Skip to content

GitLab

T
tangled
Commit 675d5e12 authored by agl@chromium.org's avatar agl@chromium.org
Browse files
Options

Switch to BoringSSL. 

(This is a much larger change than its diff suggests. If it breaks something, please revert first and ask questions later.)

R=davidben@chromium.org, eroman@chromium.org, rsleevi@chromium.org

Review URL: https://codereview.chromium.org/345063006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@283542 0039d316-1c4b-4281-b951-d872f2087c98
parent f0ff179a
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 512 additions and 747 deletions
DEPS
View file @ 675d5e12
......@@ -55,7 +55,7 @@ vars = {
# Three lines of non-changing comments so that
# the commit queue can handle CLs rolling WebRTC
# and V8 without interference from each other.
"webrtc_revision": "6680",
"webrtc_revision": "6683",
"jsoncpp_revision": "248",
"nss_revision": "277057",
# Three lines of non-changing comments so that
......@@ -65,7 +65,7 @@ vars = {
# Three lines of non-changing comments so that
# the commit queue can handle CLs rolling openssl
# and whatever else without interference from each other.
"openssl_revision": "275836",
"openssl_revision": "283115",
# Three lines of non-changing comments so that
# the commit queue can handle CLs rolling ANGLE
# and whatever else without interference from each other.
......@@ -85,7 +85,7 @@ vars = {
# Three lines of non-changing comments so that
# the commit queue can handle CLs rolling BoringSSL
# and whatever else without interference from each other.
"boringssl_revision": "09020c2f08df11179b93e6548117806a4c0d0d45",
"boringssl_revision": "045cc5590a214a0efb982d028a4f1f0e9dfe3314",
}
deps = {
......
android_webview/native/webview_native.gyp
View file @ 675d5e12
......@@ -24,7 +24,7 @@
'../../webkit/common/webkit_common.gyp:webkit_common',
'../../webkit/storage_browser.gyp:webkit_storage_browser',
'../../webkit/storage_common.gyp:webkit_storage_common',
'../../third_party/openssl/openssl.gyp:openssl',
'../../third_party/boringssl/boringssl.gyp:boringssl',
'android_webview_native_jni',
],
'include_dirs': [
......
build/linux/system.gyp
View file @ 675d5e12
......@@ -985,7 +985,7 @@
'conditions': [
['use_openssl==1', {
'dependencies': [
'../../third_party/openssl/openssl.gyp:openssl',
'../../third_party/boringssl/boringssl.gyp:boringssl',
],
}],
['use_openssl==0', {
......
build/linux/unbundle/replace_gyp_files.py
View file @ 675d5e12
......@@ -31,7 +31,7 @@ REPLACEMENTS = {
'use_system_libxml': 'third_party/libxml/libxml.gyp',
'use_system_libxnvctrl' : 'third_party/libXNVCtrl/libXNVCtrl.gyp',
'use_system_libxslt': 'third_party/libxslt/libxslt.gyp',
'use_system_openssl': 'third_party/openssl/openssl.gyp',
'use_system_openssl': 'third_party/boringssl/boringssl.gyp',
'use_system_opus': 'third_party/opus/opus.gyp',
'use_system_re2': 'third_party/re2/re2.gyp',
'use_system_snappy': 'third_party/snappy/snappy.gyp',
......
chrome/chrome_browser_ui.gypi
View file @ 675d5e12
......@@ -2773,7 +2773,7 @@
['OS=="android"', {
'dependencies': [
'../components/components.gyp:web_contents_delegate_android',
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
'chrome_browser_jni_headers',
],
'dependencies!': [
......
chrome/chrome_common.gypi
View file @ 675d5e12
......@@ -653,7 +653,7 @@
],
['OS == "android"', {
'dependencies': [
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
],
'sources!': [
'common/net/x509_certificate_model.cc',
......
content/child/webcrypto/platform_crypto_openssl.cc
View file @ 675d5e12
......@@ -53,12 +53,10 @@ class SymKey : public Key {
namespace {
const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) {
// OpenSSL supports AES CBC ciphers for only 3 key lengths: 128, 192, 256 bits
// OpenSSL supports AES CBC ciphers for only 2 key lengths: 128, 256 bits
switch (key_length_bytes) {
case 16:
return EVP_aes_128_cbc();
case 24:
return EVP_aes_192_cbc();
case 32:
return EVP_aes_256_cbc();
default:
......@@ -439,7 +437,8 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
crypto::ScopedOpenSSL<EVP_AEAD_CTX, EVP_AEAD_CTX_cleanup>::Type ctx_cleanup(
&ctx);
ssize_t len;
size_t len;
int ok;
if (mode == DECRYPT) {
if (data.byte_length() < tag_length_bytes)
......@@ -447,32 +446,34 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
buffer->resize(data.byte_length() - tag_length_bytes);
len = EVP_AEAD_CTX_open(&ctx,
Uint8VectorStart(buffer),
buffer->size(),
iv.bytes(),
iv.byte_length(),
data.bytes(),
data.byte_length(),
additional_data.bytes(),
additional_data.byte_length());
ok = EVP_AEAD_CTX_open(&ctx,
Uint8VectorStart(buffer),
&len,
buffer->size(),
iv.bytes(),
iv.byte_length(),
data.bytes(),
data.byte_length(),
additional_data.bytes(),
additional_data.byte_length());
} else {
// No need to check for unsigned integer overflow here (seal fails if
// the output buffer is too small).
