blob: 955352ce27aa736df9d1e61a78298c339690a925 [file] [log] [blame]
// Note that some host libraries have the same module name as the target
// libraries. This is currently needed to build, for example, adb. But it's
// probably something that should be changed.
package {
default_visibility: ["//visibility:private"],
}
// Pull in the autogenerated sources modules
build = ["sources.bp"]
// Used by libcrypto, libssl, bssl tool, and native tests
cc_defaults {
name: "boringssl_flags",
vendor_available: true,
cflags: [
"-fvisibility=hidden",
"-DBORINGSSL_SHARED_LIBRARY",
"-DBORINGSSL_ANDROID_SYSTEM",
"-DOPENSSL_SMALL",
"-D_XOPEN_SOURCE=700",
"-Werror",
"-Wno-unused-parameter",
],
cppflags: [
"-Wall",
"-Werror",
],
conlyflags: ["-std=c99"],
// Build BoringSSL and its tests against the same STL.
sdk_version: "9",
target: {
android: {
stl: "libc++_static",
},
},
}
// Used by libcrypto + libssl
cc_defaults {
name: "boringssl_defaults",
local_include_dirs: ["src/include"],
export_include_dirs: ["src/include"],
cflags: ["-DBORINGSSL_IMPLEMENTATION"],
}
//// libcrypto
cc_defaults {
name: "libcrypto_defaults",
host_supported: true,
// Windows and Macs both have problems with assembly files
target: {
windows: {
enabled: true,
cflags: ["-DOPENSSL_NO_ASM"],
host_ldlibs: ["-lws2_32"],
},
darwin: {
cflags: ["-DOPENSSL_NO_ASM"],
},
host: {
host_ldlibs: ["-lpthread"],
},
android: {
// On FIPS builds (i.e. Android only) prevent other libraries
// from pre-empting symbols in libcrypto which could affect FIPS
// compliance and cause integrity checks to fail. See b/160231064.
ldflags: ["-Wl,-Bsymbolic"],
},
},
local_include_dirs: ["src/crypto"],
}
cc_object {
name: "bcm_object",
device_supported: true,
recovery_available: true,
native_bridge_supported: true,
defaults: [
"libcrypto_bcm_sources",
"libcrypto_defaults",
"boringssl_defaults",
"boringssl_flags",
],
sanitize: {
address: false,
hwaddress: false,
fuzzer: false,
},
target: {
linux_bionic: {
header_libs: ["libc_headers"], // TODO(b/153662223): Clean this up.
},
android: {
header_libs: ["libc_headers"], // TODO(b/153662223): Clean this up.
cflags: [
"-DBORINGSSL_FIPS",
"-fPIC",
// -fno[data|text]-sections required to ensure a
// single text and data section for FIPS integrity check
"-fno-data-sections",
"-fno-function-sections",
],
linker_script: "src/crypto/fipsmodule/fips_shared.lds",
},
// Temporary hack to let BoringSSL build with a new compiler.
// This doesn't enable HWASAN unconditionally, it just causes
// BoringSSL's asm code to unconditionally use a HWASAN-compatible
// global variable reference so that the non-HWASANified (because of
// sanitize: { hwaddress: false } above) code in the BCM can
// successfully link against the HWASANified code in the rest of
// BoringSSL in HWASAN builds.
android_arm64: {
asflags: [
"-fsanitize=hwaddress",
],
},
},
apex_available: [
"//apex_available:platform",
"com.android.adbd",
"com.android.art.debug",
"com.android.art.release",
"com.android.art.testing",
"com.android.bluetooth.updatable",
"com.android.conscrypt",
"com.android.media",
"com.android.resolv",
],
min_sdk_version: "29",
}
bootstrap_go_package {
name: "bssl_ar",
pkgPath: "boringssl.googlesource.com/boringssl/util/ar",
srcs: [
"src/util/ar/ar.go",
],
testSrcs: [
"src/util/ar/ar_test.go",
],
}
bootstrap_go_package {
name: "bssl_fipscommon",
pkgPath: "boringssl.googlesource.com/boringssl/util/fipstools/fipscommon",
srcs: [
"src/util/fipstools/fipscommon/const.go",
],
}
blueprint_go_binary {
name: "bssl_inject_hash",
srcs: [
"src/util/fipstools/inject_hash/inject_hash.go",
],
deps: [
"bssl_ar",
"bssl_fipscommon",
],
}
// Target and host library
cc_library {
name: "libcrypto",
visibility: ["//visibility:public"],
vendor_available: true,
native_bridge_supported: true,
vndk: {
enabled: true,
},
double_loadable: true,
recovery_available: true,
defaults: [
"libcrypto_sources",
"libcrypto_defaults",
"boringssl_defaults",
"boringssl_flags",
],
unique_host_soname: true,
srcs: [
":bcm_object",
],
target: {
android: {
cflags: [
"-DBORINGSSL_FIPS",
],
sanitize: {
// Disable address sanitizing otherwise libcrypto will not report
// itself as being in FIPS mode, which causes boringssl_self_test
// to fail.
address: false,
},
inject_bssl_hash: true,
static: {
// Disable the static version of libcrypto, as it causes
// problems for FIPS certification. Use libcrypto_static for
// modules that need static libcrypto but do not need FIPS self
// testing, or use dynamic libcrypto.
enabled: false,
},
},
},
apex_available: [
"//apex_available:platform",
"com.android.adbd",
"com.android.art.debug",
"com.android.art.release",
"com.android.art.testing",
"com.android.bluetooth.updatable",
"com.android.conscrypt",
"com.android.media",
"com.android.resolv",
],
min_sdk_version: "29",
}
// Static library
// This version of libcrypto will not have FIPS self tests enabled, so its
// usage is protected through visibility to ensure it doesn't end up used
// somewhere that needs the FIPS version.
cc_library_static {
name: "libcrypto_static",
visibility: [
"//art/build/sdk",
"//bootable/recovery/updater",
"//external/conscrypt",
"//external/python/cpython2",
// Strictly, only the *static* toybox for legacy devices should have
// access to libcrypto_static, but we can't express that.
