# Copyright (c) 2016, Google Inc.
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

load("@rules_cc//cc:defs.bzl", "cc_binary", "cc_library")
load(
    ":BUILD.generated.bzl",
    "crypto_headers",
    "crypto_internal_headers",
    "crypto_sources",
    "crypto_sources_asm",
    "fips_fragments",
    "ssl_headers",
    "ssl_internal_headers",
    "ssl_sources",
    "tool_headers",
    "tool_sources",
)

licenses(["notice"])

exports_files(["LICENSE"])

# By default, the C files will expect assembly files, if any, to be linked in
# with the build. This default can be flipped with -DOPENSSL_NO_ASM. If building
# in a configuration where we have no assembly optimizations, -DOPENSSL_NO_ASM
# has no effect, and either value is fine.
#
# Like C files, assembly files are wrapped in #ifdef (or NASM equivalent), so it
# is safe to include a file for the wrong platform in the build. It will just
# output an empty object file. However, we need some platform selectors to
# distinguish between gas or NASM syntax.
#
# For all non-Windows platforms, we use gas assembly syntax and can assume any
# GCC-compatible toolchain includes a gas-compatible assembler.
#
# For Windows, we use NASM on x86 and x86_64 and gas, specifically
# clang-assembler, on aarch64. We have not yet added NASM support to this build,
# and would need to detect MSVC vs clang-cl for aarch64 so, for now, we just
# disable assembly on Windows across the board.
#
# These two selects for asm_sources and asm_copts must be kept in sync. If we
# specify assembly, we don't want OPENSSL_NO_ASM. If we don't specify assembly,
# we want OPENSSL_NO_ASM, in case the C files expect them in some format (e.g.
# NASM) this build file doesn't yet support.
#
# TODO(https://crbug.com/boringssl/531): Enable assembly for Windows.
asm_sources = select({
    "@platforms//os:windows": [],
    "//conditions:default": crypto_sources_asm,
})
asm_copts = select({
    "@platforms//os:windows": ["-DOPENSSL_NO_ASM"],
    "//conditions:default": [],
})

# Configure C, C++, and common flags for GCC-compatible toolchains.
#
# TODO(davidben): Can we remove some of these? In Bazel, are warnings the
# toolchain or project's responsibility? -Wa,--noexecstack should be unnecessary
# now, though https://crbug.com/boringssl/292 tracks testing this in CI.
# -fno-common did not become default until
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85678.
gcc_copts = [
    # Assembler option --noexecstack adds .note.GNU-stack to each object to
    # ensure that binaries can be built with non-executable stack.
    "-Wa,--noexecstack",

    # This list of warnings should match those in the top-level CMakeLists.txt.
    "-Wall",
    "-Werror",
    "-Wformat=2",
    "-Wsign-compare",
    "-Wmissing-field-initializers",
    "-Wwrite-strings",
    "-Wshadow",
    "-fno-common",
]
gcc_copts_c11 = [
    "-std=c11",
    "-Wmissing-prototypes",
    "-Wold-style-definition",
    "-Wstrict-prototypes",
]
gcc_copts_cxx = [
    "-std=c++14",
    "-Wmissing-declarations",
]

boringssl_copts = [
    "-DBORINGSSL_IMPLEMENTATION",
] + select({
    # We assume that non-Windows builds use a GCC-compatible toolchain and that
    # Windows builds do not.
    #
    # TODO(davidben): Should these be querying something in @bazel_tools?
    # Unfortunately, @bazel_tools is undocumented. See
    # https://github.com/bazelbuild/bazel/issues/14914
    "@platforms//os:windows": [],
    "//conditions:default": gcc_copts,
}) + select({
    # This is needed on glibc systems to get rwlock in pthreads, but it should
    # not be set on Apple platforms or FreeBSD, where it instead disables APIs
    # we use.
    # See compat(5), sys/cdefs.h, and https://crbug.com/boringssl/471
    "@platforms//os:linux": ["-D_XOPEN_SOURCE=700"],
    # Without WIN32_LEAN_AND_MEAN, <windows.h> pulls in wincrypt.h, which
    # conflicts with our <openssl/x509.h>.
    "@platforms//os:windows": ["-DWIN32_LEAN_AND_MEAN"],
    "//conditions:default": [],
}) + asm_copts

boringssl_copts_c11 = boringssl_copts + select({
    # TODO(crbug.com/boringssl/624): This should pass /std:c11 on MSVC. It was
    # reverted due to https://github.com/bazelbuild/bazel/issues/15073. When
    # Bazel 6.3.0 is released, restore it and require C11 on MSVC.
    "@platforms//os:windows": [],
    "//conditions:default": gcc_copts_c11,
})

boringssl_copts_cxx = boringssl_copts + select({
    "@platforms//os:windows": [],
    "//conditions:default": gcc_copts_cxx,
})

cc_library(
    name = "crypto",
    srcs = crypto_sources + crypto_internal_headers + asm_sources,
    hdrs = crypto_headers + fips_fragments,
    copts = boringssl_copts_c11,
    includes = ["src/include"],
    linkopts = select({
        "@platforms//os:windows": ["-defaultlib:advapi32.lib"],
        "//conditions:default": ["-pthread"],
    }),
    visibility = ["//visibility:public"],
)

cc_library(
    name = "ssl",
    srcs = ssl_sources + ssl_internal_headers,
    hdrs = ssl_headers,
    copts = boringssl_copts_cxx,
    includes = ["src/include"],
    visibility = ["//visibility:public"],
    deps = [
        ":crypto",
    ],
)

cc_binary(
    name = "bssl",
    srcs = tool_sources + tool_headers,
    copts = boringssl_copts_cxx,
    visibility = ["//visibility:public"],
    deps = [":ssl"],
)
