blob: 84c70c72914ddad386ea973418ec68e56159b2a3 [file] [log] [blame]
// Note that some host libraries have the same module name as the target
// libraries. This is currently needed to build, for example, adb. But it's
// probably something that should be changed.
package {
default_visibility: ["//visibility:private"],
default_applicable_licenses: ["external_boringssl_license"],
}
// Added automatically by a large-scale-change that took the approach of
// 'apply every license found to every target'. While this makes sure we respect
// every license restriction, it may not be entirely correct.
//
// e.g. GPL in an MIT project might only apply to the contrib/ directory.
//
// Please consider splitting the single license below into multiple licenses,
// taking care not to lose any license_kind information, and overriding the
// default license using the 'licenses: [...]' property on targets as needed.
//
// For unused files, consider creating a 'fileGroup' with "//visibility:private"
// to attach the license to, and including a comment whether the files may be
// used in the current project.
// See: http://go/android-license-faq
license {
name: "external_boringssl_license",
visibility: [":__subpackages__"],
license_kinds: [
"SPDX-license-identifier-Apache-2.0",
"SPDX-license-identifier-BSD",
"SPDX-license-identifier-ISC",
"SPDX-license-identifier-MIT",
"SPDX-license-identifier-OpenSSL",
"legacy_unencumbered",
],
license_text: [
"NOTICE",
],
}
// Pull in the autogenerated sources modules
build = ["sources.bp"]
// Used by libcrypto, libssl, bssl tool, and native tests
cc_defaults {
name: "boringssl_flags",
vendor_available: true,
product_available: true,
cflags: [
"-fvisibility=hidden",
"-DBORINGSSL_SHARED_LIBRARY",
"-DBORINGSSL_ANDROID_SYSTEM",
"-DOPENSSL_SMALL",
"-Werror",
"-Wno-unused-parameter",
],
cppflags: [
"-Wall",
"-Werror",
],
c_std: "gnu11",
// Build BoringSSL and its tests against the same STL.
sdk_version: "9",
target: {
android: {
stl: "libc++_static",
},
},
}
// Used by libcrypto + libssl
cc_defaults {
name: "boringssl_defaults",
local_include_dirs: ["src/include"],
export_include_dirs: ["src/include"],
cflags: ["-DBORINGSSL_IMPLEMENTATION"],
}
//// libcrypto
cc_defaults {
name: "libcrypto_defaults",
host_supported: true,
ramdisk_available: true,
vendor_ramdisk_available: true,
// Windows and Macs both have problems with assembly files
target: {
windows: {
enabled: true,
cflags: ["-DOPENSSL_NO_ASM"],
host_ldlibs: ["-lws2_32"],
},
darwin: {
cflags: ["-DOPENSSL_NO_ASM"],
},
host: {
host_ldlibs: ["-lpthread"],
},
android: {
// On FIPS builds (i.e. Android only) prevent other libraries
// from pre-empting symbols in libcrypto which could affect FIPS
// compliance and cause integrity checks to fail. See b/160231064.
ldflags: ["-Wl,-Bsymbolic"],
},
},
local_include_dirs: ["src/crypto"],
}
cc_object {
name: "bcm_object",
device_supported: true,
recovery_available: true,
native_bridge_supported: true,
defaults: [
"libcrypto_bcm_sources",
"libcrypto_defaults",
"boringssl_defaults",
"boringssl_flags",
],
sanitize: {
address: false,
hwaddress: false,
fuzzer: false,
},
target: {
android: {
cflags: [
"-DBORINGSSL_FIPS",
"-fPIC",
// -fno[data|text]-sections required to ensure a
// single text and data section for FIPS integrity check
"-fno-data-sections",
"-fno-function-sections",
],
linker_script: "src/crypto/fipsmodule/fips_shared.lds",
},
// Temporary hack to let BoringSSL build with a new compiler.
// This doesn't enable HWASAN unconditionally, it just causes
// BoringSSL's asm code to unconditionally use a HWASAN-compatible
// global variable reference so that the non-HWASANified (because of
// sanitize: { hwaddress: false } above) code in the BCM can
// successfully link against the HWASANified code in the rest of
// BoringSSL in HWASAN builds.