"//external/toybox",
"//frameworks/ml/nn:__subpackages__",
"//hardware/interfaces/confirmationui/1.0/vts/functional",
"//hardware/interfaces/drm/1.0/vts/functional",
"//hardware/interfaces/drm/1.2/vts/functional",
"//hardware/interfaces/drm/1.3/vts/functional",
"//hardware/interfaces/keymaster/3.0/vts/functional",
"//hardware/interfaces/keymaster/4.0/vts/functional",
"//hardware/interfaces/keymaster/4.1/vts/functional",
"//packages/modules/DnsResolver/tests:__subpackages__",
"//system/core/adb",
"//system/core/init",
"//system/core/fs_mgr/liblp",
"//system/core/fs_mgr/liblp/vts_core",
"//system/core/fs_mgr/libsnapshot",
"//system/libvintf/test",
"//system/security/keystore/tests",
"//test/vts-testcase/security/avb",
],
apex_available: [
"//apex_available:platform",
"com.android.neuralnetworks",
],
defaults: [
"libcrypto_bcm_sources",
"libcrypto_sources",
"libcrypto_defaults",
"boringssl_defaults",
"boringssl_flags",
],
}
//// libssl
// Target static library
// Static and Shared library
cc_library {
name: "libssl",
visibility: ["//visibility:public"],
recovery_available: true,
vendor_available: true,
native_bridge_supported: true,
vndk: {
enabled: true,
},
host_supported: true,
defaults: [
"libssl_sources",
"boringssl_defaults",
"boringssl_flags",
],
target: {
windows: {
enabled: true,
},
},
unique_host_soname: true,
shared_libs: ["libcrypto"],
apex_available: [
"//apex_available:platform",
"com.android.adbd",
"com.android.conscrypt",
"com.android.resolv",
],
min_sdk_version: "29",
}
// Tool
cc_binary {
name: "bssl",
host_supported: true,
defaults: [
"bssl_sources",
"boringssl_flags",
],
shared_libs: [
"libcrypto",
"libssl",
],
target: {
darwin: {
enabled: false,
},
android: {
compile_multilib: "both",
},
},
multilib: {
lib32: {
suffix: "32",
},
},
}
cc_binary {
name: "cavp",
host_supported: true,
srcs: [
"src/util/fipstools/cavp/cavp_aes_gcm_test.cc",
"src/util/fipstools/cavp/cavp_aes_test.cc",
"src/util/fipstools/cavp/cavp_ctr_drbg_test.cc",
"src/util/fipstools/cavp/cavp_ecdsa2_keypair_test.cc",
"src/util/fipstools/cavp/cavp_ecdsa2_pkv_test.cc",
"src/util/fipstools/cavp/cavp_ecdsa2_siggen_test.cc",
"src/util/fipstools/cavp/cavp_ecdsa2_sigver_test.cc",
"src/util/fipstools/cavp/cavp_hmac_test.cc",
"src/util/fipstools/cavp/cavp_kas_test.cc",
"src/util/fipstools/cavp/cavp_keywrap_test.cc",
"src/util/fipstools/cavp/cavp_main.cc",
"src/util/fipstools/cavp/cavp_rsa2_keygen_test.cc",
"src/util/fipstools/cavp/cavp_rsa2_siggen_test.cc",
"src/util/fipstools/cavp/cavp_rsa2_sigver_test.cc",
"src/util/fipstools/cavp/cavp_sha_monte_test.cc",
"src/util/fipstools/cavp/cavp_sha_test.cc",
"src/util/fipstools/cavp/cavp_tdes_test.cc",
"src/util/fipstools/cavp/cavp_test_util.cc",
"src/util/fipstools/cavp/cavp_tlskdf_test.cc",
],
target: {
android: {
compile_multilib: "both",
},
},
multilib: {
lib32: {
suffix: "32",
},
},
shared_libs: [
"libcrypto",
],
defaults: [
"boringssl_test_support_sources",
"boringssl_flags",
],
}
// Test support library
cc_library_static {
name: "boringssl_test_support",
host_supported: true,
defaults: [
"boringssl_test_support_sources",
"boringssl_flags",
],
shared_libs: [
"libcrypto",
"libssl",
],
}
// Tests
cc_test {
name: "boringssl_crypto_test",
test_suites: ["device-tests"],
host_supported: true,
defaults: [
"boringssl_crypto_test_sources",
"boringssl_flags",
],
whole_static_libs: ["boringssl_test_support"],
shared_libs: ["libcrypto"],
}
cc_test {
name: "boringssl_ssl_test",
test_suites: ["device-tests"],
host_supported: true,
defaults: [
"boringssl_ssl_test_sources",
"boringssl_flags",
],
whole_static_libs: ["boringssl_test_support"],
shared_libs: [
"libcrypto",
"libssl",
],
}
// Utility binary for CMVP on-site testing.
cc_binary {
name: "test_fips",
host_supported: false,
defaults: [
"boringssl_flags",
],
shared_libs: [
"libcrypto",
],
srcs: [
"src/util/fipstools/cavp/test_fips.c",
],
}