buffer->resize(data.byte_length() + tag_length_bytes);
len = EVP_AEAD_CTX_seal(&ctx,
Uint8VectorStart(buffer),
buffer->size(),
iv.bytes(),
iv.byte_length(),
data.bytes(),
data.byte_length(),
additional_data.bytes(),
additional_data.byte_length());
ok = EVP_AEAD_CTX_seal(&ctx,
Uint8VectorStart(buffer),
&len,
buffer->size(),
iv.bytes(),
iv.byte_length(),
data.bytes(),
data.byte_length(),
additional_data.bytes(),
additional_data.byte_length());
}
if (len < 0)
if (!ok)
return Status::OperationError();
buffer->resize(len);
return Status::Success();
......
content/content_child.gypi
View file @ 675d5e12
......@@ -297,7 +297,7 @@
'<@(webcrypto_openssl_sources)',
],
'dependencies': [
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
],
}, {
'sources': [
......
crypto/BUILD.gn
View file @ 675d5e12
......@@ -242,7 +242,7 @@ test("crypto_unittests") {
# on the current SSL library should just depend on this.
group("platform") {
if (use_openssl) {
deps = [ "//third_party/openssl" ]
deps = [ "//third_party/boringssl" ]
} else {
deps = [ "//net/third_party/nss/ssl:libssl" ]
if (is_linux) {
......
crypto/crypto.gyp
View file @ 675d5e12
......@@ -100,7 +100,7 @@
}],
[ 'use_openssl==1', {
'dependencies': [
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
],
# TODO(joth): Use a glob to match exclude patterns once the
# OpenSSL file set is complete.
......@@ -209,7 +209,7 @@
}],
[ 'use_openssl==1', {
'dependencies': [
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
],
'sources!': [
'nss_util_unittest.cc',
......
crypto/crypto_nacl.gyp
View file @ 675d5e12
......@@ -22,7 +22,7 @@
'build_pnacl_newlib': 1,
},
'dependencies': [
'../third_party/openssl/openssl_nacl.gyp:openssl_nacl',
'../third_party/boringssl/boringssl_nacl.gyp:boringssl_nacl',
'../native_client/tools.gyp:prep_toolchain',
'../native_client_sdk/native_client_sdk_untrusted.gyp:nacl_io_untrusted',
],
......
crypto/encryptor_openssl.cc
View file @ 675d5e12
......@@ -19,7 +19,6 @@ namespace {
const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) {
switch (key->key().length()) {
case 16: return EVP_aes_128_cbc();
case 24: return EVP_aes_192_cbc();
case 32: return EVP_aes_256_cbc();
default: return NULL;
}
......@@ -100,8 +99,8 @@ bool Encryptor::Crypt(bool do_encrypt,
DCHECK(cipher); // Already handled in Init();
const std::string& key = key_->key();
DCHECK_EQ(EVP_CIPHER_iv_length(cipher), static_cast<int>(iv_.length()));
DCHECK_EQ(EVP_CIPHER_key_length(cipher), static_cast<int>(key.length()));
DCHECK_EQ(EVP_CIPHER_iv_length(cipher), iv_.length());
DCHECK_EQ(EVP_CIPHER_key_length(cipher), key.length());
ScopedCipherCTX ctx;
if (!EVP_CipherInit_ex(ctx.get(), cipher, NULL,
......
crypto/openssl_bio_string_unittest.cc
View file @ 675d5e12
......@@ -23,24 +23,17 @@ TEST(OpenSSLBIOString, TestWrite) {
EXPECT_EQ(static_cast<int>(expected1.size()),
BIO_printf(bio.get(), "a %s\nb %i\n", "one", 2));
EXPECT_EQ(expected1, s);
EXPECT_EQ(static_cast<int>(expected1.size()), BIO_tell(bio.get()));
EXPECT_EQ(1, BIO_flush(bio.get()));
EXPECT_EQ(-1, BIO_seek(bio.get(), 0));
EXPECT_EQ(expected1, s);
EXPECT_EQ(static_cast<int>(expected2.size()),
BIO_write(bio.get(), expected2.data(), expected2.size()));
EXPECT_EQ(expected1 + expected2, s);
EXPECT_EQ(static_cast<int>(expected1.size() + expected2.size()),
BIO_tell(bio.get()));
EXPECT_EQ(static_cast<int>(expected3.size()),
BIO_puts(bio.get(), expected3.c_str()));
EXPECT_EQ(expected1 + expected2 + expected3, s);
EXPECT_EQ(static_cast<int>(expected1.size() + expected2.size() +
expected3.size()),
BIO_tell(bio.get()));
}
EXPECT_EQ(expected1 + expected2 + expected3, s);
}
......
crypto/openssl_util.cc
View file @ 675d5e12
......@@ -6,6 +6,7 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/cpu.h>
#include "base/logging.h"
#include "base/memory/scoped_vector.h"
......@@ -22,8 +23,9 @@ namespace crypto {
namespace {
unsigned long CurrentThreadId() {
return static_cast<unsigned long>(base::PlatformThread::CurrentId());
void CurrentThreadId(CRYPTO_THREADID* id) {
CRYPTO_THREADID_set_numeric(
id, static_cast<unsigned long>(base::PlatformThread::CurrentId()));
}
// Singleton for initializing and cleaning up the OpenSSL library.
