# file      : libcrypto/buildfile
# license   : OpenSSL and SSLeay Licenses; see accompanying LICENSE file

import imp_libs = libz%lib{z}

# Exclude source code of unused features (engines, disabled algorithms, etc).
#
# Note: crypto/LPdir_*.c and crypto/des/ncbc_enc.c are actually headers.
#
lib{crypto}: {h   }{** -buildinf-body}              \
             {h   }{buildinf-body}                  \
      crypto/{   c}{** -LPdir_* -*cap               \
                       -aes/aes_x86core             \
                       -bn/asm/x86_64-gcc           \
                       -bn/rsaz_exp                 \
                       -des/ncbc_enc                \
                       -ec/ecp_nistz256*            \
                       -engine/eng_devcrypto        \
                       -mdc2/**                     \
                       -poly1305/poly1305_ieee754   \
                       -poly1305/poly1305_base2_44} \
             { def}{libcrypto}                      \
      crypto/{file}{LPdir_*.c des/ncbc_enc.c}       \
             $imp_libs

# Symlinked where appropriate.
#
downstream/internal/h{platform}@./downstream/internal/: dist = false

tclass = $c.target.class
tsys   = $c.target.system

i686 = ($c.target.cpu == 'i686')

linux   = ($tclass == 'linux')
bsd     = ($tclass == 'bsd')
windows = ($tclass == 'windows')

lib{crypto}: file{libcrypto.map}: include = ($linux || $bsd ? adhoc : false)

# Build options.
#
# Drop -DOPENSSL_PIC and -D{L|B}_ENDIAN preprocessor options and define
# OPENSSL_PIC and {L|B}_ENDIAN macros in downstream/openssl/opensslconf.h.
# Pass -DLIBCRYPTO_BUILD to define the above macros only while building the
# libcrypto library.
#
# Note that upstream also passes -DNDEBUG. Let's omit it for now to enable
# assertions to gain some extra confidence that we didn't break anything while
# packaging.
#
c.poptions += -DLIBCRYPTO_BUILD -DZLIB

# Note that the upstream package uses the -pthread compiler/linker option on
# Linux and FreeBSD. The option is unsupported by build2 so we pass
# -D_REENTRANT and -lpthread preprocessor/linker options instead.
#
# Also note that on FreeBSD and Mac OS the upstream package also passes
# -D_REENTRANT.
#
if! $windows
  c.poptions += -D_REENTRANT
else
  c.poptions += -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE

switch $tclass, $tsys
{
  case 'linux'
    c.poptions += -DOPENSSL_USE_NODELETE

  case 'bsd'
    c.poptions += -D_THREAD_SAFE

  case 'windows', 'mingw32'
    c.poptions += -D_MT

  case 'windows'
  {
    # Note that upstream also adds Applink support if compiled with VC. This
    # is something about being able to use the library with application
    # compiled with a different compiler (see
    # ../../upstream/Configurations/10-main.conf for details). We drop this
    # for now as it requires ASM support. In particular, we don't pass
    # -DOPENSSL_USE_APPLINK preprocessor option no compile uplink.c and
    # auto-generated uplink-x86_64.asm.
    #
    c.poptions += -DOPENSSL_SYS_WIN32 -D_CRT_SECURE_NO_DEPRECATE \
                  -D_WINSOCK_DEPRECATED_NO_WARNINGS
  }
}

switch $c.class
{
  case 'gcc'
  {
    if $i686
      c.coptions += -fomit-frame-pointer

    # Disable warnings that pop up with -Wall -Wextra. Upstream doesn't seem
    # to care about these and it is not easy to disable specific warnings in a
    # way that works across compilers/versions (some -Wno-* options are only
    # recognized in newer versions). There are still some warnings left that
    # appear for certain platforms/compilers. We pass them through but disable
    # treating them as errors.
    #
    c.coptions += -Wno-all -Wno-extra -Wno-error
  }
  case 'msvc'
  {
    c.coptions += /Gs0 /GF /Gy

    # Disable warnings that pop up with /W3.
    #
    c.coptions += /wd4090 /wd4129 /wd4164 /wd4244 /wd4267 /wd4311
  }
}

# Escape backslashes and quotes in the compilation flags and substitute them
# into internal/buildinf-body.h as string literals, one per line.
#
# Note: the flag list will not reflect compiler options that build2 adds
# implicitly (-fPIC, etc).
#
cflags =
for f: $c.poptions $c.coptions
  cflags += $regex.replace($f, '(\\|")', '\\\1')

h{buildinf-body}: in{buildinf-body}
{
  cflags = $regex.merge($cflags, '(.+)', '\n  " \1"')
}

