# Copyright 2017 The Fuchsia Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

import("//build/fuzzing/fuzzer.gni")
import("BUILD.generated.gni")
import("BUILD.generated_tests.gni")

if (is_fuchsia) {
  import("//src/sys/build/components.gni")
}

declare_args() {
  run_slow_bssl_tests = false
}

################################################################################
# Public targets

group("boringssl") {
  public_deps = [
    ":crypto",
    ":ssl",
  ]
}

group("boringssl-shared") {
  public_deps = [
    ":crypto-shared",
    ":ssl-shared",
  ]
}

group("boringssl-static") {
  public_deps = [
    ":crypto-static",
    ":ssl-static",
  ]
}

if (current_cpu == "arm64" && (is_fuchsia || is_linux)) {
  crypto_sources += crypto_sources_linux_aarch64
} else if (current_cpu == "x64" && (is_fuchsia || is_linux)) {
  crypto_sources += crypto_sources_linux_x86_64
} else if (current_cpu == "x64" && is_mac) {
  crypto_sources += crypto_sources_mac_x86_64
} else {
  assert(false, "unsupported OS or CPU: $current_os/$current_cpu")
}

# TODO(46139): remove this added source.
crypto_sources += [ "src/decrepit/xts/xts.c" ]

################
# libcrypto.so #
################

foreach(lib_type, ["static", "shared"]) {
  target("${lib_type}_library", "crypto-${lib_type}") {
    if (default_library_type == "${lib_type}_library") {
      output_name = "crypto"
    }
    sources = crypto_sources
    public = crypto_headers
    public_configs = [ ":boringssl_config" ]
    configs += [ ":internal_config" ]

    if (is_fuchsia) {
      # TODO(46910): UBSan has found an instance of undefined behavior in this target.
      # Disable UBSan for this target temporarily until it is migrated into CI/CQ.
      configs += [ "//build/config:temporarily_disable_ubsan_do_not_use" ]

      # TODO(60545): profile instrumentation significantly affects performance.
      configs += [ "//build/config:no_profile" ]

      # boringssl should always be optimized for speed because otherwise performance is significantly
      # worse, impacting pave and boot times on debug builds (fxb/55456)
      configs -= [ "//build/config:default_optimize" ]
      configs += [ "//build/config:optimize_speed" ]

      # sysrand() uses Zircon system call.
      deps = [ "//src/zircon/lib/zircon" ]
    }
  }

  target("${lib_type}_library", "ssl-${lib_type}") {
    if (default_library_type == "${lib_type}_library") {
      output_name = "ssl"
    }
    sources = ssl_sources
    public = ssl_headers
    public_configs = [ ":boringssl_config" ]
    configs += [ ":internal_config" ]
    deps = [ ":crypto-${lib_type}" ]

    if (is_fuchsia) {
      # boringssl should always be optimized for speed because otherwise performance is significantly
      # worse, impacting pave and boot times on debug builds (fxb/55456)
      configs -= [ "//build/config:default_optimize" ]
      configs += [ "//build/config:optimize_speed" ]
    }
  }
}

foreach(lib_name, ["crypto", "ssl"]) {
  group("$lib_name") {
    if (default_library_type == "shared_library") {
      public_deps = [ ":${lib_name}-shared" ]
    } else if (default_library_type == "static_library") {
      public_deps = [ ":${lib_name}-static" ]
    } else {
      assert(false, "unsupported default_library_type: $default_library_type")
    }
  }
}

source_set("crypto_unsafe") {
  testonly = true
  visibility = [ ":*" ]
  sources = crypto_sources
  public = crypto_headers
  configs += [ ":fuzz_config" ]

  if (is_fuchsia) {
    # TODO(46910): UBSan has found an instance of undefined behavior in this target.
    # Disable UBSan for this target temporarily until it is migrated into CI/CQ.
    configs += [ "//build/config:temporarily_disable_ubsan_do_not_use" ]

    # sysrand() uses Zircon system call.
    deps = [ "//src/zircon/lib/zircon" ]
  }
}

source_set("ssl_unsafe") {
  testonly = true
  visibility = [ ":*" ]
  sources = ssl_sources
  public = ssl_headers
  configs += [ ":fuzz_config" ]
  deps = [ ":crypto_unsafe" ]
}

##########################
# bssl command line tool #
##########################
if (is_fuchsia) {
  fuchsia_shell_package("boringssl_tool") {
    deps = [ ":bssl" ]
  }
} else {
  group("boringssl_tool") {
    deps = [ ":bssl" ]
  }
}