......@@ -53,7 +55,7 @@ class OpenSSLInitSingleton {
for (int i = 0; i < num_locks; ++i)
locks_.push_back(new base::Lock());
CRYPTO_set_locking_callback(LockingCallback);
CRYPTO_set_id_callback(CurrentThreadId);
CRYPTO_THREADID_set_callback(CurrentThreadId);
#if defined(OS_ANDROID) && defined(ARCH_CPU_ARMEL)
const bool has_neon =
......
crypto/rsa_private_key_openssl.cc
View file @ 675d5e12
......@@ -4,6 +4,8 @@
#include "crypto/rsa_private_key.h"
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#include <openssl/rsa.h>
......
crypto/scoped_openssl_types.h
View file @ 675d5e12
......@@ -5,6 +5,7 @@
#ifndef CRYPTO_SCOPED_OPENSSL_TYPES_H_
#define CRYPTO_SCOPED_OPENSSL_TYPES_H_
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/ec.h>
......
crypto/signature_verifier_openssl.cc
View file @ 675d5e12
......@@ -26,7 +26,7 @@ const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) {
case SignatureVerifier::SHA256:
return EVP_sha256();
}
return EVP_md_null();
return NULL;
}
} // namespace
......@@ -80,8 +80,11 @@ bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
const uint8* public_key_info,
int public_key_info_len) {
OpenSSLErrStackTracer err_tracer(FROM_HERE);
const EVP_MD* digest = ToOpenSSLDigest(hash_alg);
const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
DCHECK(digest);
if (!digest) {
return false;
}
EVP_PKEY_CTX* pkey_ctx;
if (!CommonInit(digest, signature, signature_len, public_key_info,
......@@ -92,8 +95,12 @@ bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
if (rv != 1)
return false;
rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx,
ToOpenSSLDigest(mask_hash_alg));
const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg);
DCHECK(mgf_digest);
if (!mgf_digest) {
return false;
}
rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest);
if (rv != 1)
return false;
rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
......
google_apis/google_apis.gyp
View file @ 675d5e12
......@@ -44,7 +44,7 @@
}],
['OS=="android"', {
'dependencies': [
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
],
'sources/': [
['exclude', 'cup/client_update_protocol_nss\.cc$'],
......
net/BUILD.gn
View file @ 675d5e12
......@@ -523,10 +523,6 @@ component("net") {
if (!is_android_webview_build) {
deps += [ ":net_jni_headers" ]
# The net/android/keystore_openssl.cc source file needs to access an
# OpenSSL-internal header.
include_dirs = [ "//third_party/openssl" ]
}
}
......@@ -917,7 +913,7 @@ if (is_linux) {
":epoll_server",
":net",
"//base",
"//third_party/openssl",
"//third_party/boringssl",
]
}
......@@ -936,7 +932,7 @@ if (is_linux) {
":test_support",
"//testing/gtest",
"//testing/gmock",
"//third_party/openssl",
"//third_party/boringssl",
]
}
......@@ -987,7 +983,7 @@ if (is_linux) {
"//base",
"//base/third_party/dynamic_annotations",
"//crypto",
"//third_party/openssl",
"//third_party/boringssl",
"//url",
]
}
......@@ -998,7 +994,7 @@ if (is_linux) {
":quic_base",
":net",
"//base",
"//third_party/openssl",
"//third_party/boringssl",
]
}
}
......@@ -1328,7 +1324,7 @@ executable("quic_server") {
":quic_tools",
":net",
"//base",
"//third_party/openssl",
"//third_party/boringssl",
]
}
......
net/android/keystore_openssl.cc
View file @ 675d5e12
This diff is collapsed.
net/android/keystore_unittest.cc
View file @ 675d5e12
......@@ -205,54 +205,6 @@ ScopedJava GetRSATestKeyJava() {
return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, key);
}
const char kTestDsaKeyFile[] = "android-test-key-dsa.pem";
const char kTestDsaPublicKeyFile[] = "android-test-key-dsa-public.pem";
// The DSA test hash must be 20 bytes exactly.
const char kTestDsaHash[] = "0123456789ABCDEFGHIJ";
// Retrieve a JNI local ref for our test DSA key.
ScopedJava GetDSATestKeyJava() {
std::string key;
if (!ImportPrivateKeyFileAsPkcs8(kTestDsaKeyFile, &key))
return ScopedJava();
return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, key);
}
// Call this function to verify that one message signed with our
// test DSA private key is correct. Since DSA signing introduces
// random elements in the signature, it is not possible to compare
// signature bits directly. However, one can use the public key
// to do the check.
bool VerifyTestDSASignature(const base::StringPiece& message,
const base::StringPiece& signature) {
crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestDsaPublicKeyFile));
if (!pkey.get())
return false;
crypto::ScopedDSA pub_key(EVP_PKEY_get1_DSA(pkey.get()));
if (!pub_key.get()) {
LOG(ERROR) << "Could not get DSA public key: "
<< GetOpenSSLErrorString();
return false;
}
const unsigned char* digest =
reinterpret_cast<const unsigned char*>(message.data());
int digest_len = static_cast<int>(message.size());
const unsigned char* sigbuf =
reinterpret_cast<const unsigned char*>(signature.data());
int siglen = static_cast<int>(signature.size());
int ret = DSA_verify(
0, digest, digest_len, sigbuf, siglen, pub_key.get());
if (ret != 1) {
LOG(ERROR) << "DSA_verify() failed: " << GetOpenSSLErrorString();
return false;
}
return true;
}
const char kTestEcdsaKeyFile[] = "android-test-key-ecdsa.pem";
const char kTestEcdsaPublicKeyFile[] = "android-test-key-ecdsa-public.pem";
......@@ -268,7 +220,7 @@ ScopedJava GetECDSATestKeyJava() {
}
// Call this function to verify that one message signed with our
// test DSA private key is correct. Since DSA signing introduces
// test ECDSA private key is correct. Since ECDSA signing introduces
// random elements in the signature, it is not possible to compare
// signature bits directly. However, one can use the public key
// to do the check.