android_arm64: {
asflags: [
"-fsanitize=hwaddress",
],
},
},
apex_available: [
"//apex_available:platform",
"com.android.adbd",
"com.android.art",
"com.android.art.debug",
"com.android.art.testing",
"com.android.bluetooth",
"com.android.compos",
"com.android.conscrypt",
"com.android.resolv",
"com.android.virt",
],
min_sdk_version: "29",
}
bootstrap_go_package {
name: "bssl_ar",
pkgPath: "boringssl.googlesource.com/boringssl/util/ar",
srcs: [
"src/util/ar/ar.go",
],
testSrcs: [
"src/util/ar/ar_test.go",
],
}
bootstrap_go_package {
name: "bssl_fipscommon",
pkgPath: "boringssl.googlesource.com/boringssl/util/fipstools/fipscommon",
srcs: [
"src/util/fipstools/fipscommon/const.go",
],
}
blueprint_go_binary {
name: "bssl_inject_hash",
srcs: [
"src/util/fipstools/inject_hash/inject_hash.go",
],
deps: [
"bssl_ar",
"bssl_fipscommon",
],
}
// Target and host library
cc_library {
name: "libcrypto",
visibility: ["//visibility:public"],
vendor_available: true,
product_available: true,
native_bridge_supported: true,
vndk: {
enabled: true,
},
double_loadable: true,
recovery_available: true,
defaults: [
"libcrypto_sources",
"libcrypto_defaults",
"boringssl_defaults",
"boringssl_flags",
],
unique_host_soname: true,
srcs: [
":bcm_object",
],
target: {
android: {
cflags: [
"-DBORINGSSL_FIPS",
],
sanitize: {
// Disable address sanitizing otherwise libcrypto will not report
// itself as being in FIPS mode, which causes boringssl_self_test
// to fail.
address: false,
},
inject_bssl_hash: true,
static: {
// Disable the static version of libcrypto, as it causes
// problems for FIPS certification. Use libcrypto_static for
// modules that need static libcrypto but do not need FIPS self
// testing, or use dynamic libcrypto.
enabled: false,
},
},
},
apex_available: [
"//apex_available:platform",
"com.android.adbd",
"com.android.art",
"com.android.art.debug",
"com.android.art.testing",
"com.android.bluetooth",
"com.android.compos",
"com.android.conscrypt",
"com.android.resolv",
"com.android.virt",
],
min_sdk_version: "29",
}
// Static library
// This version of libcrypto will not have FIPS self tests enabled, so its
// usage is protected through visibility to ensure it doesn't end up used
// somewhere that needs the FIPS version.
cc_library_static {
name: "libcrypto_static",
visibility: [
"//art/build/sdk",
"//bootable/recovery/updater",
"//external/conscrypt",
"//external/python/cpython2",
"//external/rust/crates/quiche",
// Strictly, only the *static* toybox for legacy devices should have
// access to libcrypto_static, but we can't express that.
"//external/toybox",
"//hardware/interfaces/confirmationui/1.0/vts/functional",
"//hardware/interfaces/drm/1.0/vts/functional",
"//hardware/interfaces/drm/1.2/vts/functional",
"//hardware/interfaces/drm/1.3/vts/functional",
"//hardware/interfaces/keymaster/3.0/vts/functional",
"//hardware/interfaces/keymaster/4.0/vts/functional",
"//hardware/interfaces/keymaster/4.1/vts/functional",
"//packages/modules/adb",
"//packages/modules/DnsResolver/tests:__subpackages__",
"//packages/modules/NeuralNetworks:__subpackages__",
"//system/core/init",
"//system/core/fs_mgr/liblp",
"//system/core/fs_mgr/liblp/vts_core",
"//system/core/fs_mgr/libsnapshot",
"//system/libvintf/test",
"//system/security/keystore/tests",
"//test/vts-testcase/security/avb",
],
apex_available: [
"//apex_available:platform",
"com.android.neuralnetworks",
],
defaults: [
"libcrypto_bcm_sources",
"libcrypto_sources",
"libcrypto_defaults",
"boringssl_defaults",
"boringssl_flags",
],
}
// Common defaults for lib*_fuzz_unsafe. These are unsafe and deterministic
// libraries for testing and fuzzing only. See src/FUZZING.md.
cc_defaults {
name: "boringssl_fuzz_unsafe_defaults",
host_supported: true,
cflags: [
"-DBORINGSSL_UNSAFE_DETERMINISTIC_MODE",
"-DBORINGSSL_UNSAFE_FUZZER_MODE",
],
visibility: [
"//frameworks/native/libs/binder/tests:__subpackages__",
],
}
// Unsafe and deterministic version of libcrypto. For testing and fuzzing only.
