diff options
| author | brettw@chromium.org <brettw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-04-14 23:25:13 +0000 |
|---|---|---|
| committer | brettw@chromium.org <brettw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-04-14 23:25:13 +0000 |
| commit | 7a7e08546c85dd5a039c8dd0e57bae1cd384fc44 (patch) | |
| tree | a316212f6372e5d9bd8fd814a62c786d0fd7baf5 | |
| parent | 7ff2cc13a2d85f02aaca8bd0edd2c45dae527065 (diff) | |
| download | chromium_src-7a7e08546c85dd5a039c8dd0e57bae1cd384fc44.zip chromium_src-7a7e08546c85dd5a039c8dd0e57bae1cd384fc44.tar.gz chromium_src-7a7e08546c85dd5a039c8dd0e57bae1cd384fc44.tar.bz2 | |
Add SSL support to the GN build
This moves files from the secondary tree to the main one, and renames the "meta" one to //crypto:ssl. It also adds the crypto unit tests.
R=rsleevi@chromium.org
Review URL: https://codereview.chromium.org/231673006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@263744 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | BUILD.gn | 8 | ||||
| -rw-r--r-- | build/config/crypto.gni | 6 | ||||
| -rw-r--r-- | build/config/linux/pkg_config.gni | 8 | ||||
| -rw-r--r-- | crypto/BUILD.gn (renamed from tools/gn/secondary/crypto/BUILD.gn) | 116 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/BUILD.gn | 138 | ||||
| -rw-r--r-- | tools/gn/secondary/crypto/ssl/BUILD.gn | 28 | ||||
| -rw-r--r-- | tools/gn/secondary/net/BUILD.gn | 2 | ||||
| -rw-r--r-- | tools/gn/secondary/net/third_party/nss/BUILD.gn | 93 | ||||
| -rw-r--r-- | tools/gn/secondary/third_party/nss/BUILD.gn | 12 |
9 files changed, 237 insertions, 174 deletions
@@ -24,11 +24,10 @@ group("root") { "//components/startup_metric_utils", #"//components/translate:translate_core_browser", #"//components/translate:translate_core_common", - #"//crypto", + "//crypto", "//device/usb", "//ipc", #"//net", - #"//net/third_party/nss:ssl", #"//sdch", "//skia", #"//third_party/WebKit/Source/platform", @@ -47,11 +46,6 @@ group("root") { "//url", ] - if (is_posix && !is_android) { # TODO(brettw) should be use_openssl - deps += [ - "//third_party/openssl", - ] - } if (is_linux) { deps += [ "//third_party/freetype2", diff --git a/build/config/crypto.gni b/build/config/crypto.gni index dee6a20..f3d8590 100644 --- a/build/config/crypto.gni +++ b/build/config/crypto.gni @@ -8,9 +8,9 @@ # the global build dependency on it should be removed. declare_args() { - # Use OpenSSL instead of NSS. This is used for Android and is experimental - # in other cases (see http://crbug.com/62803). - use_openssl = false + # Use OpenSSL instead of NSS. This is used for Android and NaCl untrusted + # code, and is experimental in other cases (see http://crbug.com/62803). + use_openssl = is_android || is_nacl } if (is_linux && !use_openssl) { diff --git a/build/config/linux/pkg_config.gni b/build/config/linux/pkg_config.gni index b91ee67..c6a3099 100644 --- a/build/config/linux/pkg_config.gni +++ b/build/config/linux/pkg_config.gni @@ -17,6 +17,9 @@ import("//build/config/sysroot.gni") # packages = [ "mything1", "mything2" ] # defines = [ "ENABLE_AWESOME" ] # } +# +# You can also use "extra args" to