diff --git base/BUILD.gn base/BUILD.gn index d6dbc2c38b401..0e0a5cc086291 100644 --- base/BUILD.gn +++ base/BUILD.gn @@ -41,6 +41,7 @@ import("//build/nocompile.gni") import("//build/timestamp.gni") import("//build/util/process_version.gni") import("//build_overrides/build.gni") +import("//cef/libcef/features/features.gni") import("//testing/libfuzzer/fuzzer_test.gni") import("//testing/test.gni") @@ -1507,7 +1508,11 @@ component("base") { "hash/md5_constexpr_internal.h", "hash/sha1.h", ] - if (is_nacl) { + deps += [ "//cef/libcef/features" ] + if (enable_cef) { + configs += [ "//cef/libcef/features:config" ] + } + if (is_nacl || is_cef_sandbox_build) { sources += [ "hash/md5_nacl.cc", "hash/md5_nacl.h", @@ -1932,6 +1937,12 @@ component("base") { defines += [ "COM_INIT_CHECK_HOOK_DISABLED" ] } + if (!use_custom_libcxx) { + # Enable the VS 2015 Update 2 fix when building with the MSVC standard + # library. + defines += [ "_ENABLE_ATOMIC_ALIGNMENT_FIX" ] + } + libs += [ "cfgmgr32.lib", "ntdll.lib", diff --git base/allocator/dispatcher/dispatcher.cc base/allocator/dispatcher/dispatcher.cc index 3e47d1f5d35df..004eefac8bbf3 100644 --- base/allocator/dispatcher/dispatcher.cc +++ base/allocator/dispatcher/dispatcher.cc @@ -8,6 +8,7 @@ #include "base/check.h" #include "base/dcheck_is_on.h" #include "base/no_destructor.h" +#include "cef/libcef/features/features.h" #include "partition_alloc/buildflags.h" #include "partition_alloc/shim/allocator_shim.h" @@ -33,7 +34,7 @@ struct Dispatcher::Impl { } void Reset() { -#if DCHECK_IS_ON() +#if DCHECK_IS_ON() && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) DCHECK([&]() { auto const was_set = is_initialized_check_flag_.test_and_set(); is_initialized_check_flag_.clear(); diff --git base/hash/md5.h base/hash/md5.h index 215d636fec275..922e88f31b999 100644 --- base/hash/md5.h +++ base/hash/md5.h @@ -11,8 +11,9 @@ #include "base/base_export.h" #include "base/containers/span.h" #include "build/build_config.h" +#include "cef/libcef/features/features.h" -#if BUILDFLAG(IS_NACL) +#if BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "base/hash/md5_nacl.h" #else #include "base/hash/md5_boringssl.h" diff --git base/hash/sha1.h base/hash/sha1.h index 857159d757637..63b5b396a00dd 100644 --- base/hash/sha1.h +++ base/hash/sha1.h @@ -15,7 +15,9 @@ #include "base/compiler_specific.h" #include "base/containers/span.h" #include "build/build_config.h" -#if BUILDFLAG(IS_NACL) +#include "cef/libcef/features/features.h" + +#if BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "base/hash/sha1_nacl.h" #else #include "base/hash/sha1_boringssl.h" diff --git base/metrics/crc32.cc base/metrics/crc32.cc index 83e3cee2579ab..8238767ab9126 100644 --- base/metrics/crc32.cc +++ base/metrics/crc32.cc @@ -3,14 +3,15 @@ // found in the LICENSE file. #include "base/metrics/crc32.h" +#include "cef/libcef/features/features.h" -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/zlib/zlib.h" #endif // !BUILDFLAG(IS_NACL) namespace base { -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) uint32_t Crc32(uint32_t sum, span data) { if (data.empty()) { return sum; diff --git base/rand_util.h base/rand_util.h index 746166bf75df7..7192a939e4fec 100644 --- base/rand_util.h +++ base/rand_util.h @@ -17,8 +17,9 @@ #include "base/containers/span.h" #include "base/gtest_prod_util.h" #include "build/build_config.h" +#include "cef/libcef/features/features.h" -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/boringssl/src/include/openssl/rand.h" #endif @@ -123,7 +124,7 @@ class RandomBitGenerator { ~RandomBitGenerator() = default; }; -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) class NonAllocatingRandomBitGenerator { public: using result_type = uint64_t; diff --git base/rand_util_win.cc base/rand_util_win.cc index 9c2ae8389bfb2..e639a4d85b3dd 100644 --- base/rand_util_win.cc +++ base/rand_util_win.cc @@ -20,7 +20,11 @@ #include "base/check.h" #include "base/feature_list.h" +#include "cef/libcef/features/features.h" + +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/boringssl/src/include/openssl/rand.h" +#endif // Prototype for ProcessPrng. // See: https://learn.microsoft.com/en-us/windows/win32/seccng/processprng @@ -32,6 +36,7 @@ namespace base { namespace internal { +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) namespace { // The BoringSSl helpers are duplicated in rand_util_fuchsia.cc and @@ -53,6 +58,10 @@ bool UseBoringSSLForRandBytes() { return g_use_boringssl.load(std::memory_order_relaxed); } +#else // !BUILDFLAG(IS_CEF_SANDBOX_BUILD) +void ConfigureBoringSSLBackedRandBytesFieldTrial() {} +#endif + } // namespace internal namespace { @@ -70,11 +79,13 @@ decltype(&ProcessPrng) GetProcessPrng() { } void RandBytesInternal(span output, bool avoid_allocation) { +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) if (!avoid_allocation && internal::UseBoringSSLForRandBytes()) { // BoringSSL's RAND_bytes always returns 1. Any error aborts the program. (void)RAND_bytes(output.data(), output.size()); return; } +#endif // !BUILDFLAG(IS_CEF_SANDBOX_BUILD) static decltype(&ProcessPrng) process_prng_fn = GetProcessPrng(); BOOL success = diff --git base/unguessable_token.cc base/unguessable_token.cc index ea33ca66f384c..33f4cc76f76bd 100644 --- base/unguessable_token.cc +++ base/unguessable_token.cc @@ -11,8 +11,9 @@ #include "base/format_macros.h" #include "base/rand_util.h" #include "build/build_config.h" +#include "cef/libcef/features/features.h" -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/boringssl/src/include/openssl/mem.h" #endif @@ -58,7 +59,7 @@ std::optional UnguessableToken::DeserializeFromString( } bool operator==(const UnguessableToken& lhs, const UnguessableToken& rhs) { -#if BUILDFLAG(IS_NACL) +#if BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD) // BoringSSL is unavailable for NaCl builds so it remains timing dependent. return lhs.token_ == rhs.token_; #else diff --git base/win/sid.cc base/win/sid.cc index 2f250ba9bf79d..0af427e779266 100644 --- base/win/sid.cc +++ base/win/sid.cc @@ -29,12 +29,56 @@ #include "base/win/scoped_handle.h" #include "base/win/scoped_localalloc.h" #include "base/win/windows_version.h" +#include "cef/libcef/features/features.h" + +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/boringssl/src/include/openssl/sha.h" +#else +#include +#endif namespace base::win { namespace { +#if BUILDFLAG(IS_CEF_SANDBOX_BUILD) + +#define SHA256_DIGEST_LENGTH 32 + +bool SHA256(const uint8_t* InData, size_t InDataLen, uint8_t* OutHash) { + HCRYPTPROV hProv = 0; + HCRYPTHASH hHash = 0; + + if (!CryptAcquireContext(&hProv, nullptr, nullptr, PROV_RSA_AES, + CRYPT_VERIFYCONTEXT)) { + return false; + } + + if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash)) { + CryptReleaseContext(hProv, 0); + return false; + } + + if (!CryptHashData(hHash, InData, static_cast(InDataLen), 0)) { + CryptDestroyHash(hHash); + CryptReleaseContext(hProv, 0); + return false; + } + + DWORD dwHashLen = SHA256_DIGEST_LENGTH; + if (!CryptGetHashParam(hHash, HP_HASHVAL, OutHash, &dwHashLen, 0)) { + CryptDestroyHash(hHash); + CryptReleaseContext(hProv, 0); + return false; + } + + CryptDestroyHash(hHash); + CryptReleaseContext(hProv, 0); + return true; +} + +#endif // BUILDFLAG(IS_CEF_SANDBOX_BUILD) + template Sid FromSubAuthorities(const SID_IDENTIFIER_AUTHORITY& identifier_authority, size_t sub_authority_count,