# Note that we have to add "-I$src_root" for the headers auto-generating
# machinery to work properly.
#
c.poptions =+ "-I$out_root" "-I$src_root"            \
              "-I$src_base/downstream" "-I$src_base"

crypto/             c.poptions =+ "-I$src_base/include"
crypto/evp/         c.poptions =+ "-I$src_root/libcrypto/crypto/modes"
crypto/ec/curve448/ c.poptions =+ "-I$src_base" "-I$src_base/arch_32"

# Note that upstream defines OPENSSLDIR and ENGINESDIR differently for
# different platforms/distributions. For example, it defines ENGINESDIR as
# /usr/local/lib64/engines-1.1 on Fedora and /usr/local/lib/engines-1_1 for
# MinGW GCC (which doesn't make much sense).
#
# Also note that Linux distributions may also define them differently. For
# example:
#
# Debian/Ubuntu: /usr/lib/ssl and /usr/lib/x86_64-linux-gnu/engines-1.1
# Fedora/RHEL:   /etc/pki/tls and /usr/lib64/engines-1.1
#
# We will not define these directories as there is no guarantee that they
# exist and contain data that is safe to use. Overall, the thinking is that if
# any of these directories are actually needed, then one should probably be
# using the system-installed OpenSSL or configure these directories manually
# at runtime (e.g., via environment variables, API, etc).
#
# Note that we cannot just leave the macros undefined as the project will fail
# to compile. Using empty paths may seem like a good idea but will end up in
# potentially existing filesystem entries (/certs, /cert.pem, etc; see
# upstream's cryptlib.h). Thus, we define them as "\0" which results in the
# empty string literal for the macros defined as follows:
#
# # define X509_CERT_DIR OPENSSLDIR "/certs"
#
# Also note that for the crypto/obj{cversion} target we instead need to leave
# OPENSSLDIR and ENGINESDIR undefined not to break strings used by the
# OpenSSL_version() function (see crypto/cversion.c for details).
#
ns = $regex.apply({**.c -crypto/cversion.c}, '.c$', '')
obj{$ns}: c.poptions += -DOPENSSLDIR='"\0"' -DENGINESDIR='"\0"'

crypto/obj{cversion}: c.poptions =+ "-I$src_root/libcrypto/downstream/internal"

switch $tclass, $tsys
{
  case 'linux'
  {
    c.loptions += -Wl,-znodelete -Wl,-Bsymbolic                  \
                  "-Wl,--version-script=$src_base/libcrypto.map"

    c.libs += -ldl -lpthread
  }
  case 'bsd'
  {
    c.loptions += -Wl,-Bsymbolic                                 \
                  "-Wl,--version-script=$src_base/libcrypto.map"

    c.libs += -lpthread
  }
  case 'windows', 'mingw32'
  {
    # Note that for MinGW GCC the upstream package also passes -static-libgcc.
    # We normally don't link GCC run-time statically when packaging other C
    # libraries, so let's not do that here either and see how it goes.
    #
    c.loptions += -Wl,--enable-auto-image-base

    c.libs += -lws2_32 -lgdi32 -lcrypt32
  }
  case 'windows'
  {
    # Suppress the 'object file does not define any public symbols' warning.
    #
    c.aoptions += /IGNORE:4221

    c.libs += ws2_32.lib gdi32.lib crypt32.lib advapi32.lib
  }
}

# Export options.
#
lib{crypto}: cc.export.poptions = "-I$src_base/downstream" "-I$src_base"

# See bootstrap.build for details.
#
if $version.pre_release
  lib{crypto}: bin.lib.version = @"-$version.project_id"
else
  lib{crypto}: bin.lib.version = @"-$abi_version"

# Install headers from the upstream and downstream openssl/ subdirectories
# only.
#
h{*}:                                install = false
openssl/h{*}:                        install = include/openssl/
downstream/openssl/h{*}:             install = include/openssl/
downstream/openssl/opensslconf/h{*}: install = include/openssl/opensslconf/

# Disable libssl headers installation (see ../README-DEV for details).
#
for h: dtls1 srtp ssl2 ssl3 sslerr ssl
  openssl/h{$h}@./openssl/: install = false