......@@ -338,28 +290,6 @@ bool SignWithOpenSSL(const base::StringPiece& message,
signature_size = static_cast<size_t>(p_len);
break;
}
case EVP_PKEY_DSA:
{
crypto::ScopedDSA dsa(EVP_PKEY_get1_DSA(openssl_key));
if (!dsa.get()) {
LOG(ERROR) << "Could not get DSA from EVP_PKEY: "
<< GetOpenSSLErrorString();
return false;
}
// Note, the actual signature can be smaller than DSA_size()
max_signature_size = static_cast<size_t>(DSA_size(dsa.get()));
unsigned char* p = OpenSSLWriteInto(&signature,
max_signature_size);
unsigned int p_len = 0;
// Note: first parameter is ignored by function.
int ret = DSA_sign(0, digest, digest_len, p, &p_len, dsa.get());
if (ret != 1) {
LOG(ERROR) << "DSA_sign() failed: " << GetOpenSSLErrorString();
return false;
}
signature_size = static_cast<size_t>(p_len);
break;
}
case EVP_PKEY_EC:
{
crypto::ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key));
......@@ -519,41 +449,6 @@ TEST(AndroidKeyStore,GetRSAKeyModulus) {
ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n));
}
TEST(AndroidKeyStore,GetDSAKeyParamQ) {
crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
InitEnv();
// Load the test DSA key.
crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestDsaKeyFile));
ASSERT_TRUE(pkey.get());
// Convert it to encoded PKCS#8 bytes.
std::string pkcs8_data;
ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data));
// Create platform PrivateKey object from it.
ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA,
pkcs8_data);
ASSERT_FALSE(key_java.is_null());
// Retrieve the corresponding Q parameter through JNI
std::vector<uint8> q_java;
ASSERT_TRUE(GetDSAKeyParamQ(key_java.obj(), &q_java));
// Create an OpenSSL BIGNUM from it.
crypto::ScopedBIGNUM bn(
BN_bin2bn(reinterpret_cast<const unsigned char*>(&q_java[0]),
static_cast<int>(q_java.size()),
NULL));
ASSERT_TRUE(bn.get());
// Compare it to the one in the RSA key, they must be identical.
crypto::ScopedDSA dsa(EVP_PKEY_get1_DSA(pkey.get()));
ASSERT_TRUE(dsa.get()) << GetOpenSSLErrorString();
ASSERT_EQ(0, BN_cmp(bn.get(), dsa.get()->q));
}
TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) {
crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
......@@ -616,56 +511,6 @@ TEST(AndroidKeyStore,SignWithWrapperKeyRSA) {
CompareSignatureWithOpenSSL(message, signature, openssl_key.get()));
}
TEST(AndroidKeyStore,GetPrivateKeyTypeDSA) {
crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
ScopedJava dsa_key = GetDSATestKeyJava();
ASSERT_FALSE(dsa_key.is_null());
EXPECT_EQ(PRIVATE_KEY_TYPE_DSA,
GetPrivateKeyType(dsa_key.obj()));
}
TEST(AndroidKeyStore,SignWithPrivateKeyDSA) {
ScopedJava dsa_key = GetDSATestKeyJava();
ASSERT_FALSE(dsa_key.is_null());
crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile));
ASSERT_TRUE(openssl_key.get());
std::string message = kTestDsaHash;
ASSERT_EQ(20U, message.size());
std::string signature;
DoKeySigning(dsa_key.obj(), openssl_key.get(), message, &signature);
ASSERT_TRUE(VerifyTestDSASignature(message, signature));
}
TEST(AndroidKeyStore,SignWithWrapperKeyDSA) {
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
ScopedJava dsa_key = GetDSATestKeyJava();
ASSERT_FALSE(dsa_key.is_null());
crypto::ScopedEVP_PKEY wrapper_key(
GetOpenSSLPrivateKeyWrapper(dsa_key.obj()));
ASSERT_TRUE(wrapper_key.get());
crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile));
ASSERT_TRUE(openssl_key.get());
// Check that DSA_size() works correctly on the wrapper.
EXPECT_EQ(EVP_PKEY_size(openssl_key.get()),
EVP_PKEY_size(wrapper_key.get()));
std::string message = kTestDsaHash;
std::string signature;
DoKeySigningWithWrapper(wrapper_key.get(),
openssl_key.get(),
message,
&signature);
ASSERT_TRUE(VerifyTestDSASignature(message, signature));
}
TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) {
crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
......
net/cert/cert_verify_proc_openssl.cc
View file @ 675d5e12
......@@ -101,7 +101,7 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx,
STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx);
X509* verified_cert = NULL;
std::vector<X509*> verified_chain;
for (int i = 0; i < sk_X509_num(chain); ++i) {
for (size_t i = 0; i < sk_X509_num(chain); ++i) {
X509* cert = sk_X509_value(chain, i);
if (i == 0) {
verified_cert = cert;
......@@ -111,7 +111,7 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx,
// Only check the algorithm status for certificates that are not in the
// trust store.
if (i < store_ctx->last_untrusted) {
if (i < static_cast<size_t>(store_ctx->last_untrusted)) {
int sig_alg = OBJ_obj2nid(cert->sig_alg->algorithm);
if (sig_alg == NID_md2WithRSAEncryption) {
verify_result->has_md2 = true;
......@@ -151,7 +151,7 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx,
void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx,
HashValueVector* hashes) {
STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx);
for (int i = 0; i < sk_X509_num(chain); ++i) {
for (size_t i = 0; i < sk_X509_num(chain); ++i) {
X509* cert = sk_X509_value(chain, i);
std::string der_data;
......
