1# Copyright (c) 2016, Google Inc. 2# 3# Permission to use, copy, modify, and/or distribute this software for any 4# purpose with or without fee is hereby granted, provided that the above 5# copyright notice and this permission notice appear in all copies. 6# 7# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15load("@rules_cc//cc:defs.bzl", "cc_binary", "cc_library") 16load( 17 ":BUILD.generated.bzl", 18 "crypto_headers", 19 "crypto_internal_headers", 20 "crypto_sources", 21 "crypto_sources_asm", 22 "fips_fragments", 23 "ssl_headers", 24 "ssl_internal_headers", 25 "ssl_sources", 26 "tool_headers", 27 "tool_sources", 28) 29 30licenses(["notice"]) 31 32exports_files(["LICENSE"]) 33 34# By default, the C files will expect assembly files, if any, to be linked in 35# with the build. This default can be flipped with -DOPENSSL_NO_ASM. If building 36# in a configuration where we have no assembly optimizations, -DOPENSSL_NO_ASM 37# has no effect, and either value is fine. 38# 39# Like C files, assembly files are wrapped in #ifdef (or NASM equivalent), so it 40# is safe to include a file for the wrong platform in the build. It will just 41# output an empty object file. However, we need some platform selectors to 42# distinguish between gas or NASM syntax. 43# 44# For all non-Windows platforms, we use gas assembly syntax and can assume any 45# GCC-compatible toolchain includes a gas-compatible assembler. 46# 47# For Windows, we use NASM on x86 and x86_64 and gas, specifically 48# clang-assembler, on aarch64. We have not yet added NASM support to this build, 49# and would need to detect MSVC vs clang-cl for aarch64 so, for now, we just 50# disable assembly on Windows across the board. 51# 52# These two selects for asm_sources and asm_copts must be kept in sync. If we 53# specify assembly, we don't want OPENSSL_NO_ASM. If we don't specify assembly, 54# we want OPENSSL_NO_ASM, in case the C files expect them in some format (e.g. 55# NASM) this build file doesn't yet support. 56# 57# TODO(https://crbug.com/boringssl/531): Enable assembly for Windows. 58asm_sources = select({ 59 "@platforms//os:windows": [], 60 "//conditions:default": crypto_sources_asm, 61}) 62asm_copts = select({ 63 "@platforms//os:windows": ["-DOPENSSL_NO_ASM"], 64 "//conditions:default": [], 65}) 66 67# Configure C, C++, and common flags for GCC-compatible toolchains. 68# 69# TODO(davidben): Can we remove some of these? In Bazel, are warnings the 70# toolchain or project's responsibility? -Wa,--noexecstack should be unnecessary 71# now, though https://crbug.com/boringssl/292 tracks testing this in CI. 72# -fno-common did not become default until 73# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85678. 74gcc_copts = [ 75 # Assembler option --noexecstack adds .note.GNU-stack to each object to 76 # ensure that binaries can be built with non-executable stack. 77 "-Wa,--noexecstack", 78 79 # This list of warnings should match those in the top-level CMakeLists.txt. 80 "-Wall", 81 "-Werror", 82 "-Wformat=2", 83 "-Wsign-compare", 84 "-Wmissing-field-initializers", 85 "-Wwrite-strings", 86 "-Wshadow", 87 "-fno-common", 88] 89gcc_copts_c11 = [ 90 "-std=c11", 91 "-Wmissing-prototypes", 92 "-Wold-style-definition", 93 "-Wstrict-prototypes", 94] 95gcc_copts_cxx = [ 96 "-std=c++14", 97 "-Wmissing-declarations", 98] 99 100boringssl_copts = [ 101 "-DBORINGSSL_IMPLEMENTATION", 102] + select({ 103 # We assume that non-Windows builds use a GCC-compatible toolchain and that 104 # Windows builds do not. 105 # 106 # TODO(davidben): Should these be querying something in @bazel_tools? 107 # Unfortunately, @bazel_tools is undocumented. See 108 # https://github.com/bazelbuild/bazel/issues/14914 109 "@platforms//os:windows": [], 110 "//conditions:default": gcc_copts, 111}) + select({ 112 # This is needed on glibc systems to get rwlock in pthreads, but it should 113 # not be set on Apple platforms or FreeBSD, where it instead disables APIs 114 # we use. 115 # See compat(5), sys/cdefs.h, and https://crbug.com/boringssl/471 116 "@platforms//os:linux": ["-D_XOPEN_SOURCE=700"], 117 # Without WIN32_LEAN_AND_MEAN, <windows.h> pulls in wincrypt.h, which 118 # conflicts with our <openssl/x509.h>. 119 "@platforms//os:windows": ["-DWIN32_LEAN_AND_MEAN"], 120 "//conditions:default": [], 121}) + asm_copts 122 123boringssl_copts_c11 = boringssl_copts + select({ 124 "@platforms//os:windows": ["/std:c11"], 125 "//conditions:default": gcc_copts_c11, 126}) 127 128boringssl_copts_cxx = boringssl_copts + select({ 129 "@platforms//os:windows": [], 130 "//conditions:default": gcc_copts_cxx, 131}) 132 133cc_library( 134 name = "crypto", 135 srcs = crypto_sources + crypto_internal_headers + asm_sources, 136 hdrs = crypto_headers + fips_fragments, 137 copts = boringssl_copts_c11, 138 includes = ["src/include"], 139 linkopts = select({ 140 "@platforms//os:windows": ["-defaultlib:advapi32.lib"], 141 "//conditions:default": ["-pthread"], 142 }), 143 visibility = ["//visibility:public"], 144) 145 146cc_library( 147 name = "ssl", 148 srcs = ssl_sources + ssl_internal_headers, 149 hdrs = ssl_headers, 150 copts = boringssl_copts_cxx, 151 includes = ["src/include"], 152 visibility = ["//visibility:public"], 153 deps = [ 154 ":crypto", 155 ], 156) 157 158cc_binary( 159 name = "bssl", 160 srcs = tool_sources + tool_headers, 161 copts = boringssl_copts_cxx, 162 visibility = ["//visibility:public"], 163 deps = [":ssl"], 164) 165