Revert "Switch to BoringSSL."

This reverts commit r284079. BUG=395271 Review URL: https://codereview.chromium.org/406693004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@284248 0039d316-1c4b-4281-b951-d872f2087c98
hexiaoyuan · Jul 18, 2014 · 996856a · 996856a
1 parent cf8508b
commit 996856a
Show file tree

Hide file tree

Showing 42 changed files with 747 additions and 513 deletions.
diff --git a/DEPS b/DEPS
@@ -55,7 +55,7 @@ vars = {
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling WebRTC
   # and V8 without interference from each other.
-  "webrtc_revision": "6683",
+  "webrtc_revision": "6680",
   "jsoncpp_revision": "248",
   "nss_revision": "277057",
   # Three lines of non-changing comments so that
@@ -65,7 +65,7 @@ vars = {
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling openssl
   # and whatever else without interference from each other.
-  "openssl_revision": "283115",
+  "openssl_revision": "275836",
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling ANGLE
   # and whatever else without interference from each other.
@@ -85,7 +85,7 @@ vars = {
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling BoringSSL
   # and whatever else without interference from each other.
-  "boringssl_revision": "e77dff61bd47e2d7ed8072f7fba001681914a817",
+  "boringssl_revision": "09020c2f08df11179b93e6548117806a4c0d0d45",
 }
 
 deps = {

diff --git a/android_webview/buildbot/deps_whitelist.py b/android_webview/buildbot/deps_whitelist.py
@@ -32,7 +32,6 @@ def __init__(self):
     # in the Android tree.
     self._compile_but_not_snapshot_dependencies = [
       'third_party/libaddressinput/src/cpp',
-      'third_party/boringssl/src',
     ]
 
     # Dependencies that need to be merged into the Android tree.

diff --git a/android_webview/native/webview_native.gyp b/android_webview/native/webview_native.gyp
@@ -23,7 +23,7 @@
         '../../ui/gfx/gfx.gyp:gfx_geometry',
         '../../webkit/storage_browser.gyp:webkit_storage_browser',
         '../../webkit/storage_common.gyp:webkit_storage_common',
-        '../../third_party/boringssl/boringssl.gyp:boringssl',
+        '../../third_party/openssl/openssl.gyp:openssl',
         'android_webview_native_jni',
       ],
       'include_dirs': [

diff --git a/build/linux/system.gyp b/build/linux/system.gyp
@@ -985,7 +985,7 @@
           'conditions': [
             ['use_openssl==1', {
               'dependencies': [
-                '../../third_party/boringssl/boringssl.gyp:boringssl',
+                '../../third_party/openssl/openssl.gyp:openssl',
               ],
             }],
             ['use_openssl==0', {

diff --git a/build/linux/unbundle/replace_gyp_files.py b/build/linux/unbundle/replace_gyp_files.py
@@ -31,7 +31,7 @@
   'use_system_libxml': 'third_party/libxml/libxml.gyp',
   'use_system_libxnvctrl' : 'third_party/libXNVCtrl/libXNVCtrl.gyp',
   'use_system_libxslt': 'third_party/libxslt/libxslt.gyp',
-  'use_system_openssl': 'third_party/boringssl/boringssl.gyp',
+  'use_system_openssl': 'third_party/openssl/openssl.gyp',
   'use_system_opus': 'third_party/opus/opus.gyp',
   'use_system_re2': 'third_party/re2/re2.gyp',
   'use_system_snappy': 'third_party/snappy/snappy.gyp',

diff --git a/chrome/chrome_browser_ui.gypi b/chrome/chrome_browser_ui.gypi
@@ -2775,7 +2775,7 @@
         ['OS=="android"', {
           'dependencies': [
             '../components/components.gyp:web_contents_delegate_android',
-            '../third_party/boringssl/boringssl.gyp:boringssl',
+            '../third_party/openssl/openssl.gyp:openssl',
             'chrome_browser_jni_headers',
           ],
           'dependencies!': [