net/cert/x509_certificate_openssl.cc
View file @ 675d5e12
......@@ -5,10 +5,10 @@
#include "net/cert/x509_certificate.h"
#include <openssl/asn1.h>
#include <openssl/bytestring.h>
#include <openssl/crypto.h>
#include <openssl/obj_mac.h>
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/sha.h>
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
......@@ -40,27 +40,20 @@ void CreateOSCertHandlesFromPKCS7Bytes(
const char* data, int length,
X509Certificate::OSCertHandles* handles) {
crypto::EnsureOpenSSLInit();
const unsigned char* der_data = reinterpret_cast<const unsigned char*>(data);
crypto::ScopedOpenSSL<PKCS7, PKCS7_free>::Type pkcs7_cert(
d2i_PKCS7(NULL, &der_data, length));
if (!pkcs7_cert.get())
return;
crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE);
STACK_OF(X509)* certs = NULL;
int nid = OBJ_obj2nid(pkcs7_cert.get()->type);
if (nid == NID_pkcs7_signed) {
certs = pkcs7_cert.get()->d.sign->cert;
} else if (nid == NID_pkcs7_signedAndEnveloped) {
certs = pkcs7_cert.get()->d.signed_and_enveloped->cert;
}
CBS der_data;
CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length);
STACK_OF(X509)* certs = sk_X509_new_null();
if (certs) {
for (int i = 0; i < sk_X509_num(certs); ++i) {
if (PKCS7_get_certificates(certs, &der_data)) {
for (size_t i = 0; i < sk_X509_num(certs); ++i) {
X509* x509_cert =
X509Certificate::DupOSCertHandle(sk_X509_value(certs, i));
handles->push_back(x509_cert);
}
}
sk_X509_pop_free(certs, X509_free);
}
void ParsePrincipalValues(X509_NAME* name,
......@@ -114,7 +107,7 @@ void ParseSubjectAltName(X509Certificate::OSCertHandle cert,
if (!alt_names.get())
return;
for (int i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) {
for (size_t i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) {
const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i);
if (name->type == GEN_DNS && dns_names) {
const unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName);
......@@ -509,7 +502,7 @@ bool X509Certificate::IsIssuedByEncoded(
// and 'cert_names'.
for (size_t n = 0; n < cert_names.size(); ++n) {
for (int m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) {
for (size_t m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) {
X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m);
if (X509_NAME_cmp(issuer, cert_names[n]) == 0) {
return true;
......
net/http/des.cc
View file @ 675d5e12
......@@ -93,10 +93,10 @@ void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) {
crypto::EnsureOpenSSLInit();
DES_key_schedule ks;
DES_set_key_unchecked(
reinterpret_cast<const_DES_cblock*>(const_cast<uint8*>(key)), &ks);
DES_set_key(
reinterpret_cast<const DES_cblock*>(key), &ks);
DES_ecb_encrypt(reinterpret_cast<const_DES_cblock*>(const_cast<uint8*>(src)),
DES_ecb_encrypt(reinterpret_cast<const DES_cblock*>(src),
reinterpret_cast<DES_cblock*>(hash), &ks, DES_ENCRYPT);
}
......
net/net.gyp
View file @ 675d5e12
......@@ -255,7 +255,7 @@
'third_party/mozilla_security_manager/nsPKCS12Blob.h',
],
'dependencies': [
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
],
},
{ # else !use_openssl: remove the unneeded files
......@@ -466,7 +466,7 @@
}],
[ 'OS == "android"', {
'dependencies': [
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
'net_jni_headers',
],
'sources!': [
......@@ -475,11 +475,6 @@
'cert/cert_verify_proc_openssl.cc',
'cert/test_root_certs_openssl.cc',
],
# The net/android/keystore_openssl.cc source file needs to
# access an OpenSSL-internal header.
'include_dirs': [
'../third_party/openssl',
],
},
],
[ 'use_icu_alternatives_on_android == 1', {
......@@ -595,7 +590,7 @@
[ 'use_openssl == 1', {
# Avoid compiling/linking with the system library.
'dependencies': [
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
],
}, { # use_openssl == 0
'conditions': [
......@@ -798,7 +793,7 @@
}],
[ 'OS == "android"', {
'dependencies': [
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
],
'sources!': [
'dns/dns_config_service_posix_unittest.cc',
......@@ -979,7 +974,7 @@
'conditions': [
['use_openssl==1', {
'dependencies': [
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
],
}, {
'dependencies': [
......@@ -1377,7 +1372,7 @@
],
'dependencies': [
'../base/base.gyp:base',
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
'balsa',
'epoll_server',
'net',
......@@ -1422,7 +1417,7 @@
'dependencies': [
'../testing/gtest.gyp:gtest',
'../testing/gmock.gyp:gmock',
'../third_party/openssl/openssl.gyp:openssl',
'../third_party/boringssl/boringssl.gyp:boringssl',
'flip_in_mem_edsm_server_base',
'net',
'net_test_support',
......
net/net_nacl.gyp
View file @ 675d5e12
......@@ -25,7 +25,7 @@
'../crypto/crypto_nacl.gyp:crypto_nacl',
'../native_client/tools.gyp:prep_toolchain',
'../native_client_sdk/native_client_sdk_untrusted.gyp:nacl_io_untrusted',
'../third_party/openssl/openssl_nacl.gyp:openssl_nacl',
'../third_party/boringssl/boringssl_nacl.gyp:boringssl_nacl',
'../url/url_nacl.gyp:url_nacl',
'net.gyp:net_derived_sources',
'net.gyp:net_resources',
......
net/quic/crypto/aead_base_decrypter_openssl.cc
View file @ 675d5e12
......@@ -86,21 +86,18 @@ bool AeadBaseDecrypter::Decrypt(StringPiece nonce,
return false;
}
ssize_t len = EVP_AEAD_CTX_open(
ctx_.get(), output, ciphertext.size(),
if (!EVP_AEAD_CTX_open(
ctx_.get(), output, output_length, ciphertext.size(),
reinterpret_cast<const uint8_t*>(nonce.data()), nonce.size(),
reinterpret_cast<const uint8_t*>(ciphertext.data()), ciphertext.size(),
reinterpret_cast<const uint8_t*>(associated_data.data()),
associated_data.size());
if (len < 0) {
associated_data.size())) {
// Because QuicFramer does trial decryption, decryption errors are expected
// when encryption level changes. So we don't log decryption errors.