// See src/FUZZING.md.
cc_test_library {
name: "libcrypto_fuzz_unsafe",
ramdisk_available: false,
vendor_ramdisk_available: false,
defaults: [
"libcrypto_bcm_sources",
"libcrypto_sources",
"libcrypto_defaults",
"boringssl_defaults",
"boringssl_flags",
"boringssl_fuzz_unsafe_defaults",
],
}
//// libssl
// Target static library
// Static and Shared library
cc_library {
name: "libssl",
visibility: ["//visibility:public"],
recovery_available: true,
vendor_available: true,
product_available: true,
native_bridge_supported: true,
vndk: {
enabled: true,
},
host_supported: true,
defaults: [
"libssl_sources",
"boringssl_defaults",
"boringssl_flags",
],
target: {
windows: {
enabled: true,
},
},
unique_host_soname: true,
shared_libs: ["libcrypto"],
apex_available: [
"//apex_available:platform",
"com.android.bluetooth",
"com.android.adbd",
"com.android.conscrypt",
"com.android.resolv",
],
min_sdk_version: "29",
}
// Unsafe and deterministic version of libssl. For testing and fuzzing only.
// See src/FUZZING.md.
cc_test_library {
name: "libssl_fuzz_unsafe",
host_supported: true,
defaults: [
"libssl_sources",
"boringssl_defaults",
"boringssl_flags",
"boringssl_fuzz_unsafe_defaults",
],
static_libs: [
"libcrypto_fuzz_unsafe",
],
}
// Tool
cc_binary {
name: "bssl",
host_supported: true,
defaults: [
"bssl_sources",
"boringssl_flags",
],
shared_libs: [
"libcrypto",
"libssl",
],
target: {
darwin: {
enabled: false,
},
android: {
compile_multilib: "both",
},
},
multilib: {
lib32: {
suffix: "32",
},
},
}
// Used for ACVP testing for FIPS certification.
// Not installed on devices by default.
cc_binary {
name: "acvp_modulewrapper",
srcs: [
"src/util/fipstools/acvp/modulewrapper/main.cc",
],
target: {
android_x86: {
enabled: false,
},
android_x86_64: {
enabled: false,
},
},
stem: "modulewrapper",
compile_multilib: "both",
multilib: {
lib32: {
suffix: "32",
},
},
static_libs: [
"libacvp_modulewrapper",
],
shared_libs: [
"libcrypto",
],
defaults: [
"boringssl_flags",
],
}
// ACVP wrapper implementation shared between Android and Trusty
cc_library_static {
name: "libacvp_modulewrapper",
host_supported: true,
vendor_available: true,
srcs: [
"src/util/fipstools/acvp/modulewrapper/modulewrapper.cc",
],
target: {
android: {
compile_multilib: "both",
},
},
export_include_dirs: ["src/util/fipstools/acvp/modulewrapper/"],
shared_libs: [
"libcrypto",
],
defaults: [
"boringssl_flags",
],
visibility: ["//system/core/trusty/utils/acvp"],
}
// Test support library
cc_library_static {
name: "boringssl_test_support",
host_supported: true,
defaults: [
"boringssl_test_support_sources",
"boringssl_flags",
],
shared_libs: [
"libcrypto",
"libssl",
],
}
// Tests
cc_test {
name: "boringssl_crypto_test",
test_config: "NativeTests.xml",
host_supported: false,
per_testcase_directory: true,
compile_multilib: "both",
multilib: {
lib32: {
suffix: "32",
},
lib64: {
suffix: "64",
},
},
defaults: [
"boringssl_crypto_test_sources",
"boringssl_flags",
],
whole_static_libs: ["boringssl_test_support"],
// Statically link the library to test to ensure we always pick up the
// correct version regardless of device linker configuration.
static_libs: ["libcrypto_static"],
target: {
android: {
test_suites: ["mts-conscrypt"],
},
},
}
cc_test {
name: "boringssl_ssl_test",
test_config: "NativeTests.xml",
host_supported: false,
per_testcase_directory: true,
compile_multilib: "both",
multilib: {
lib32: {
suffix: "32",
},
lib64: {
suffix: "64",
},
},
defaults: [
"boringssl_ssl_test_sources",
"boringssl_flags",
],
whole_static_libs: ["boringssl_test_support"],
// Statically link the libraries to test to ensure we always pick up the
// correct version regardless of device linker configuration.
static_libs: [
"libcrypto_static",
"libssl",
],
target: {
android: {
test_suites: ["mts-conscrypt"],
},
},
}
// Utility binary for CMVP on-site testing.
cc_binary {
name: "test_fips",
host_supported: false,
defaults: [
"boringssl_flags",
],
shared_libs: [
"libcrypto",
],
srcs: [
"src/util/fipstools/test_fips.c",
],
}