# See //third_party/boringssl/tool/CMakeLists.txt
executable("bssl") {
  visibility = [ ":*" ]
  sources = [
    "src/tool/args.cc",
    "src/tool/ciphers.cc",
    "src/tool/client.cc",
    "src/tool/const.cc",
    "src/tool/digest.cc",
    "src/tool/file.cc",
    "src/tool/fd.cc",
    "src/tool/generate_ed25519.cc",
    "src/tool/genrsa.cc",
    "src/tool/pkcs12.cc",
    "src/tool/rand.cc",
    "src/tool/server.cc",
    "src/tool/sign.cc",
    "src/tool/speed.cc",
    "src/tool/tool.cc",
    "src/tool/transport_common.cc",
  ]
  configs += [ "//third_party/boringssl:internal_config" ]
  deps = [
    ":crypto",
    ":ssl",
  ]
}

##############
# Unit tests #
##############
if (is_fuchsia) {
  fuchsia_unittest_component("crypto_test_component") {
    deps = [ ":crypto_test" ]
  }
  fuchsia_unittest_component("ssl_test_component") {
    deps = [ ":ssl_test" ]
  }
  fuchsia_test_package("boringssl_tests") {
    test_components = [
      ":ssl_test_component",
    ]

    # This test takes a long time to run, and it is included in every subset
    # of the Fuchsia build.
    # TODO(bgoldman): Find a way to skip this test when runtests is set to
    # skip "large" tests.
    if (run_slow_bssl_tests) {
      test_components += [":crypto_test_component"]
    }
  }
}

group("tests") {
  testonly = true
  if (is_fuchsia) {
    deps = [ ":boringssl_tests" ]
  } else {
    deps = [
      ":crypto_test",
      ":ssl_test",
    ]
  }
}

executable("crypto_test") {
  testonly = true
  visibility = [ ":*" ]
  sources = crypto_test_sources + test_support_sources
  configs += [ ":test_config" ]
  deps = [
    ":crypto",
    "//third_party/googletest:gtest",
  ]
}

executable("ssl_test") {
  testonly = true
  visibility = [ ":*" ]
  sources = ssl_test_sources + test_support_sources
  configs += [ ":test_config" ]
  deps = [
    ":crypto",
    ":ssl",
    "//third_party/googletest:gtest",
  ]
}

################################################################################
# Fuzzers

# Upstream BoringSSL defines a `fuzzers` global variable in the generated
# GNI files; we rename it to avoid colliding with the similarly-named parameter
# on the fuzzers_package.
fuzzer_names = fuzzers

# Explicitly remove the arm_cpuinfo fuzzer, which tests Linux-specific routines
if (is_fuchsia) {
  fuzzer_names -= [ "arm_cpuinfo" ]
}

foreach(name, fuzzer_names) {
  fuzzer("${name}_fuzzer") {
    visibility = [ ":*" ]
    sources = [ "src/fuzz/${name}.cc" ]
    configs += [ ":fuzz_config" ]
    deps = [
      ":crypto_unsafe",
      ":ssl_unsafe",
    ]
  }
}

fuzzers_package("boringssl_fuzzers") {
  fuzzers = []
  foreach(name, fuzzer_names) {
    fuzzers += [ ":${name}_fuzzer" ]
  }
}

################################################################################
# Configs
config("boringssl_config") {
  include_dirs = [ "src/include" ]
}

config("internal_config") {
  visibility = [ ":*" ]
  defines = [
    "BORINGSSL_ALLOW_CXX_RUNTIME",
    "BORINGSSL_IMPLEMENTATION",
    "BORINGSSL_NO_STATIC_INITIALIZER",
    "BORINGSSL_SHARED_LIBRARY",
    "OPENSSL_SMALL",
  ]
  if (is_linux) {
    # pthread_rwlock_t on Linux requires a feature flag.
    defines += [ "_XOPEN_SOURCE=700" ]
  }
  cflags = [
    "-Wno-unused-function",
    "-Wno-conversion",
  ]
  configs = [
    ":boringssl_config",
    "//build/config:shared_library_config",
  ]
  if (is_fuchsia) {
    configs += [ "//build/config/fuchsia:static_cpp_standard_library" ]
  }
}

config("test_config") {
  visibility = [ ":*" ]
  include_dirs = [
    "src/crypto/test",
    "src/ssl/test",
  ]
  configs = [ ":internal_config" ]

  # TODO(INTK-682): Newer googletest's are spamming about an API rename, but
  # BoringSSL hasn't updated yet.
  cflags = [ "-Wno-deprecated-declarations" ]
}

config("fuzz_config") {
  visibility = [ ":*" ]

  # BoringSSL explicitly decided against using the common LLVM fuzzing macro:
  # https://boringssl-review.googlesource.com/c/boringssl/+/31244
  defines = [ "BORINGSSL_UNSAFE_DETERMINISTIC_MODE" ]
  configs = [ ":internal_config" ]
}