ClearOpenSslErrors();
return false;
}
*output_length = len;
return true;
}
......
net/quic/crypto/aead_base_encrypter_openssl.cc
View file @ 675d5e12
......@@ -81,14 +81,18 @@ bool AeadBaseEncrypter::Encrypt(StringPiece nonce,
return false;
}
ssize_t len = EVP_AEAD_CTX_seal(
ctx_.get(), output, plaintext.size() + auth_tag_size_,
reinterpret_cast<const uint8_t*>(nonce.data()), nonce.size(),
reinterpret_cast<const uint8_t*>(plaintext.data()), plaintext.size(),
reinterpret_cast<const uint8_t*>(associated_data.data()),
associated_data.size());
if (len < 0) {
size_t len;
if (!EVP_AEAD_CTX_seal(
ctx_.get(),
output,
&len,
plaintext.size() + auth_tag_size_,
reinterpret_cast<const uint8_t*>(nonce.data()),
nonce.size(),
reinterpret_cast<const uint8_t*>(plaintext.data()),
plaintext.size(),
reinterpret_cast<const uint8_t*>(associated_data.data()),
associated_data.size())) {
DLogOpenSslErrors();
return false;
}
......
net/socket/openssl_ssl_util.cc
View file @ 675d5e12
......@@ -4,6 +4,8 @@
#include "net/socket/openssl_ssl_util.h"
#include <errno.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
......@@ -39,16 +41,16 @@ class OpenSSLNetErrorLibSingleton {
net_error_lib_ = ERR_get_next_error_library();
}
int net_error_lib() const { return net_error_lib_; }
unsigned net_error_lib() const { return net_error_lib_; }
private:
int net_error_lib_;
unsigned net_error_lib_;
};
base::LazyInstance<OpenSSLNetErrorLibSingleton>::Leaky g_openssl_net_error_lib =
LAZY_INSTANCE_INITIALIZER;
int OpenSSLNetErrorLib() {
unsigned OpenSSLNetErrorLib() {
return g_openssl_net_error_lib.Get().net_error_lib();
}
......@@ -162,7 +164,7 @@ void OpenSSLPutNetError(const tracked_objects::Location& location, int err) {
NOTREACHED();
err = ERR_INVALID_ARGUMENT;
}
ERR_PUT_error(OpenSSLNetErrorLib(), 0, err,
ERR_put_error(OpenSSLNetErrorLib(), 0, err,
location.file_name(), location.line_number());
}
......
net/socket/ssl_client_socket_openssl.cc
View file @ 675d5e12
......@@ -7,8 +7,8 @@
#include "net/socket/ssl_client_socket_openssl.h"
#include <errno.h>
#include <openssl/err.h>
#include <openssl/opensslv.h>
#include <openssl/ssl.h>
#include "base/bind.h"
......@@ -153,6 +153,7 @@ class SSLClientSocketOpenSSL::SSLContext {
// but that is an OpenSSL issue.
SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback,
NULL);
ssl_ctx_->tlsext_channel_id_enabled_new = 1;
}
static std::string GetSessionCacheKey(const SSL* ssl) {
......@@ -248,7 +249,7 @@ SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
// Must increase the reference count manually for sk_X509_dup
openssl_chain_.reset(sk_X509_dup(other.openssl_chain_.get()));
for (int i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
X509* x = sk_X509_value(openssl_chain_.get(), i);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
}
......@@ -267,7 +268,7 @@ void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
return;
X509Certificate::OSCertHandles intermediates;
for (int i = 1; i < sk_X509_num(chain); ++i)
for (size_t i = 1; i < sk_X509_num(chain); ++i)
intermediates.push_back(sk_X509_value(chain, i));
os_chain_ =
......@@ -277,7 +278,7 @@ void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
openssl_chain_.reset(sk_X509_dup(chain));
std::vector<base::StringPiece> der_chain;
for (int i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
X509* x = sk_X509_value(openssl_chain_.get(), i);
// Increase the reference count for the certs in openssl_chain_.
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
......@@ -507,8 +508,8 @@ bool SSLClientSocketOpenSSL::IsConnectedAndIdle() const {
return false;
// If there is data waiting to be sent, or data read from the network that
// has not yet been consumed.
if (BIO_ctrl_pending(transport_bio_) > 0 ||
BIO_ctrl_wpending(transport_bio_) > 0) {
if (BIO_pending(transport_bio_) > 0 ||
BIO_wpending(transport_bio_) > 0) {
return false;
}
......@@ -578,11 +579,9 @@ bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_);
CHECK(cipher);
ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL);
const COMP_METHOD* compression = SSL_get_current_compression(ssl_);
ssl_info->connection_status = EncodeSSLConnectionStatus(
SSL_CIPHER_get_id(cipher),
compression ? compression->type : 0,
SSL_CIPHER_get_id(cipher), 0 /* no compression */,
GetNetSSLVersion(ssl_));
bool peer_supports_renego_ext = !!SSL_get_secure_renegotiation_support(ssl_);
......@@ -732,7 +731,7 @@ int SSLClientSocketOpenSSL::Init() {
"!aECDH:!AESGCM+AES256");
// Walk through all the installed ciphers, seeing if any need to be
// appended to the cipher removal |command|.
