Add SSL support to the GN build

crypto/BUILD.gn

Index: crypto/BUILD.gn
diff --git a/tools/gn/secondary/crypto/BUILD.gn b/crypto/BUILD.gn
similarity index 83%
rename from tools/gn/secondary/crypto/BUILD.gn
rename to crypto/BUILD.gn
index 50365c98d3d7232a82646b6d3ad8c3281f46bfea..5eefec78202b9b9b54c6d8abdaac8b4c870149fe 100644
--- a/tools/gn/secondary/crypto/BUILD.gn
+++ b/crypto/BUILD.gn
@@ -4,18 +4,6 @@
 
 import("//build/config/crypto.gni")
 
-crypto_minimal_sources = [
-  "hmac.cc",
-  "hmac.h",
-  "hmac_win.cc",
-  "secure_util.cc",
-  "secure_util.h",
-  "symmetric_key.h",
-  "symmetric_key_win.cc",
-  "third_party/nss/chromium-sha256.h",
-  "third_party/nss/sha512.cc",
-]
-
 component("crypto") {
   output_name = "crcrypto"  # Avoid colliding with OpenSSL's libcrypto.
   sources = [
@@ -98,11 +86,12 @@ component("crypto") {
   ]
 
   deps = [
+    ":crypto_minimal",
+    ":ssl",
     "//base",
     "//base/third_party/dynamic_annotations",
-    "//crypto/ssl:metassl",
   ]
-  forward_dependent_configs_from = [ "//crypto/ssl:metassl" ]
+  forward_dependent_configs_from = [ ":ssl" ]
 
   if (!is_mac && !is_ios) {
     sources -= [
@@ -175,19 +164,25 @@ component("crypto") {
   }
 
   defines = [ "CRYPTO_IMPLEMENTATION" ]
-
-  # TODO(brettw) once GYP compat is no longer necessary, just move
-  # crypto_minimal_sources to the crypto_minimal target and include a
-  # dependency on it here.
-  sources += crypto_minimal_sources
 }
 
 # A minimal crypto subset for core features that small standalone targets can
 # use to reduce code size.
-static_library("crypto_minimal") {
-  sources = crypto_minimal_sources
+source_set("crypto_minimal") {
+  sources = [
+    "hmac.cc",
+    "hmac.h",
+    "hmac_win.cc",
+    "secure_util.cc",
+    "secure_util.h",
+    "symmetric_key.h",
+    "symmetric_key_win.cc",
+    "third_party/nss/chromium-sha256.h",
+    "third_party/nss/sha512.cc",
+  ]
 
   deps = [
+    ":ssl",
     "//base",
     "//base/third_party/dynamic_annotations",
   ]
@@ -227,6 +222,17 @@ test("crypto_unittests") {
     ]
   }
 
+  if (use_openssl || !is_linux) {
+    sources -= [
+      "rsa_private_key_nss_unittest.cc",
+      "openpgp_symmetric_encryption_unittest.cc",
+    ]
+  }
+
+  if (use_openssl) {
+    sources -= [ "nss_util_unittest.cc" ]
+  }
+
   deps = [
     ":crypto",
     "//base",
@@ -236,7 +242,22 @@ test("crypto_unittests") {
     "//testing/gtest",
   ]
 
-  if (is_mac) {
-    #deps += "//third_party/nss:nspr"
+  if (is_linux) {
+    deps += [ ":ssl" ]

[Ryan Sleevi, 2014/04/14 18:38:42]

Why do you do this, when :crypto already has the dep?

Alternatively, why isn't this unconditional dep?

+  }
+
+  if (!use_openssl && (is_mac || is_ios || is_win)) {
+    deps += [ "//third_party/nss:nspr" ]

[Ryan Sleevi, 2014/04/14 18:38:42]

Why doesn't the meta :ssl target handle this?

+  }
+}
+
+# This is a meta-target that forwards to NSS's SSL library or OpenSSL,
+# according to the state of the crypto flags. A target just wanting to depend
+# on the current SSL library should just depend on this.
+group("ssl") {
+  if (use_openssl) {
+    deps = [ "//third_party/openssl" ]
+  } else {
+    deps = [ "//net/third_party/nss/ssl:libssl" ]

[Ryan Sleevi, 2014/04/14 18:38:42]

//crypto does *not* depend on libssl - it depends on (NSS & NSPR) || (OpenSSL)

A better way to think of this is

meta-target "platform" or "system"

system w/ use_openssl -> openssl
system w/o use_openssl
  !linux -> nss & nspr, hermetic
  Linux -> nspr (pkg-config), nss (pkg-config -ssl), ssl (hermetic)

I expect all other targets (eg: Chromoting, Widevine CDM, etc) to pick up the
dependency on "platform".

The dependency shouldn't be exported as visible symbols into dependents (eg: you
don't depend on crypto/crcrypto to get NSS, you need to depend on
crypto:platform. Likewise, in net/, if you use sockets, you depend on net/ - if
you want to use NSS directly, net AND crypto:platform)

   }
 }