diff --git base/BUILD.gn base/BUILD.gn index 4c7130084a91f..c0e00c6fc2636 100644 --- base/BUILD.gn +++ base/BUILD.gn @@ -41,6 +41,7 @@ import("//build/nocompile.gni") import("//build/timestamp.gni") import("//build/util/process_version.gni") import("//build_overrides/build.gni") +import("//cef/libcef/features/features.gni") import("//testing/libfuzzer/fuzzer_test.gni") import("//testing/test.gni") @@ -1526,7 +1527,11 @@ component("base") { "hash/md5_constexpr_internal.h", "hash/sha1.h", ] - if (is_nacl) { + deps += [ "//cef/libcef/features" ] + if (enable_cef) { + configs += [ "//cef/libcef/features:config" ] + } + if (is_nacl || is_cef_sandbox_build) { sources += [ "hash/md5_nacl.cc", "hash/md5_nacl.h", @@ -1955,6 +1960,12 @@ component("base") { defines += [ "COM_INIT_CHECK_HOOK_DISABLED" ] } + if (!use_custom_libcxx) { + # Enable the VS 2015 Update 2 fix when building with the MSVC standard + # library. + defines += [ "_ENABLE_ATOMIC_ALIGNMENT_FIX" ] + } + libs += [ "cfgmgr32.lib", "ntdll.lib", diff --git base/allocator/dispatcher/dispatcher.cc base/allocator/dispatcher/dispatcher.cc index 2c5dfc7870ce8..7ed12711289b4 100644 --- base/allocator/dispatcher/dispatcher.cc +++ base/allocator/dispatcher/dispatcher.cc @@ -8,6 +8,7 @@ #include "base/check.h" #include "base/dcheck_is_on.h" #include "base/no_destructor.h" +#include "cef/libcef/features/features.h" #include "partition_alloc/partition_alloc_buildflags.h" #include "partition_alloc/shim/allocator_shim.h" @@ -33,7 +34,7 @@ struct Dispatcher::Impl { } void Reset() { -#if DCHECK_IS_ON() +#if DCHECK_IS_ON() && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) DCHECK([&]() { auto const was_set = is_initialized_check_flag_.test_and_set(); is_initialized_check_flag_.clear(); diff --git base/hash/md5.h base/hash/md5.h index 215d636fec275..922e88f31b999 100644 --- base/hash/md5.h +++ base/hash/md5.h @@ -11,8 +11,9 @@ #include "base/base_export.h" #include "base/containers/span.h" #include "build/build_config.h" +#include "cef/libcef/features/features.h" -#if BUILDFLAG(IS_NACL) +#if BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "base/hash/md5_nacl.h" #else #include "base/hash/md5_boringssl.h" diff --git base/hash/sha1.h base/hash/sha1.h index 1891e95fa387d..fc190dc39ae7d 100644 --- base/hash/sha1.h +++ base/hash/sha1.h @@ -14,7 +14,9 @@ #include "base/base_export.h" #include "base/containers/span.h" #include "build/build_config.h" -#if BUILDFLAG(IS_NACL) +#include "cef/libcef/features/features.h" + +#if BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "base/hash/sha1_nacl.h" #else #include "base/hash/sha1_boringssl.h" diff --git base/rand_util.h base/rand_util.h index 746166bf75df7..7192a939e4fec 100644 --- base/rand_util.h +++ base/rand_util.h @@ -17,8 +17,9 @@ #include "base/containers/span.h" #include "base/gtest_prod_util.h" #include "build/build_config.h" +#include "cef/libcef/features/features.h" -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/boringssl/src/include/openssl/rand.h" #endif @@ -123,7 +124,7 @@ class RandomBitGenerator { ~RandomBitGenerator() = default; }; -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) class NonAllocatingRandomBitGenerator { public: using result_type = uint64_t; diff --git base/rand_util_win.cc base/rand_util_win.cc index 6961e0ef8153c..8863f4ed65ee8 100644 --- base/rand_util_win.cc +++ base/rand_util_win.cc @@ -20,8 +20,12 @@ #include "base/check.h" #include "base/feature_list.h" +#include "cef/libcef/features/features.h" + +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/boringssl/src/include/openssl/crypto.h" #include "third_party/boringssl/src/include/openssl/rand.h" +#endif // Prototype for ProcessPrng. // See: https://learn.microsoft.com/en-us/windows/win32/seccng/processprng @@ -33,6 +37,7 @@ namespace base { namespace internal { +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) namespace { // The BoringSSl helpers are duplicated in rand_util_fuchsia.cc and @@ -54,6 +59,10 @@ bool UseBoringSSLForRandBytes() { return g_use_boringssl.load(std::memory_order_relaxed); } +#else // !BUILDFLAG(IS_CEF_SANDBOX_BUILD) +void ConfigureBoringSSLBackedRandBytesFieldTrial() {} +#endif + } // namespace internal namespace { @@ -71,6 +80,7 @@ decltype(&ProcessPrng) GetProcessPrng() { } void RandBytesInternal(span output, bool avoid_allocation) { +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) if (!avoid_allocation && internal::UseBoringSSLForRandBytes()) { // Ensure BoringSSL is initialized so it can use things like RDRAND. CRYPTO_library_init(); @@ -78,6 +88,7 @@ void RandBytesInternal(span output, bool avoid_allocation) { (void)RAND_bytes(output.data(), output.size()); return; } +#endif // !BUILDFLAG(IS_CEF_SANDBOX_BUILD) static decltype(&ProcessPrng) process_prng_fn = GetProcessPrng(); BOOL success = diff --git base/unguessable_token.cc base/unguessable_token.cc index 1f91a938caf55..e7b383ebe3986 100644 --- base/unguessable_token.cc +++ base/unguessable_token.cc @@ -10,8 +10,9 @@ #include "base/format_macros.h" #include "base/rand_util.h" #include "build/build_config.h" +#include "cef/libcef/features/features.h" -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/boringssl/src/include/openssl/mem.h" #endif @@ -57,7 +58,7 @@ std::optional UnguessableToken::DeserializeFromString( } bool operator==(const UnguessableToken& lhs, const UnguessableToken& rhs) { -#if BUILDFLAG(IS_NACL) +#if BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD) // BoringSSL is unavailable for NaCl builds so it remains timing dependent. return lhs.token_ == rhs.token_; #else diff --git base/win/sid.cc base/win/sid.cc index dd063382d97e1..6f8d6a0be91b1 100644 --- base/win/sid.cc +++ base/win/sid.cc @@ -22,6 +22,7 @@ #include #include "base/check.h" +#include "base/notreached.h" #include "base/no_destructor.h" #include "base/rand_util.h" #include "base/ranges/algorithm.h" @@ -29,8 +30,12 @@ #include "base/win/scoped_handle.h" #include "base/win/scoped_localalloc.h" #include "base/win/windows_version.h" +#include "cef/libcef/features/features.h" + +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/boringssl/src/include/openssl/crypto.h" #include "third_party/boringssl/src/include/openssl/sha.h" +#endif namespace base::win { @@ -131,6 +136,7 @@ Sid Sid::FromNamedCapability(const std::wstring& capability_name) { if (known_cap != known_capabilities->end()) { return FromKnownCapability(known_cap->second); } +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) CRYPTO_library_init(); static_assert((SHA256_DIGEST_LENGTH / sizeof(DWORD)) == SECURITY_APP_PACKAGE_RID_COUNT); @@ -143,6 +149,10 @@ Sid Sid::FromNamedCapability(const std::wstring& capability_name) { reinterpret_cast(&rids[2])); return FromSubAuthorities(SECURITY_APP_PACKAGE_AUTHORITY, std::size(rids), rids); +#else + NOTREACHED(); + return Sid(WellKnownSid::kNull); +#endif } Sid Sid::FromKnownSid(WellKnownSid type) {