// Note that some host libraries have the same module name as the target // libraries. This is currently needed to build, for example, adb. But it's // probably something that should be changed. package { default_visibility: ["//visibility:private"], default_applicable_licenses: ["external_boringssl_license"], } // Added automatically by a large-scale-change that took the approach of // 'apply every license found to every target'. While this makes sure we respect // every license restriction, it may not be entirely correct. // // e.g. GPL in an MIT project might only apply to the contrib/ directory. // // Please consider splitting the single license below into multiple licenses, // taking care not to lose any license_kind information, and overriding the // default license using the 'licenses: [...]' property on targets as needed. // // For unused files, consider creating a 'fileGroup' with "//visibility:private" // to attach the license to, and including a comment whether the files may be // used in the current project. // See: http://go/android-license-faq license { name: "external_boringssl_license", visibility: [":__subpackages__"], license_kinds: [ "SPDX-license-identifier-Apache-2.0", "SPDX-license-identifier-BSD", "SPDX-license-identifier-ISC", "SPDX-license-identifier-MIT", "SPDX-license-identifier-OpenSSL", "legacy_unencumbered", ], license_text: [ "NOTICE", ], } // Pull in the autogenerated sources modules build = ["sources.bp"] // Used by libcrypto, libssl, bssl tool, and native tests cc_defaults { name: "boringssl_flags", vendor_available: true, product_available: true, cflags: [ "-fvisibility=hidden", "-DBORINGSSL_SHARED_LIBRARY", "-DBORINGSSL_ANDROID_SYSTEM", "-DOPENSSL_SMALL", "-D_XOPEN_SOURCE=700", "-Werror", "-Wno-unused-parameter", ], cppflags: [ "-Wall", "-Werror", ], conlyflags: ["-std=c99"], // Build BoringSSL and its tests against the same STL. sdk_version: "9", target: { android: { stl: "libc++_static", }, }, } // Used by libcrypto + libssl cc_defaults { name: "boringssl_defaults", local_include_dirs: ["src/include"], export_include_dirs: ["src/include"], cflags: ["-DBORINGSSL_IMPLEMENTATION"], } //// libcrypto cc_defaults { name: "libcrypto_defaults", host_supported: true, ramdisk_available: true, vendor_ramdisk_available: true, // Windows and Macs both have problems with assembly files target: { windows: { enabled: true, cflags: ["-DOPENSSL_NO_ASM"], host_ldlibs: ["-lws2_32"], }, darwin: { cflags: ["-DOPENSSL_NO_ASM"], }, host: { host_ldlibs: ["-lpthread"], }, android: { // On FIPS builds (i.e. Android only) prevent other libraries // from pre-empting symbols in libcrypto which could affect FIPS // compliance and cause integrity checks to fail. See b/160231064. ldflags: ["-Wl,-Bsymbolic"], }, }, local_include_dirs: ["src/crypto"], } cc_object { name: "bcm_object", device_supported: true, recovery_available: true, native_bridge_supported: true, defaults: [ "libcrypto_bcm_sources", "libcrypto_defaults", "boringssl_defaults", "boringssl_flags", ], sanitize: { address: false, hwaddress: false, fuzzer: false, }, target: { linux_bionic: { header_libs: ["libc_headers"], // TODO(b/153662223): Clean this up. }, android: { header_libs: ["libc_headers"], // TODO(b/153662223): Clean this up. cflags: [ "-DBORINGSSL_FIPS", "-fPIC", // -fno[data|text]-sections required to ensure a // single text and data section for FIPS integrity check "-fno-data-sections", "-fno-function-sections", ], linker_script: "src/crypto/fipsmodule/fips_shared.lds", }, // Temporary hack to let BoringSSL build with a new compiler. // This doesn't enable HWASAN unconditionally, it just causes // BoringSSL's asm code to unconditionally use a HWASAN-compatible // global variable reference so that the non-HWASANified (because of // sanitize: { hwaddress: false } above) code in the BCM can // successfully link against the HWASANified code in the rest of // BoringSSL in HWASAN builds. android_arm64: { asflags: [ "-fsanitize=hwaddress", ], }, }, apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.art", "com.android.art.debug", "com.android.art.testing", "com.android.bluetooth.updatable", "com.android.conscrypt", "com.android.media", "com.android.resolv", "com.android.virt", ], min_sdk_version: "29", } bootstrap_go_package { name: "bssl_ar", pkgPath: "boringssl.googlesource.com/boringssl/util/ar", srcs: [ "src/util/ar/ar.go", ], testSrcs: [ "src/util/ar/ar_test.go", ], } bootstrap_go_package { name: "bssl_fipscommon", pkgPath: "boringssl.googlesource.com/boringssl/util/fipstools/fipscommon", srcs: [ "src/util/fipstools/fipscommon/const.go", ], } blueprint_go_binary { name: "bssl_inject_hash", srcs: [ "src/util/fipstools/inject_hash/inject_hash.go", ], deps: [ "bssl_ar", "bssl_fipscommon", ], } // Target and host library cc_library { name: "libcrypto", visibility: ["//visibility:public"], vendor_available: true, product_available: true, native_bridge_supported: true, vndk: { enabled: true, }, double_loadable: true, recovery_available: true, defaults: [ "libcrypto_sources", "libcrypto_defaults", "boringssl_defaults", "boringssl_flags", ], unique_host_soname: true, srcs: [ ":bcm_object", ], target: { android: { cflags: [ "-DBORINGSSL_FIPS", ], sanitize: { // Disable address sanitizing otherwise libcrypto will not report // itself as being in FIPS mode, which causes boringssl_self_test // to fail. address: false, }, inject_bssl_hash: true, static: { // Disable the static version of libcrypto, as it causes // problems for FIPS certification. Use libcrypto_static for // modules that need static libcrypto but do not need FIPS self // testing, or use dynamic libcrypto. enabled: false, }, }, }, apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.art", "com.android.art.debug", "com.android.art.testing", "com.android.bluetooth.updatable", "com.android.conscrypt", "com.android.media", "com.android.resolv", "com.android.virt", ], min_sdk_version: "29", } // Static library // This version of libcrypto will not have FIPS self tests enabled, so its // usage is protected through visibility to ensure it doesn't end up used // somewhere that needs the FIPS version. cc_library_static { name: "libcrypto_static", visibility: [ "//art/build/sdk", "//bootable/recovery/updater", "//external/conscrypt", "//external/python/cpython2", "//external/rust/crates/quiche", // Strictly, only the *static* toybox for legacy devices should have // access to libcrypto_static, but we can't express that. "//external/toybox", "//hardware/interfaces/confirmationui/1.0/vts/functional", "//hardware/interfaces/drm/1.0/vts/functional", "//hardware/interfaces/drm/1.2/vts/functional", "//hardware/interfaces/drm/1.3/vts/functional", "//hardware/interfaces/keymaster/3.0/vts/functional", "//hardware/interfaces/keymaster/4.0/vts/functional", "//hardware/interfaces/keymaster/4.1/vts/functional", "//packages/modules/adb", "//packages/modules/DnsResolver/tests:__subpackages__", "//packages/modules/NeuralNetworks:__subpackages__", "//system/core/init", "//system/core/fs_mgr/liblp", "//system/core/fs_mgr/liblp/vts_core", "//system/core/fs_mgr/libsnapshot", "//system/libvintf/test", "//system/security/keystore/tests", "//test/vts-testcase/security/avb", ], apex_available: [ "//apex_available:platform", "com.android.neuralnetworks", ], defaults: [ "libcrypto_bcm_sources", "libcrypto_sources", "libcrypto_defaults", "boringssl_defaults", "boringssl_flags", ], } //// libssl // Target static library // Static and Shared library cc_library { name: "libssl", visibility: ["//visibility:public"], recovery_available: true, vendor_available: true, product_available: true, native_bridge_supported: true, vndk: { enabled: true, }, host_supported: true, defaults: [ "libssl_sources", "boringssl_defaults", "boringssl_flags", ], target: { windows: { enabled: true, }, }, unique_host_soname: true, shared_libs: ["libcrypto"], apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.conscrypt", "com.android.resolv", ], min_sdk_version: "29", } // Tool cc_binary { name: "bssl", host_supported: true, defaults: [ "bssl_sources", "boringssl_flags", ], shared_libs: [ "libcrypto", "libssl", ], target: { darwin: { enabled: false, }, android: { compile_multilib: "both", }, }, multilib: { lib32: { suffix: "32", }, }, } // Used for CAVP testing for FIPS certification. // Not installed on devices by default. cc_binary { name: "cavp", host_supported: true, srcs: [ "src/util/fipstools/cavp/cavp_aes_gcm_test.cc", "src/util/fipstools/cavp/cavp_aes_test.cc", "src/util/fipstools/cavp/cavp_ctr_drbg_test.cc", "src/util/fipstools/cavp/cavp_ecdsa2_keypair_test.cc", "src/util/fipstools/cavp/cavp_ecdsa2_pkv_test.cc", "src/util/fipstools/cavp/cavp_ecdsa2_siggen_test.cc", "src/util/fipstools/cavp/cavp_ecdsa2_sigver_test.cc", "src/util/fipstools/cavp/cavp_hmac_test.cc", "src/util/fipstools/cavp/cavp_kas_test.cc", "src/util/fipstools/cavp/cavp_keywrap_test.cc", "src/util/fipstools/cavp/cavp_main.cc", "src/util/fipstools/cavp/cavp_rsa2_keygen_test.cc", "src/util/fipstools/cavp/cavp_rsa2_siggen_test.cc", "src/util/fipstools/cavp/cavp_rsa2_sigver_test.cc", "src/util/fipstools/cavp/cavp_sha_monte_test.cc", "src/util/fipstools/cavp/cavp_sha_test.cc", "src/util/fipstools/cavp/cavp_tdes_test.cc", "src/util/fipstools/cavp/cavp_test_util.cc", "src/util/fipstools/cavp/cavp_tlskdf_test.cc", ], target: { android: { compile_multilib: "both", }, }, multilib: { lib32: { suffix: "32", }, }, shared_libs: [ "libcrypto", ], defaults: [ "boringssl_test_support_sources", "boringssl_flags", ], } // Used for ACVP testing for FIPS certification. // Not installed on devices by default. cc_binary { name: "acvp_modulewrapper", host_supported: true, srcs: [ "src/util/fipstools/acvp/modulewrapper/main.cc", ], target: { android: { compile_multilib: "both", }, }, stem: "modulewrapper", multilib: { lib32: { suffix: "32", }, }, static_libs: [ "libacvp_modulewrapper", ], shared_libs: [ "libcrypto", ], defaults: [ "boringssl_flags", ], } // ACVP wrapper implementation shared between Android and Trusty cc_library_static { name: "libacvp_modulewrapper", host_supported: true, vendor_available: true, srcs: [ "src/util/fipstools/acvp/modulewrapper/modulewrapper.cc", ], target: { android: { compile_multilib: "both", }, }, export_include_dirs: ["src/util/fipstools/acvp/modulewrapper/"], shared_libs: [ "libcrypto", ], defaults: [ "boringssl_flags", ], visibility: ["//system/core/trusty/utils/acvp"], } // Test support library cc_library_static { name: "boringssl_test_support", host_supported: true, defaults: [ "boringssl_test_support_sources", "boringssl_flags", ], shared_libs: [ "libcrypto", "libssl", ], } // Tests cc_test { name: "boringssl_crypto_test", test_suites: ["device-tests"], host_supported: true, defaults: [ "boringssl_crypto_test_sources", "boringssl_flags", ], whole_static_libs: ["boringssl_test_support"], shared_libs: ["libcrypto"], } cc_test { name: "boringssl_ssl_test", test_suites: ["device-tests"], host_supported: true, defaults: [ "boringssl_ssl_test_sources", "boringssl_flags", ], whole_static_libs: ["boringssl_test_support"], shared_libs: [ "libcrypto", "libssl", ], } // Utility binary for CMVP on-site testing. cc_binary { name: "test_fips", host_supported: false, defaults: [ "boringssl_flags", ], shared_libs: [ "libcrypto", ], srcs: [ "src/util/fipstools/cavp/test_fips.c", ], }