for (int i = 0; i < sk_SSL_CIPHER_num(ciphers); ++i) {
for (size_t i = 0; i < sk_SSL_CIPHER_num(ciphers); ++i) {
const SSL_CIPHER* cipher = sk_SSL_CIPHER_value(ciphers, i);
const uint16 id = SSL_CIPHER_get_id(cipher);
// Remove any ciphers with a strength of less than 80 bits. Note the NSS
......@@ -1206,7 +1205,7 @@ int SSLClientSocketOpenSSL::BufferSend(void) {
if (!send_buffer_.get()) {
// Get a fresh send buffer out of the send BIO.
size_t max_read = BIO_ctrl_pending(transport_bio_);
size_t max_read = BIO_pending(transport_bio_);
if (!max_read)
return 0; // Nothing pending in the OpenSSL write BIO.
send_buffer_ = new DrainableIOBuffer(new IOBuffer(max_read), max_read);
......@@ -1329,7 +1328,7 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl,
// have one at hand.
client_auth_cert_needed_ = true;
STACK_OF(X509_NAME) *authorities = SSL_get_client_CA_list(ssl);
for (int i = 0; i < sk_X509_NAME_num(authorities); i++) {
for (size_t i = 0; i < sk_X509_NAME_num(authorities); i++) {
X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i);
unsigned char* str = NULL;
int length = i2d_X509_NAME(ca_name, &str);
......
net/socket/ssl_server_socket_openssl.cc
View file @ 675d5e12
......@@ -305,7 +305,7 @@ int SSLServerSocketOpenSSL::BufferSend() {
if (!send_buffer_.get()) {
// Get a fresh send buffer out of the send BIO.
size_t max_read = BIO_ctrl_pending(transport_bio_);
size_t max_read = BIO_pending(transport_bio_);
if (!max_read)
return 0; // Nothing pending in the OpenSSL write BIO.
send_buffer_ = new DrainableIOBuffer(new IOBuffer(max_read), max_read);
......
net/socket/ssl_session_cache_openssl_unittest.cc
View file @ 675d5e12
......@@ -75,8 +75,8 @@ class SSLKeyHelper {
// Called when an SSL object is copied through SSL_dup(). This needs to copy
// the value as well.
static int KeyDup(CRYPTO_EX_DATA* to,
CRYPTO_EX_DATA* from,
void* from_fd,
const CRYPTO_EX_DATA* from,
void** from_fd,
int idx,
long argl,
void* argp) {
......
net/tools/flip_server/acceptor_thread.cc
View file @ 675d5e12
......@@ -4,6 +4,7 @@
#include "net/tools/flip_server/acceptor_thread.h"
#include <errno.h>
#include <netinet/in.h>
#include <netinet/tcp.h> // For TCP_NODELAY
#include <sys/socket.h>
......
net/tools/flip_server/spdy_ssl.cc
View file @ 675d5e12
......@@ -80,6 +80,7 @@ void InitSSL(SSLState* state,
SSL_CTX_set_mode(state->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
#if !defined(OPENSSL_IS_BORINGSSL)
// Proper methods to disable compression don't exist until 0.9.9+. For now
// we must manipulate the stack of compression methods directly.
if (disable_ssl_compression) {
......@@ -90,6 +91,7 @@ void InitSSL(SSLState* state,
static_cast<void>(sk_SSL_COMP_delete(ssl_comp_methods, i));
}
}
#endif
}
SSL* CreateSSLContext(SSL_CTX* ssl_ctx) {
......
remoting/host/token_validator_base.cc
View file @ 675d5e12
......@@ -120,6 +120,9 @@ void TokenValidatorBase::OnCertificateRequested(
client_cert_store = new net::ClientCertStoreWin();
#elif defined(OS_MACOSX)
client_cert_store = new net::ClientCertStoreMac();
#elif defined(USE_OPENSSL)
// OpenSSL does not use the ClientCertStore infrastructure.
client_cert_store = NULL;
#else
#error Unknown platform.
#endif
......
remoting/remoting_nacl.gyp
View file @ 675d5e12
......@@ -108,7 +108,7 @@
'../third_party/libvpx/libvpx_nacl.gyp:libvpx_nacl',
'../third_party/libwebm/libwebm_nacl.gyp:libwebm_nacl',
'../third_party/libyuv/libyuv_nacl.gyp:libyuv_nacl',
'../third_party/openssl/openssl_nacl.gyp:openssl_nacl',
'../third_party/boringssl/boringssl_nacl.gyp:boringssl_nacl',
'../third_party/opus/opus_nacl.gyp:opus_nacl',
'remoting_proto_nacl',
'remoting_webrtc_nacl',
......@@ -160,7 +160,7 @@
'>(tc_lib_dir_pnacl_newlib)/libjingle_p2p_constants_nacl.a',
'>(tc_lib_dir_pnacl_newlib)/libmedia_yuv_nacl.a',
'>(tc_lib_dir_pnacl_newlib)/libmodp_b64_nacl.a',
'>(tc_lib_dir_pnacl_newlib)/libopenssl_nacl.a',
'>(tc_lib_dir_pnacl_newlib)/libboringssl_nacl.a',
'>(tc_lib_dir_pnacl_newlib)/libopus_nacl.a',
'>(tc_lib_dir_pnacl_newlib)/libppapi.a',
'>(tc_lib_dir_pnacl_newlib)/libppapi_cpp.a',
......@@ -196,7 +196,7 @@
'../third_party/libwebm/libwebm_nacl.gyp:libwebm_nacl',
'../third_party/libyuv/libyuv_nacl.gyp:libyuv_nacl',
'../third_party/modp_b64/modp_b64_nacl.gyp:modp_b64_nacl',
'../third_party/openssl/openssl_nacl.gyp:openssl_nacl',
'../third_party/boringssl/boringssl_nacl.gyp:boringssl_nacl',
'../url/url_nacl.gyp:url_nacl',
'remoting_client_plugin_lib_nacl',
'remoting_proto_nacl',
......@@ -227,7 +227,7 @@
'-lexpat_nacl',
'-lmodp_b64_nacl',
'-lopus_nacl',
'-lopenssl_nacl',
'-lboringssl_nacl',
'-licui18n_nacl',
'-licuuc_nacl',
'-licudata_nacl',
......
