boringssl: Add build script for boringssl
Add build scripts for compiling boringssl library. An emply place holder
entropy implementation is added.
Change-Id: I41ac3ccef74f1d3654833bbd4a159dce05094963
Reviewed-on: https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/45241
Commit-Queue: Yecheng Zhao <zyecheng@google.com>
Reviewed-by: Ali Zhang <alizhang@google.com>
diff --git a/third_party/boringssl/BUILD b/third_party/boringssl/BUILD
new file mode 100644
index 0000000..31cc840
--- /dev/null
+++ b/third_party/boringssl/BUILD
@@ -0,0 +1,28 @@
+# Copyright 2020 The Pigweed Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+#
+
+load(
+ "//pw_build:pigweed.bzl",
+ "pw_cc_library",
+)
+
+pw_cc_library(
+ name = "sysdeps",
+ hdrs = [ "sysdeps/sys/socket.h" ],
+ includes = [ "sysdeps" ],
+ srcs = [ "crypto_sysrand.cc" ]
+)
+
+# TODO(zyecheng): Add build recipes for BoringSSL
diff --git a/third_party/boringssl/BUILD.gn b/third_party/boringssl/BUILD.gn
new file mode 100644
index 0000000..03e2855
--- /dev/null
+++ b/third_party/boringssl/BUILD.gn
@@ -0,0 +1,95 @@
+# Copyright 2021 The Pigweed Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+import("//build_overrides/pigweed.gni")
+import("$dir_pw_build/target_types.gni")
+
+declare_args() {
+ # If compiling backends with boringssl, this variable is set to the path to the
+ # boringssl source code. When set, a pw_source_set for the boringssl library is
+ # created at "$dir_pw_third_party/boringssl".
+ dir_pw_third_party_boringssl = ""
+}
+
+if (dir_pw_third_party_boringssl != "") {
+ import("$dir_pw_third_party_boringssl/BUILD.generated.gni")
+
+ config("boringssl_public_config") {
+ include_dirs = [
+ "$dir_pw_third_party_boringssl/src/include",
+ "public",
+ ]
+ cflags = [
+ "-Wno-cast-qual",
+ "-Wno-ignored-qualifiers",
+ ]
+
+ # This can be removed once boringssl threading primitives are implemented,
+ # i.e. using pw_sync, and when we have a posix style socket layer.
+ defines =
+ [ "OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED" ]
+ }
+
+ config("boringssl_internal_config") {
+ defines = [
+ # Enable virtual desctructor and compile-time check of pure virtual base class
+ "BORINGSSL_ALLOW_CXX_RUNTIME",
+
+ # Code size optimiaztion
+ "OPENSSL_SMALL",
+
+ # The ARM assembly code is only for cortex-A.
+ "OPENSSL_NO_ASM",
+
+ # Disable assert, which may additionally link in unwanted binaries via
+ # argument evaluation.
+ "NDEBUG",
+ ]
+ cflags = [
+ "-Wno-unused-function",
+ "-Wno-conversion",
+ "-Wno-unused-parameter",
+ "-Wno-char-subscripts",
+ ]
+ cflags_cc = [
+ "-fpermissive",
+ "-Wno-error", # To get through the -Werror=permissive error
+ ]
+ include_dirs = [ "$dir_pw_third_party_boringssl" ]
+ }
+
+ # Remove sources that require file system and posix socket support
+ excluded_sources = [
+ "src/crypto/bio/connect.c",
+ "src/crypto/bio/fd.c",
+ "src/crypto/bio/socket.c",
+ "src/crypto/bio/socket_helper.c",
+ ]
+
+ pw_source_set("boringssl") {
+ sources = [ "crypto_sysrand.cc" ]
+ foreach(source, crypto_sources - excluded_sources + ssl_sources) {
+ sources += [ "$dir_pw_third_party_boringssl/$source" ]
+ }
+ public_configs = [ ":boringssl_public_config" ]
+ configs = [ ":boringssl_internal_config" ]
+
+ # Contains a faked "sysdeps/sys/socket.h"
+ # Can be removed once posix socket layer in Pigweed is supported.
+ include_dirs = [ "sysdeps" ]
+ }
+} else {
+ group("boringssl") {
+ }
+}
diff --git a/third_party/boringssl/README.md b/third_party/boringssl/README.md
new file mode 100644
index 0000000..0d3e06d
--- /dev/null
+++ b/third_party/boringssl/README.md
@@ -0,0 +1,10 @@
+# BoringSSL Library
+
+The folder provides build scripts for building the BoringSSL library. The
+source code needs to be downloaded by the user. It is recommended to download
+via "pw package install boringssl". This ensures that necessary build files
+are generated. It als downloads the chromium verifier library, which will be
+used as the default certificate verifier for boringssl in pw_tls_client.
+For gn build, set `dir_pw_third_party_boringssl` to point to the
+path of the source code. For applications using BoringSSL, add
+`$dir_pw_third_party/boringssl` to the dependency list.
diff --git a/third_party/boringssl/crypto_sysrand.cc b/third_party/boringssl/crypto_sysrand.cc
new file mode 100644
index 0000000..34fe1bb
--- /dev/null
+++ b/third_party/boringssl/crypto_sysrand.cc
@@ -0,0 +1,51 @@
+// Copyright 2021 The Pigweed Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+#include "src/crypto/fipsmodule/rand/internal.h"
+
+extern "C" {
+// OPENSSL_URANDOM is defined automatically based on platform flags.
+// See crypto/fipsmodule/rand/internal.h
+#ifdef OPENSSL_URANDOM
+// When OPENSSL_URANDOM is defined, boringssl assumes linux and
+// reads from "dev/urandom" for generating randoms bytes.
+// We mock the required file io functions to accomodate it for now.
+// TODO(zyecheng): Ask BoringSSL team if there are ways to disable
+// OPENSSL_URANDOM, potentially by adding a OPENSSL_PIGWEED flag in
+// crypto/fipsmodule/rand/internal.h. If not, we need to keep these
+// mockings.
+
+#define URANDOM_FILE_FD 123
+int open(const char* file, int, ...) {
+ if (strcmp(file, "/dev/urandom") == 0) {
+ return URANDOM_FILE_FD;
+ }
+ return -1;
+}
+
+ssize_t read(int fd, void*, size_t len) {
+ if (fd == URANDOM_FILE_FD) {
+ // TODO(zyecheng): Add code to generate random bytes.
+ }
+ return static_cast<ssize_t>(len);
+}
+
+#else
+// When OPENSSL_URANDOM is not defined, BoringSSL expects an implementation of
+// the following function for generating random bytes.
+void CRYPTO_sysrand(uint8_t*, size_t) {
+ // TODO(zyecheng): Add code to generate random bytes.
+}
+#endif
+}
diff --git a/third_party/boringssl/sysdeps/sys/socket.h b/third_party/boringssl/sysdeps/sys/socket.h
new file mode 100644
index 0000000..9ba1f9f
--- /dev/null
+++ b/third_party/boringssl/sysdeps/sys/socket.h
@@ -0,0 +1,17 @@
+// Copyright 2021 The Pigweed Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+// Nothing. For place-holder only.
+
+#pragma once