filter out results (see pkg-config.py): +# extra_args = [ "-v, "foo" ] template("pkg_config") { assert(defined(invoker.packages), @@ -28,6 +31,11 @@ template("pkg_config") { } else { args = invoker.packages } + + if (defined(invoker.extra_args)) { + args += invoker.extra_args + } + pkgresult = exec_script("//build/config/linux/pkg-config.py", args, "value") include_dirs = pkgresult[0] diff --git a/tools/gn/secondary/crypto/BUILD.gn b/crypto/BUILD.gn index 50365c9..110868d 100644 --- a/tools/gn/secondary/crypto/BUILD.gn +++ b/crypto/BUILD.gn @@ -4,18 +4,6 @@ import("//build/config/crypto.gni") -crypto_minimal_sources = [ - "hmac.cc", - "hmac.h", - "hmac_win.cc", - "secure_util.cc", - "secure_util.h", - "symmetric_key.h", - "symmetric_key_win.cc", - "third_party/nss/chromium-sha256.h", - "third_party/nss/sha512.cc", -] - component("crypto") { output_name = "crcrypto" # Avoid colliding with OpenSSL's libcrypto. sources = [ @@ -29,10 +17,8 @@ component("crypto") { "cssm_init.cc", "cssm_init.h", "curve25519.cc", - "curve25519.h", "curve25519-donna.c", - "ghash.cc", - "ghash.h", + "curve25519.h", "ec_private_key.h", "ec_private_key_nss.cc", "ec_private_key_openssl.cc", @@ -45,8 +31,12 @@ component("crypto") { "encryptor.h", "encryptor_nss.cc", "encryptor_openssl.cc", + "ghash.cc", + "ghash.h", "hkdf.cc", "hkdf.h", + "hmac.cc", + "hmac.h", "hmac_nss.cc", "hmac_openssl.cc", "mac_security_services_lock.cc", @@ -57,8 +47,6 @@ component("crypto") { "mock_apple_keychain.h", "mock_apple_keychain_ios.cc", "mock_apple_keychain_mac.cc", - "p224_spake.cc", - "p224_spake.h", "nss_util.cc", "nss_util.h", "nss_util_internal.h", @@ -68,17 +56,21 @@ component("crypto") { "openssl_util.h", "p224.cc", "p224.h", - "random.h", + "p224_spake.cc", + "p224_spake.h", "random.cc", + "random.h", "rsa_private_key.cc", "rsa_private_key.h", "rsa_private_key_nss.cc", "rsa_private_key_openssl.cc", "scoped_capi_types.h", "scoped_nss_types.h", - "secure_hash.h", "secure_hash_default.cc", + "secure_hash.h", "secure_hash_openssl.cc", + "secure_util.cc", + "secure_util.h", "sha2.cc", "sha2.h", "signature_creator.h", @@ -87,22 +79,24 @@ component("crypto") { "signature_verifier.h", "signature_verifier_nss.cc", "signature_verifier_openssl.cc", + "symmetric_key.h", "symmetric_key_nss.cc", "symmetric_key_openssl.cc", "third_party/nss/chromium-blapi.h", "third_party/nss/chromium-blapit.h", "third_party/nss/chromium-nss.h", + "third_party/nss/chromium-sha256.h", "third_party/nss/pk11akey.cc", "third_party/nss/rsawrapr.c", "third_party/nss/secsign.cc", + "third_party/nss/sha512.cc", ] deps = [ + ":platform", "//base", "//base/third_party/dynamic_annotations", - "//crypto/ssl:metassl", ] - forward_dependent_configs_from = [ "//crypto/ssl:metassl" ] if (!is_mac && !is_ios) { sources -= [ @@ -113,6 +107,10 @@ component("crypto") { } if (!is_linux) { + sources -= [ + "openpgp_symmetric_encryption.cc", + "openpgp_symmetric_encryption.h", + ] if (use_nss) { # Removed for non-NSS in all cases below. sources -= [ "openpgp_symmetric_encryption.cc", @@ -135,9 +133,7 @@ component("crypto") { ] } - if (use_nss) { - configs += [ "//third_party/nss:nss_linux_config" ] - } else { + if (!use_nss) { sources -= [ "ec_private_key_nss.cc", "ec_signature_creator_nss.cc", @@ -175,24 +171,32 @@ component("crypto") { } defines = [ "CRYPTO_IMPLEMENTATION" ] - - # TODO(brettw) once GYP compat is no longer necessary, just move - # crypto_minimal_sources to the crypto_minimal target and include a - # dependency on it here. - sources += crypto_minimal_sources } -# A minimal crypto subset for core features that small standalone targets can -# use to reduce code size. -static_library("crypto_minimal") { - sources = crypto_minimal_sources +if (is_win) { + # A minimal crypto subset for hmac-related stuff that small standalone + # targets can use to reduce code size on Windows. This does not depend on + # OpenSSL/NSS but will use Windows APIs for that functionality. + source_set("crypto_minimal_win") { + sources = [ + "hmac.cc", + "hmac.h", + "hmac_win.cc", + "secure_util.cc", + "secure_util.h", + "symmetric_key.h", + "symmetric_key_win.cc", + "third_party/nss/chromium-sha256.h", + "third_party/nss/sha512.cc", + ] - deps = [ - "//base", - "//base/third_party/dynamic_annotations", - ] + deps = [ + "//base", + "//base/third_party/dynamic_annotations", + ] - defines = [ "CRYPTO_IMPLEMENTATION" ] + defines = [ "CRYPTO_IMPLEMENTATION" ] + } } test("crypto_unittests") { @@ -227,16 +231,48 @@ test("crypto_unittests") { ] } + if (use_openssl || !is_linux) { + sources -= [ + "rsa_private_key_nss_unittest.cc", + "openpgp_symmetric_encryption_unittest.cc", + ] + } + + if (use_openssl) { + sources -= [ "nss_util_unittest.cc" ] + } + deps = [ ":crypto", + ":platform", "//base", "//base/test:run_all_unittests", "//base/test:test_support", "//testing/gmock", "//testing/gtest", ] +} - if (is_mac) { - #deps += "//third_party/nss:nspr" +# This is a meta-target that forwards to NSS's SSL library or OpenSSL, +# according to the state of the crypto flags. A target just wanting to depend +# on the current SSL library should just depend on this. +group("platform") { + if (use_openssl) { + deps = [ "//third_party/openssl" ] + } else { + deps = [ "//net/third_party/nss/ssl:libssl" ] + if (is_linux) { + # On Linux, we use the system NSS (excepting SSL where we always use our + # own). + direct_dependent_configs = [ + "//third_party/nss:system_nss_no_ssl_config" + ] + } else { + # Non-Linux platforms use the hermetic NSS from the tree. + deps += [ + "//third_party/nss:nspr", + "//third_party/nss:nss", + ] + } } } diff --git a/net/third_party/nss/ssl/BUILD.gn b/net/third_party/nss/ssl/BUILD.gn new file mode 100644 index 0000000..03385f6 --- /dev/null +++ b/net/third_party/nss/ssl/BUILD.gn @@ -0,0 +1,138 @@ +# Copyright (c) 2013 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +config("ssl_config") { + include_dirs = [ "." ] + + if (is_mac || is_win) { + defines = [ "NSS_PLATFORM_CLIENT_AUTH" ] + } +} + +component("libssl") { + output_name = "crssl" + + sources = [ + "authcert.c", + "cmpcert.c", + "derive.c", + "dtlscon.c", + "preenc.h", + "prelib.c", + "ssl.h", + "ssl3con.c", + "ssl3ecc.c", + "ssl3ext.c", + "ssl3gthr.c", + "ssl3prot.h", + "sslauth.c", + "sslcon.c", + "ssldef.c", + "sslenum.c", + "sslerr.c", + "sslerr.h", + "SSLerrs.h", + "sslerrstrs.c", + "sslgathr.c", + "sslimpl.h", + "sslinfo.c", + "sslinit.c", + "sslmutex.c", + "sslmutex.h", + "sslnonce.c", + "sslplatf.c", + "sslproto.h", + "sslreveal.c", + "sslsecur.c", + "sslsnce.c", + "sslsock.c", + "sslt.h", + "ssltrace.c", + "sslver.c", + "unix_err.c", + "unix_err.h", + "win32err.c", + "win32err.h", + "bodge/secitem_array.c", + ] + + direct_dependent_settings = [ ":ssl_config" ] + + cflags = [] + defines = [ + "NO_PKCS11_BYPASS", + "NSS_ENABLE_ECC", + "USE_UTIL_DIRECTLY", + ] + + configs -= [ "//build/config/compiler:chromium_code" ] + configs += [ "//build/config/compiler:no_chromium_code" ] + + if (is_win) { + cflags += [ "/wd4267" ] # Disable warning: Conversion from size_t to 'type'. + + sources -= [ + "unix_err.c", + "unix_err.h", + ] + sources += [ "exports_win.def" ] + } else if (is_linux) { + #visibility hidden thing. + libs = [ "dl" ] + + include_dirs = [ "bodge" ] + + direct_dependent_configs = [ + "//third_party/nss:system_nss_no_ssl_config" + ] + } else if (is_mac) { + libs = [ "Security.framework" ] + } + + if (is_posix) { + sources -= [ + "win32err.c", + "win32err.h", + ] + } + + if (is_mac || is_ios) { + defines += [ + "XP_UNIX", + "DARWIN", + "XP_MACOSX", + ] + } + + if (is_mac || is_ios || is_win) { + sources -= [ + "bodge/secitem_array.c", + ] + deps = [ + "//third_party/nss:nspr", + "//third_party/nss:nss", + ] + forward_dependent_configs_from = deps + } + + if (component_mode == "shared_library") { + # TODO(brettw) GCC_SYMBOLS_PRIVATE_EXTERN thing. + } + + if (is_clang) { + cflags += [ + # See http://crbug.com/138571#c8. In short, sslsecur.c picks up the + # system's cert.h because cert.h isn't in chromium's repo. + "-Wno-incompatible-pointer-types", + + # There is a broken header guard in /usr/include/nss/secmod.h: + # https://bugzilla.mozilla.org/show_bug.cgi?id=884072 + "-Wno-header-guard", + ] + } + + if (is_debug) { + defines += [ "DEBUG" ] + } +} diff --git a/tools/gn/secondary/crypto/ssl/BUILD.gn b/tools/gn/secondary/crypto/ssl/BUILD.gn deleted file mode 100644 index 42e0078..0000000 --- a/tools/gn/secondary/crypto/ssl/BUILD.gn +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright (c) 2013 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -import("//build/config/crypto.gni") -import("//build/config/linux/pkg_config.gni") - -config("ssl_preprocessor_flags") { - if (use_openssl) { - defines = [ "USE_OPENSSL" ] - } else if (use_nss) { - defines = [ "USE_NSS" ] - } -} - -# This meta-target will include the SSL library according to the build flags. -group("metassl") { - direct_dependent_configs = [ ":ssl_preprocessor_flags" ] - - if (use_openssl) { - assert(is_linux) - deps = [ "//third_party/openssl" ] - } else { - deps = [ "//net/third_party/nss:ssl" ] - } - - forward_dependent_configs_from = deps -} diff --git a/tools/gn/secondary/net/BUILD.gn b/tools/gn/secondary/net/BUILD.gn index f6461c0..01ab0c8 100644 --- a/tools/gn/secondary/net/BUILD.gn +++ b/tools/gn/secondary/net/BUILD.gn @@ -1061,7 +1061,7 @@ component("net") { "//base:i18n", "//base/third_party/dynamic_annotations", "//crypto", - "//crypto/ssl:metassl", + "//crypto:ssl", "//sdch", "//third_party/icu", "//third_party/zlib", diff --git a/tools/gn/secondary/net/third_party/nss/BUILD.gn b/tools/gn/secondary/net/third_party/nss/BUILD.gn deleted file mode 100644 index 624c813..0000000 --- a/tools/gn/secondary/net/third_party/nss/BUILD.gn +++ /dev/null @@ -1,93 +0,0 @@ -# Copyright (c) 2013 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -config("ssl_config") { - include_dirs = [ - "//net/third_party/nss/ssl", - ] -} - -# TODO(brettw) move this to net/third_party/nss/ssl once GYP backwards-compat -# is no longer needed. -component("ssl") { - # Not named "ssl" so the lib doesn't conflict with OpenSSL's libssl - output_name = "crssl" - - sources = [ - "ssl/authcert.c", - "ssl/cmpcert.c", - "ssl/derive.c", - "ssl/dtlscon.c", - #"ssl/os2_err.c", - #"ssl/os2_err.h", - "ssl/preenc.h", - "ssl/prelib.c", - "ssl/ssl.h", - "ssl/ssl3con.c", - "ssl/ssl3ecc.c", - "ssl/ssl3ext.c", - "ssl/ssl3gthr.c", - "ssl/ssl3prot.h", - "ssl/sslauth.c", - "ssl/sslcon.c", - "ssl/ssldef.c", - "ssl/sslenum.c", - "ssl/sslerr.c", - "ssl/sslerr.h", - "ssl/SSLerrs.h", - "ssl/sslerrstrs.c", - "ssl/sslgathr.c", - "ssl/sslimpl.h", - "ssl/sslinfo.c", - "ssl/sslinit.c", - "ssl/sslmutex.c", - "ssl/sslmutex.h", - "ssl/sslnonce.c", - "ssl/sslplatf.c", - "ssl/sslproto.h", - "ssl/sslreveal.c", - "ssl/sslsecur.c", - "ssl/sslsnce.c", - "ssl/sslsock.c", - "ssl/sslt.h", - "ssl/ssltrace.c", - "ssl/sslver.c", - "ssl/unix_err.c", - "ssl/unix_err.h", - "ssl/win32err.c", - "ssl/win32err.h", - "ssl/bodge/secitem_array.c", - ] - - defines = [ - "NO_PKCS11_BYPASS", - "NSS_ENABLE_ECC", - "USE_UTIL_DIRECTLY", - ] - - configs -= [ "//build/config/compiler:chromium_code" ] - configs += [ "//build/config/compiler:no_chromium_code" ] - - direct_dependent_configs = [ ":ssl_config" ] - - if (is_win) { - sources -= [ - "ssl/unix_err.c", - "ssl/unix_err.h", - ] - } else { - sources -= [ - "ssl/win32err.c", - "ssl/win32err.h", - ] - } - - if (is_linux) { - include_dirs = [ "ssl/bodge" ] - configs += [ "//third_party/nss:nss_linux_config" ] - } - if (is_mac) { - sources -= [ "ssl/bodge/secitem_array.c" ] - } -} diff --git a/tools/gn/secondary/third_party/nss/BUILD.gn b/tools/gn/secondary/third_party/nss/BUILD.gn index e175904..340180d 100644 --- a/tools/gn/secondary/third_party/nss/BUILD.gn +++ b/tools/gn/secondary/third_party/nss/BUILD.gn @@ -4,9 +4,17 @@ import("//build/config/linux/pkg_config.gni") -# On Linux we always use the system NSS except for SSL. if (is_linux) { - pkg_config("nss_linux_config") { + # This is a dependency on NSS with no libssl. On Linux we use a built-in SSL + # library but the system NSS libraries. Non-Linux platforms using NSS use the + # hermetic one in //third_party/nss. + # + # Generally you should depend on //crypto:platform instead of using this + # config since that will properly pick up NSS or OpenSSL depending on + # platform and build config. + pkg_config("system_nss_no_ssl_config") { packages = [ "nss" ] + extra_args = [ "-v", "-lssl3" ] } } + |