third_party/boringssl/BUILD.gn 0 → 100644
View file @ 675d5e12
# Copyright 2014 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Config for us and everybody else depending on BoringSSL.
config("openssl_config") {
include_dirs = []
include_dirs += [ "src/include" ]
}
# Config internal to this build file.
config("openssl_internal_config") {
visibility = ":*" # Only targets in this file can depend on this.
}
# The list of BoringSSL files is kept in boringssl.gypi.
gypi_values = exec_script(
"//build/gypi_to_gn.py",
[ rebase_path("//third_party/boringssl/boringssl.gypi") ],
"scope",
[ "//third_party/boringssl/boringssl.gypi" ])
component("boringssl") {
sources = gypi_values.boringssl_lib_sources
direct_dependent_configs = [ ":openssl_config" ]
cflags = []
configs -= [ "//build/config/compiler:chromium_code" ]
configs += [ "//build/config/compiler:no_chromium_code" ]
# Also gets the include dirs from :openssl_config
include_dirs = [
"src/include",
# This is for arm_arch.h, which is needed by some asm files. Since the
# asm files are generated and kept in a different directory, they
# cannot use relative paths to find this file.
"src/crypto",
]
if (cpu_arch == "x64") {
if (is_mac) {
sources += gypi_values.boringssl_mac_x86_64_sources
} else if (is_linux || is_android) {
sources += gypi_values.boringssl_linux_x86_64_sources
} else if (is_win) {
sources += gypi_values.boringssl_win_x86_64_sources
} else {
defines += [ "OPENSSL_NO_ASM" ]
}
} else if (cpu_arch == "x86") {
if (is_mac) {
sources += gypi_values.boringssl_mac_x86_sources
} else if (is_linux || is_android) {
sources += gypi_values.boringssl_linux_x86_sources
} else {
defines += [ "OPENSSL_NO_ASM" ]
}
} else if (cpu_arch == "arm") {
sources += gypi_values.boringssl_linux_arm_sources
} else {
defines += [ "OPENSSL_NO_ASM" ]
}
}
third_party/boringssl/boringssl_nacl.gyp 0 → 100644
View file @ 675d5e12
# Copyright 2014 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
{
'includes': [
'../../native_client/build/untrusted.gypi',
],
'targets': [
{
'target_name': 'boringssl_nacl',
'type': 'none',
'variables': {
'nlib_target': 'libboringssl_nacl.a',
'build_glibc': 0,
'build_newlib': 0,
'build_pnacl_newlib': 1,
},
'dependencies': [
'<(DEPTH)/native_client/tools.gyp:prep_toolchain',
'<(DEPTH)/native_client_sdk/native_client_sdk_untrusted.gyp:nacl_io_untrusted',
],
'includes': [
# Include the auto-generated gypi file.
'boringssl.gypi'
],
'sources': [
'<@(boringssl_lib_sources)',
],
'defines': [
'OPENSSL_NO_ASM',
],
'include_dirs': [
'src/include',
# This is for arm_arch.h, which is needed by some asm files. Since the
# asm files are generated and kept in a different directory, they
# cannot use relative paths to find this file.
'src/crypto',
],
'direct_dependent_settings': {
'include_dirs': [
'src/include',
],
},
'pnacl_compile_flags': [
'-Wno-sometimes-uninitialized',
'-Wno-unused-variable',
],
}, # target boringssl_nacl
],
}
third_party/libjingle/libjingle.gyp
View file @ 675d5e12
......@@ -158,7 +158,7 @@
'HAVE_OPENSSL_SSL_H',
],
'dependencies': [
'../../third_party/openssl/openssl.gyp:openssl',
'../../third_party/boringssl/boringssl.gyp:boringssl',
],
}, {
'defines': [
......
third_party/libjingle/libjingle_nacl.gyp
View file @ 675d5e12
......@@ -25,7 +25,7 @@
'<(DEPTH)/native_client/tools.gyp:prep_toolchain',
'<(DEPTH)/native_client_sdk/native_client_sdk_untrusted.gyp:nacl_io_untrusted',
'<(DEPTH)/third_party/expat/expat_nacl.gyp:expat_nacl',
'<(DEPTH)/third_party/openssl/openssl_nacl.gyp:openssl_nacl',
'<(DEPTH)/third_party/boringssl/boringssl_nacl.gyp:boringssl_nacl',
'libjingle_p2p_constants_nacl',
],
'defines': [
......
third_party/usrsctp/usrsctp.gyp
View file @ 675d5e12
......@@ -28,7 +28,7 @@
'SCTP_USE_OPENSSL_SHA1',
],
'dependencies': [
'<(DEPTH)/third_party/openssl/openssl.gyp:openssl',
'<(DEPTH)/third_party/boringssl/boringssl.gyp:boringssl',
],
},
{ # else use_openssl==0, use NSS.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment