
222    sources += [ "gtest_main_chromium.cc" ]
223    deps += [ "//base/test:test_support" ]
224
225    if (is_fuchsia) {
226      additional_manifest_fragments =
227          [ "//build/config/fuchsia/test/network.shard.test-cml" ]
228    }
229  }
230
231  test("boringssl_ssl_tests") {
232    sources = ssl_test_sources
233    deps = [
234      ":boringssl",
235      ":test_support",
236      "//testing/gtest",
237    ]
238
239    configs -= [ "//build/config/compiler:chromium_code" ]
240    configs += [
241      ":internal_config",
242      "//build/config/compiler:no_chromium_code",
243    ]
244
245    # Chromium infrastructure does not support GTest, only the //base wrapper.
246    sources -= [ "src/crypto/test/gtest_main.cc" ]
247    sources += [ "gtest_main_chromium.cc" ]
248    deps += [ "//base/test:test_support" ]
249  }
250
251  test("boringssl_pki_tests") {
252    sources = pki_test_sources
253    data = pki_test_data
254    deps = [
255      ":boringssl",
256      ":test_support",
257      "//testing/gtest",
258    ]
259
260    configs -= [ "//build/config/compiler:chromium_code" ]
261    configs += [
262      ":internal_config",
263      "//build/config/compiler:no_chromium_code",
264    ]
265
266    # Chromium infrastructure does not support GTest, only the //base wrapper.
267    sources -= [ "src/crypto/test/gtest_main.cc" ]
268    sources += [ "gtest_main_chromium.cc" ]
269    deps += [ "//base/test:test_support" ]
270  }
271
272  config("fuzzer_config") {
273    visibility = [ ":*" ]  # Only targets in this file can depend on this.
274    defines = [
275      "BORINGSSL_UNSAFE_FUZZER_MODE",
276      "BORINGSSL_UNSAFE_DETERMINISTIC_MODE",
277    ]
278  }
279
280  # The same as boringssl, but builds with BORINGSSL_UNSAFE_FUZZER_MODE.
281  # TODO(https://crbug.com/boringssl/258): Fold this into the normal target.
282  component("boringssl_fuzzer") {
283    visibility = [ ":*" ]  # Only targets in this file can depend on this.
284
285    sources = all_sources
286    deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ]
287
288    # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM
289    # config is forwarded to callers. In particular, boringssl_crypto_tests
290    # requires it.
291    public_deps = [ ":boringssl_asm" ]
292
293    public_configs = [
294      ":external_config",
295      ":fuzzer_config",
296    ]
297    configs += [ ":component_config" ]
298
299    configs -= [ "//build/config/compiler:chromium_code" ]
300    configs += [ "//build/config/compiler:no_chromium_code" ]
301
302    if (is_nacl) {
303      deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
304    }
305  }
306
307  # Do not run the fuzzers on windows until 1477042 is fixed, they
308  # make the fuzzer infrastructure exceed the windows command line
309  # length.
310  foreach(fuzzer, fuzzers) {
311    fuzzer_test("boringssl_${fuzzer}_fuzzer") {
312      sources = [
313        "src/fuzz/${fuzzer}.cc",
314        "src/ssl/test/fuzzer.h",
315        "src/ssl/test/fuzzer_tags.h",
316      ]
317      additional_configs = [ ":internal_config" ]
318      deps = [ ":boringssl_fuzzer" ]
319      seed_corpus = "src/fuzz/${fuzzer}_corpus"
320
321      if ("cert" == fuzzer) {
322        libfuzzer_options = [ "max_len=3072" ]
323      } else if ("client" == fuzzer) {
324        libfuzzer_options = [ "max_len=20000" ]
325      } else if ("pkcs8" == fuzzer) {
326        libfuzzer_options = [ "max_len=2048" ]
327      } else if ("privkey" == fuzzer) {
328        libfuzzer_options = [ "max_len=2048" ]
329      } else if ("read_pem" == fuzzer) {
330        libfuzzer_options = [ "max_len=512" ]
331      } else if ("session" == fuzzer) {
332        libfuzzer_options = [ "max_len=8192" ]
333      } else if ("server" == fuzzer) {
334        libfuzzer_options = [ "max_len=4096" ]
335      } else if ("spki" == fuzzer) {
336        libfuzzer_options = [ "max_len=1024" ]
337      } else if ("ssl_ctx_api" == fuzzer) {
338        libfuzzer_options = [ "max_len=256" ]
339      }
340    }
341  }
342
343  config("fuzzer_no_fuzzer_mode_config") {
344    visibility = [ ":*" ]  # Only targets in this file can depend on this.
345    defines = [ "BORINGSSL_UNSAFE_DETERMINISTIC_MODE" ]
346  }
347
348  # The same as boringssl, but builds with BORINGSSL_UNSAFE_DETERMINISTIC_MODE.
349  # TODO(https://crbug.com/boringssl/258): Fold this into the normal target.
350  component("boringssl_fuzzer_no_fuzzer_mode") {
351    visibility = [ ":*" ]  # Only targets in this file can depend on this.
352
353    sources = all_sources
354    deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ]
355
356    # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM
357    # config is forwarded to callers. In particular, boringssl_crypto_tests
358    # requires it.
359    public_deps = [ ":boringssl_asm" ]
360
361    public_configs = [
362      ":external_config",
363      ":fuzzer_no_fuzzer_mode_config",
364    ]
365    configs += [ ":component_config" ]
366
367    configs -= [ "//build/config/compiler:chromium_code" ]
368    configs += [ "//build/config/compiler:no_chromium_code" ]
369
370    if (is_nacl) {
371      deps += [ "//native_client_sdk/src/libraries/nacl_io" ]
372    }
373  }
374
375  fuzzer_test("boringssl_client_no_fuzzer_mode_fuzzer") {
376    sources = [
377      "src/fuzz/client.cc",
378      "src/ssl/test/fuzzer.h",
379      "src/ssl/test/fuzzer_tags.h",
380    ]
381    additional_configs = [ ":internal_config" ]
382    deps = [ ":boringssl_fuzzer_no_fuzzer_mode" ]
383    seed_corpus = "src/fuzz/client_corpus_no_fuzzer_mode"
384  }
385
386  fuzzer_test("boringssl_server_no_fuzzer_mode_fuzzer") {
387    sources = [
388      "src/fuzz/server.cc",
389      "src/ssl/test/fuzzer.h",
390      "src/ssl/test/fuzzer_tags.h",
391    ]
392    additional_configs = [ ":internal_config" ]
393    deps = [ ":boringssl_fuzzer_no_fuzzer_mode" ]
394    seed_corpus = "src/fuzz/server_corpus_no_fuzzer_mode"
395  }
396}
397