diff --git base/BUILD.gn base/BUILD.gn index da6b76717d7b7..d536c8329e732 100644 --- base/BUILD.gn +++ base/BUILD.gn @@ -41,6 +41,7 @@ import("//build/rust/rust_static_library.gni") import("//build/timestamp.gni") import("//build/util/process_version.gni") import("//build_overrides/build.gni") +import("//cef/libcef/features/features.gni") import("//testing/libfuzzer/fuzzer_test.gni") import("//testing/test.gni") @@ -1509,7 +1510,13 @@ component("base") { "hash/md5_constexpr_internal.h", "hash/sha1.h", ] - if (is_nacl) { + + deps += [ "//cef/libcef/features:buildflags" ] + if (enable_cef) { + configs += [ "//cef/libcef/features:config" ] + } + + if (is_nacl || is_cef_sandbox_build) { sources += [ "hash/md5_nacl.cc", "hash/md5_nacl.h", @@ -1959,6 +1966,12 @@ component("base") { defines += [ "COM_INIT_CHECK_HOOK_DISABLED" ] } + if (!use_custom_libcxx) { + # Enable the VS 2015 Update 2 fix when building with the MSVC standard + # library. + defines += [ "_ENABLE_ATOMIC_ALIGNMENT_FIX" ] + } + libs += [ "cfgmgr32.lib", "ntdll.lib", diff --git base/allocator/dispatcher/dispatcher.cc base/allocator/dispatcher/dispatcher.cc index f680f63cffc5b..9cb615bbc8a5a 100644 --- base/allocator/dispatcher/dispatcher.cc +++ base/allocator/dispatcher/dispatcher.cc @@ -8,6 +8,7 @@ #include "base/check.h" #include "base/dcheck_is_on.h" #include "base/no_destructor.h" +#include "cef/libcef/features/features.h" #include "partition_alloc/buildflags.h" #include "partition_alloc/shim/allocator_shim.h" @@ -33,7 +34,7 @@ struct Dispatcher::Impl { } void Reset() { -#if DCHECK_IS_ON() +#if DCHECK_IS_ON() && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) DCHECK([&] { auto const was_set = is_initialized_check_flag_.test_and_set(); is_initialized_check_flag_.clear(); diff --git base/hash/md5.h base/hash/md5.h index 215d636fec275..922e88f31b999 100644 --- base/hash/md5.h +++ base/hash/md5.h @@ -11,8 +11,9 @@ #include "base/base_export.h" #include "base/containers/span.h" #include "build/build_config.h" +#include "cef/libcef/features/features.h" -#if BUILDFLAG(IS_NACL) +#if BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "base/hash/md5_nacl.h" #else #include "base/hash/md5_boringssl.h" diff --git base/hash/sha1.h base/hash/sha1.h index 2158b648ca58a..8a8cb13b2fd74 100644 --- base/hash/sha1.h +++ base/hash/sha1.h @@ -15,7 +15,9 @@ #include "base/compiler_specific.h" #include "base/containers/span.h" #include "build/build_config.h" -#if BUILDFLAG(IS_NACL) +#include "cef/libcef/features/features.h" + +#if BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "base/hash/sha1_nacl.h" #else #include "base/hash/sha1_boringssl.h" diff --git base/json/json_reader.cc base/json/json_reader.cc index 32d8707d3ad5d..12b8ccda8fc30 100644 --- base/json/json_reader.cc +++ base/json/json_reader.cc @@ -12,8 +12,9 @@ #include "base/logging.h" #include "base/metrics/histogram_macros.h" #include "build/build_config.h" +#include "cef/libcef/features/features.h" -#if !BUILDFLAG(IS_NACL) +#if !(BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)) #include "base/strings/string_view_rust.h" #include "third_party/rust/serde_json_lenient/v0_2/wrapper/functions.h" #include "third_party/rust/serde_json_lenient/v0_2/wrapper/lib.rs.h" @@ -23,7 +24,7 @@ namespace base { // TODO(crbug.com/40811643): Move the C++ parser into components/nacl to just // run in-process there. Don't compile base::JSONReader on NaCL at all. -#if !BUILDFLAG(IS_NACL) +#if !(BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)) namespace { using serde_json_lenient::ContextPointer; @@ -129,16 +130,16 @@ JSONReader::Result DecodeJSONInRust(std::string_view json, } // anonymous namespace -#endif // !BUILDFLAG(IS_NACL) +#endif // !(BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)) // static std::optional JSONReader::Read(std::string_view json, int options, size_t max_depth) { -#if BUILDFLAG(IS_NACL) +#if (BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)) internal::JSONParser parser(options, max_depth); return parser.Parse(json); -#else // BUILDFLAG(IS_NACL) +#else // (BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)) SCOPED_UMA_HISTOGRAM_TIMER_MICROS(kSecurityJsonParsingTime); if (UsingRust()) { JSONReader::Result result = DecodeJSONInRust(json, options, max_depth); @@ -150,7 +151,7 @@ std::optional JSONReader::Read(std::string_view json, internal::JSONParser parser(options, max_depth); return parser.Parse(json); } -#endif // BUILDFLAG(IS_NACL) +#endif // (BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)) } // static @@ -179,7 +180,7 @@ std::optional JSONReader::ReadList(std::string_view json, JSONReader::Result JSONReader::ReadAndReturnValueWithError( std::string_view json, int options) { -#if BUILDFLAG(IS_NACL) +#if (BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)) internal::JSONParser parser(options); auto value = parser.Parse(json); if (!value) { @@ -191,7 +192,7 @@ JSONReader::Result JSONReader::ReadAndReturnValueWithError( } return std::move(*value); -#else // BUILDFLAG(IS_NACL) +#else // (BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)) SCOPED_UMA_HISTOGRAM_TIMER_MICROS(kSecurityJsonParsingTime); if (UsingRust()) { return DecodeJSONInRust(json, options, internal::kAbsoluteMaxDepth); @@ -208,7 +209,7 @@ JSONReader::Result JSONReader::ReadAndReturnValueWithError( return std::move(*value); } -#endif // BUILDFLAG(IS_NACL) +#endif // (BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)) } // static @@ -219,7 +220,7 @@ bool JSONReader::UsingRust() { if (!base::FeatureList::GetInstance()) { return false; } -#if BUILDFLAG(IS_NACL) +#if (BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)) return false; #else return base::FeatureList::IsEnabled(base::features::kUseRustJsonParser); diff --git base/logging.cc base/logging.cc index e996f8c614266..7bd52b676cc92 100644 --- base/logging.cc +++ base/logging.cc @@ -51,6 +51,7 @@ #include "base/trace_event/base_tracing.h" #include "base/vlog.h" #include "build/build_config.h" +#include "cef/libcef/features/features.h" #include "third_party/abseil-cpp/absl/base/internal/raw_logging.h" #include "third_party/abseil-cpp/absl/cleanup/cleanup.h" @@ -530,7 +531,7 @@ bool BaseInitLoggingImpl(const LoggingSettings& settings) { } #endif -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) // Connects Rust logging with the //base logging functionality. internal::init_rust_log_crate(); #endif diff --git base/metrics/crc32.cc base/metrics/crc32.cc index 83e3cee2579ab..8238767ab9126 100644 --- base/metrics/crc32.cc +++ base/metrics/crc32.cc @@ -3,14 +3,15 @@ // found in the LICENSE file. #include "base/metrics/crc32.h" +#include "cef/libcef/features/features.h" -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/zlib/zlib.h" #endif // !BUILDFLAG(IS_NACL) namespace base { -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) uint32_t Crc32(uint32_t sum, span data) { if (data.empty()) { return sum; diff --git base/process/memory.h base/process/memory.h index 5d11d4a1560b1..242a93bcca8ed 100644 --- base/process/memory.h +++ base/process/memory.h @@ -29,7 +29,7 @@ BASE_EXPORT void EnableTerminationOnOutOfMemory(); #if PA_BUILDFLAG(USE_PARTITION_ALLOC) using partition_alloc::TerminateBecauseOutOfMemory; #else -inline void TerminateBecauseOutOfMemory(size_t) { +[[noreturn]] inline void TerminateBecauseOutOfMemory(size_t) { logging::RawCheckFailure("Out of memory"); } #endif @@ -58,7 +58,11 @@ bool ReleaseAddressSpaceReservation(); #if BUILDFLAG(IS_WIN) namespace win { +#if PA_BUILDFLAG(USE_PARTITION_ALLOC) using partition_alloc::win::kOomExceptionCode; +#else +const DWORD kOomExceptionCode = 0xe0000008; +#endif } // namespace win #endif diff --git base/rand_util.h base/rand_util.h index da48b37857aa3..3ff683247ab2a 100644 --- base/rand_util.h +++ base/rand_util.h @@ -23,8 +23,9 @@ #include "base/numerics/safe_conversions.h" #include "base/time/time.h" #include "build/build_config.h" +#include "cef/libcef/features/features.h" -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/boringssl/src/include/openssl/rand.h" #endif @@ -185,7 +186,7 @@ class RandomBitGenerator { ~RandomBitGenerator() = default; }; -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) class NonAllocatingRandomBitGenerator { public: using result_type = uint64_t; diff --git base/rand_util_win.cc base/rand_util_win.cc index 0b772cbae8916..b19183b34d176 100644 --- base/rand_util_win.cc +++ base/rand_util_win.cc @@ -15,7 +15,11 @@ #include "base/check.h" #include "base/feature_list.h" +#include "cef/libcef/features/features.h" + +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/boringssl/src/include/openssl/rand.h" +#endif // Prototype for ProcessPrng. // See: https://learn.microsoft.com/en-us/windows/win32/seccng/processprng @@ -27,6 +31,7 @@ namespace base { namespace internal { +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) namespace { // The BoringSSl helpers are duplicated in rand_util_fuchsia.cc and @@ -48,6 +53,10 @@ bool UseBoringSSLForRandBytes() { return g_use_boringssl.load(std::memory_order_relaxed); } +#else // !BUILDFLAG(IS_CEF_SANDBOX_BUILD) +void ConfigureBoringSSLBackedRandBytesFieldTrial() {} +#endif + } // namespace internal namespace { @@ -65,11 +74,13 @@ decltype(&ProcessPrng) GetProcessPrng() { } void RandBytesInternal(span output, bool avoid_allocation) { +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) if (!avoid_allocation && internal::UseBoringSSLForRandBytes()) { // BoringSSL's RAND_bytes always returns 1. Any error aborts the program. (void)RAND_bytes(output.data(), output.size()); return; } +#endif // !BUILDFLAG(IS_CEF_SANDBOX_BUILD) static decltype(&ProcessPrng) process_prng_fn = GetProcessPrng(); BOOL success = diff --git base/unguessable_token.cc base/unguessable_token.cc index ea33ca66f384c..33f4cc76f76bd 100644 --- base/unguessable_token.cc +++ base/unguessable_token.cc @@ -11,8 +11,9 @@ #include "base/format_macros.h" #include "base/rand_util.h" #include "build/build_config.h" +#include "cef/libcef/features/features.h" -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/boringssl/src/include/openssl/mem.h" #endif @@ -58,7 +59,7 @@ std::optional UnguessableToken::DeserializeFromString( } bool operator==(const UnguessableToken& lhs, const UnguessableToken& rhs) { -#if BUILDFLAG(IS_NACL) +#if BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD) // BoringSSL is unavailable for NaCl builds so it remains timing dependent. return lhs.token_ == rhs.token_; #else diff --git base/win/sid.cc base/win/sid.cc index 6a91e984f5161..4433591d96c99 100644 --- base/win/sid.cc +++ base/win/sid.cc @@ -29,12 +29,56 @@ #include "base/win/scoped_handle.h" #include "base/win/scoped_localalloc.h" #include "base/win/windows_version.h" +#include "cef/libcef/features/features.h" + +#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD) #include "third_party/boringssl/src/include/openssl/sha.h" +#else +#include +#endif namespace base::win { namespace { +#if BUILDFLAG(IS_CEF_SANDBOX_BUILD) + +#define SHA256_DIGEST_LENGTH 32 + +bool SHA256(const uint8_t* InData, size_t InDataLen, uint8_t* OutHash) { + HCRYPTPROV hProv = 0; + HCRYPTHASH hHash = 0; + + if (!CryptAcquireContext(&hProv, nullptr, nullptr, PROV_RSA_AES, + CRYPT_VERIFYCONTEXT)) { + return false; + } + + if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash)) { + CryptReleaseContext(hProv, 0); + return false; + } + + if (!CryptHashData(hHash, InData, static_cast(InDataLen), 0)) { + CryptDestroyHash(hHash); + CryptReleaseContext(hProv, 0); + return false; + } + + DWORD dwHashLen = SHA256_DIGEST_LENGTH; + if (!CryptGetHashParam(hHash, HP_HASHVAL, OutHash, &dwHashLen, 0)) { + CryptDestroyHash(hHash); + CryptReleaseContext(hProv, 0); + return false; + } + + CryptDestroyHash(hHash); + CryptReleaseContext(hProv, 0); + return true; +} + +#endif // BUILDFLAG(IS_CEF_SANDBOX_BUILD) + template Sid FromSubAuthorities(const SID_IDENTIFIER_AUTHORITY& identifier_authority, size_t sub_authority_count, diff --git build_overrides/dawn.gni build_overrides/dawn.gni index cec3df3e50b6e..309b4e6a4fe0d 100644 --- build_overrides/dawn.gni +++ build_overrides/dawn.gni @@ -2,11 +2,15 @@ # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. +import("//base/allocator/partition_allocator/partition_alloc.gni") + # The paths to Dawn's dependencies dawn_angle_dir = "//third_party/angle" dawn_glfw_dir = "//third_party/dawn/third_party/glfw" dawn_googletest_dir = "//third_party/googletest/src" -dawn_partition_alloc_dir = "//base/allocator/partition_allocator" +if (use_partition_alloc) { + dawn_partition_alloc_dir = "//base/allocator/partition_allocator" +} dawn_jinja2_dir = "//third_party/jinja2" dawn_jsoncpp_dir = "//third_party/jsoncpp" dawn_spirv_tools_dir = "//third_party/spirv-tools/src"