Build src/crypto for PNaCl

crypto/crypto_nacl.gyp

Index: crypto/crypto_nacl.gyp
diff --git a/crypto/crypto_nacl.gyp b/crypto/crypto_nacl.gyp
new file mode 100644
index 0000000000000000000000000000000000000000..088554d4614909afc2bd76aed1008f8085d2ad19
--- /dev/null
+++ b/crypto/crypto_nacl.gyp
@@ -0,0 +1,85 @@
+# Copyright 2014 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+{
+  'variables': {
+    'chromium_code': 1,
+
+    # OpenSSL is used instead of NSS in NaCl, even when Chrome is built with
+    # NSS.
+    'use_nss': 0,
+    'use_openssl': 1,

[Ryan Sleevi, 2014/03/05 21:43:50]

This really should be global in some other .gypi. I wouldn't want to see this
code duplicated in net/, for example, as it's the wrong layer.

[Sergey Ulanov, 2014/03/06 19:37:28]

Updated common.gyp to define USE_OPENSSL when nacl_untrusted_build==1

+  },
+  'includes': [
+    '../native_client/build/untrusted.gypi',
+    'crypto.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'crypto_nacl',

[Ryan Sleevi, 2014/03/05 21:43:50]

Is it going to be necessary to spin up separate _nacl targets for each of the
first party libraries?

[Sergey Ulanov, 2014/03/06 19:37:28]

Yes, for each library used in remoting. gyp currently doesn't support building
NaCl and native variants of the same target, so we need a separate target.

+      'type': 'none',
+      'variables': {
+        'nacl_untrusted_build': 1,
+        'nlib_target': 'libcrypto_nacl.a',
+        'build_glibc': 0,
+        'build_newlib': 0,
+        'build_pnacl_newlib': 1,
+      },
+      'dependencies': [
+        '../third_party/openssl/openssl_nacl.gyp:openssl_nacl',
+        '../native_client/tools.gyp:prep_toolchain',
+        '../native_client_sdk/native_client_sdk_untrusted.gyp:nacl_io_untrusted',
+      ],
+      'defines': [
+        'CRYPTO_IMPLEMENTATION',
+      ],
+      'sources': [
+        '<@(crypto_sources)',
+      ],
+      'sources/': [
+        ['exclude', 'ec_private_key_nss\.cc$'],
+        ['exclude', 'ec_signature_creator_nss\.cc$'],
+        ['exclude', 'encryptor_nss\.cc$'],
+        ['exclude', 'hmac_nss\.cc$'],
+        ['exclude', 'signature_verifier_nss\.cc$'],
+        ['exclude', 'symmetric_key_nss\.cc$'],

[Ryan Sleevi, 2014/03/05 21:43:50]

Why are you sources/ this, but sources! the rest?

[Sergey Ulanov, 2014/03/06 19:37:28]

removed sources!

+      ],
+      'sources!': [

[Ryan Sleevi, 2014/03/05 21:43:50]

This seems like it's going to be fairly brittle.

[Sergey Ulanov, 2014/03/06 19:37:28]

Replaced with regex-based exclusions.

+        'apple_keychain.h',
+        'capi_util.cc',
+        'capi_util.h',
+        'cssm_init.cc',
+        'cssm_init.h',
+        'hmac_win.cc',
+        'mac_security_services_lock.cc',
+        'mac_security_services_lock.h',
+        'mock_apple_keychain.cc',
+        'mock_apple_keychain.h',
+        'openpgp_symmetric_encryption.cc',
+        'openpgp_symmetric_encryption.h',
+        'symmetric_key_win.cc',
+        'ec_private_key_nss.cc',
+        'ec_signature_creator_nss.cc',
+        'encryptor_nss.cc',
+        'hmac_nss.cc',
+        'nss_util.cc',
+        'nss_util.h',
+        'openpgp_symmetric_encryption.cc',
+        'rsa_private_key_nss.cc',
+        'secure_hash_default.cc',
+        'signature_creator_nss.cc',
+        'signature_verifier_nss.cc',
+        'symmetric_key_nss.cc',
+        'third_party/nss/chromium-blapi.h',
+        'third_party/nss/chromium-blapit.h',
+        'third_party/nss/chromium-nss.h',
+        'third_party/nss/chromium-sha256.h',
+        'third_party/nss/pk11akey.cc',
+        'third_party/nss/rsawrapr.c',
+        'third_party/nss/secsign.cc',
+        'third_party/nss/sha512.cc',
+      ],
+    },
+  ],
+}