diff --git a/chrome/chrome_common.gypi b/chrome/chrome_common.gypi
@@ -653,7 +653,7 @@
         ],
         ['OS == "android"', {
             'dependencies': [
-              '../third_party/boringssl/boringssl.gyp:boringssl',
+              '../third_party/openssl/openssl.gyp:openssl',
             ],
             'sources!': [
               'common/net/x509_certificate_model.cc',

diff --git a/content/child/webcrypto/platform_crypto_openssl.cc b/content/child/webcrypto/platform_crypto_openssl.cc
@@ -53,10 +53,12 @@ class SymKey : public Key {
 namespace {
 
 const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) {
-  // OpenSSL supports AES CBC ciphers for only 2 key lengths: 128, 256 bits
+  // OpenSSL supports AES CBC ciphers for only 3 key lengths: 128, 192, 256 bits
   switch (key_length_bytes) {
     case 16:
       return EVP_aes_128_cbc();
+    case 24:
+      return EVP_aes_192_cbc();
     case 32:
       return EVP_aes_256_cbc();
     default:
@@ -437,43 +439,40 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
   crypto::ScopedOpenSSL<EVP_AEAD_CTX, EVP_AEAD_CTX_cleanup>::Type ctx_cleanup(
       &ctx);
 
-  size_t len;
-  int ok;
+  ssize_t len;
 
   if (mode == DECRYPT) {
     if (data.byte_length() < tag_length_bytes)
       return Status::ErrorDataTooSmall();
 
     buffer->resize(data.byte_length() - tag_length_bytes);
 
-    ok = EVP_AEAD_CTX_open(&ctx,
-                           Uint8VectorStart(buffer),
-                           &len,
-                           buffer->size(),
-                           iv.bytes(),
-                           iv.byte_length(),
-                           data.bytes(),
-                           data.byte_length(),
-                           additional_data.bytes(),
-                           additional_data.byte_length());
+    len = EVP_AEAD_CTX_open(&ctx,
+                            Uint8VectorStart(buffer),
+                            buffer->size(),
+                            iv.bytes(),
+                            iv.byte_length(),
+                            data.bytes(),
+                            data.byte_length(),
+                            additional_data.bytes(),
+                            additional_data.byte_length());
   } else {
     // No need to check for unsigned integer overflow here (seal fails if
     // the output buffer is too small).
     buffer->resize(data.byte_length() + tag_length_bytes);
 
-    ok = EVP_AEAD_CTX_seal(&ctx,
-                           Uint8VectorStart(buffer),
-                           &len,
-                           buffer->size(),
-                           iv.bytes(),
-                           iv.byte_length(),
-                           data.bytes(),
-                           data.byte_length(),
-                           additional_data.bytes(),
-                           additional_data.byte_length());
+    len = EVP_AEAD_CTX_seal(&ctx,
+                            Uint8VectorStart(buffer),
+                            buffer->size(),
+                            iv.bytes(),
+                            iv.byte_length(),
+                            data.bytes(),
+                            data.byte_length(),
+                            additional_data.bytes(),
+                            additional_data.byte_length());
   }
 
-  if (!ok)
+  if (len < 0)
     return Status::OperationError();
   buffer->resize(len);
   return Status::Success();

diff --git a/content/content_child.gypi b/content/content_child.gypi
@@ -297,7 +297,7 @@
         '<@(webcrypto_openssl_sources)',
       ],
       'dependencies': [
-        '../third_party/boringssl/boringssl.gyp:boringssl',
+        '../third_party/openssl/openssl.gyp:openssl',
       ],
     }, {
       'sources': [

diff --git a/crypto/BUILD.gn b/crypto/BUILD.gn
@@ -242,7 +242,7 @@ test("crypto_unittests") {
 # on the current SSL library should just depend on this.
 group("platform") {
   if (use_openssl) {
-    deps = [ "//third_party/boringssl" ]
+    deps = [ "//third_party/openssl" ]
   } else {
     deps = [ "//net/third_party/nss/ssl:libssl" ]
     if (is_linux) {

diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp
@@ -100,7 +100,7 @@
         }],
         [ 'use_openssl==1', {
             'dependencies': [
-              '../third_party/boringssl/boringssl.gyp:boringssl',
+              '../third_party/openssl/openssl.gyp:openssl',
             ],
             # TODO(joth): Use a glob to match exclude patterns once the
             #             OpenSSL file set is complete.
@@ -209,7 +209,7 @@
         }],
         [ 'use_openssl==1', {
           'dependencies': [
-            '../third_party/boringssl/boringssl.gyp:boringssl',
+            '../third_party/openssl/openssl.gyp:openssl',
           ],
           'sources!': [
             'nss_util_unittest.cc',

diff --git a/crypto/crypto_nacl.gyp b/crypto/crypto_nacl.gyp
@@ -22,7 +22,7 @@
         'build_pnacl_newlib': 1,
       },
       'dependencies': [
-        '../third_party/boringssl/boringssl_nacl.gyp:boringssl_nacl',
+        '../third_party/openssl/openssl_nacl.gyp:openssl_nacl',
         '../native_client/tools.gyp:prep_toolchain',
         '../native_client_sdk/native_client_sdk_untrusted.gyp:nacl_io_untrusted',
       ],

diff --git a/crypto/encryptor_openssl.cc b/crypto/encryptor_openssl.cc
@@ -19,6 +19,7 @@ namespace {
 const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) {
   switch (key->key().length()) {
     case 16: return EVP_aes_128_cbc();
+    case 24: return EVP_aes_192_cbc();
     case 32: return EVP_aes_256_cbc();
     default: return NULL;
   }
@@ -99,8 +100,8 @@ bool Encryptor::Crypt(bool do_encrypt,
   DCHECK(cipher);  // Already handled in Init();
 
   const std::string& key = key_->key();
-  DCHECK_EQ(EVP_CIPHER_iv_length(cipher), iv_.length());
-  DCHECK_EQ(EVP_CIPHER_key_length(cipher), key.length());
+  DCHECK_EQ(EVP_CIPHER_iv_length(cipher), static_cast<int>(iv_.length()));
+  DCHECK_EQ(EVP_CIPHER_key_length(cipher), static_cast<int>(key.length()));
 
   ScopedCipherCTX ctx;
   if (!EVP_CipherInit_ex(ctx.get(), cipher, NULL,

diff --git a/crypto/openssl_bio_string_unittest.cc b/crypto/openssl_bio_string_unittest.cc
@@ -23,17 +23,24 @@ TEST(OpenSSLBIOString, TestWrite) {
     EXPECT_EQ(static_cast<int>(expected1.size()),
               BIO_printf(bio.get(), "a %s\nb %i\n", "one", 2));
     EXPECT_EQ(expected1, s);
+    EXPECT_EQ(static_cast<int>(expected1.size()), BIO_tell(bio.get()));
 
     EXPECT_EQ(1, BIO_flush(bio.get()));
+    EXPECT_EQ(-1, BIO_seek(bio.get(), 0));
     EXPECT_EQ(expected1, s);
 
     EXPECT_EQ(static_cast<int>(expected2.size()),
               BIO_write(bio.get(), expected2.data(), expected2.size()));
     EXPECT_EQ(expected1 + expected2, s);
+    EXPECT_EQ(static_cast<int>(expected1.size() + expected2.size()),
+              BIO_tell(bio.get()));
 
     EXPECT_EQ(static_cast<int>(expected3.size()),
               BIO_puts(bio.get(), expected3.c_str()));
     EXPECT_EQ(expected1 + expected2 + expected3, s);
+    EXPECT_EQ(static_cast<int>(expected1.size() + expected2.size() +
+                               expected3.size()),
+              BIO_tell(bio.get()));
   }
   EXPECT_EQ(expected1 + expected2 + expected3, s);
 }

diff --git a/crypto/openssl_util.cc b/crypto/openssl_util.cc
@@ -6,7 +6,6 @@
 
 #include <openssl/err.h>
 #include <openssl/ssl.h>
-#include <openssl/cpu.h>
 
 #include "base/logging.h"
 #include "base/memory/scoped_vector.h"
@@ -23,9 +22,8 @@ namespace crypto {
 
 namespace {
 
-void CurrentThreadId(CRYPTO_THREADID* id) {
-  CRYPTO_THREADID_set_numeric(
-      id, static_cast<unsigned long>(base::PlatformThread::CurrentId()));
+unsigned long CurrentThreadId() {
+  return static_cast<unsigned long>(base::PlatformThread::CurrentId());
 }
 
 // Singleton for initializing and cleaning up the OpenSSL library.
@@ -55,7 +53,7 @@ class OpenSSLInitSingleton {
     for (int i = 0; i < num_locks; ++i)
       locks_.push_back(new base::Lock());
     CRYPTO_set_locking_callback(LockingCallback);
-    CRYPTO_THREADID_set_callback(CurrentThreadId);
+    CRYPTO_set_id_callback(CurrentThreadId);
 
 #if defined(OS_ANDROID) && defined(ARCH_CPU_ARMEL)
     const bool has_neon =

diff --git a/crypto/rsa_private_key_openssl.cc b/crypto/rsa_private_key_openssl.cc
@@ -4,8 +4,6 @@
 
 #include "crypto/rsa_private_key.h"
 
-#include <openssl/bio.h>
-#include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
 #include <openssl/rsa.h>

diff --git a/crypto/scoped_openssl_types.h b/crypto/scoped_openssl_types.h
@@ -5,7 +5,6 @@
 #ifndef CRYPTO_SCOPED_OPENSSL_TYPES_H_
 #define CRYPTO_SCOPED_OPENSSL_TYPES_H_
 
-#include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/ec.h>

diff --git a/crypto/signature_verifier_openssl.cc b/crypto/signature_verifier_openssl.cc
@@ -26,7 +26,7 @@ const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) {
     case SignatureVerifier::SHA256:
       return EVP_sha256();
   }
-  return NULL;
+  return EVP_md_null();
 }
 
 }  // namespace
@@ -80,11 +80,8 @@ bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
                                          const uint8* public_key_info,
                                          int public_key_info_len) {
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
-  const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
+  const EVP_MD* digest = ToOpenSSLDigest(hash_alg);
   DCHECK(digest);
-  if (!digest) {
-    return false;
-  }
 
   EVP_PKEY_CTX* pkey_ctx;
   if (!CommonInit(digest, signature, signature_len, public_key_info,
@@ -95,12 +92,8 @@ bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
   int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
   if (rv != 1)
     return false;
-  const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg);
-  DCHECK(mgf_digest);
-  if (!mgf_digest) {
-    return false;
-  }
-  rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest);
+  rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx,
+                                    ToOpenSSLDigest(mask_hash_alg));
   if (rv != 1)
     return false;
   rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);

diff --git a/google_apis/google_apis.gyp b/google_apis/google_apis.gyp
@@ -45,7 +45,7 @@
         }],
         ['OS=="android"', {
           'dependencies': [
-            '../third_party/boringssl/boringssl.gyp:boringssl',
+            '../third_party/openssl/openssl.gyp:openssl',
           ],
           'sources/': [
             ['exclude', 'cup/client_update_protocol_nss\.cc$'],

diff --git a/net/BUILD.gn b/net/BUILD.gn
@@ -523,6 +523,10 @@ component("net") {
 
     if (!is_android_webview_build) {
       deps += [ ":net_jni_headers" ]
+
+      # The net/android/keystore_openssl.cc source file needs to access an
+      # OpenSSL-internal header.
+      include_dirs = [ "//third_party/openssl" ]
     }
   }
 
@@ -920,7 +924,7 @@ if (is_linux) {
       ":epoll_server",
       ":net",
       "//base",
-      "//third_party/boringssl",
+      "//third_party/openssl",
     ]
   }
 
@@ -939,7 +943,7 @@ if (is_linux) {
       ":test_support",
       "//testing/gtest",
       "//testing/gmock",
-      "//third_party/boringssl",
+      "//third_party/openssl",
     ]
   }
 
@@ -990,7 +994,7 @@ if (is_linux) {
       "//base",
       "//base/third_party/dynamic_annotations",
       "//crypto",
-      "//third_party/boringssl",
+      "//third_party/openssl",
       "//url",
     ]
   }
@@ -1001,7 +1005,7 @@ if (is_linux) {
       ":quic_base",
       ":net",
       "//base",
-      "//third_party/boringssl",
+      "//third_party/openssl",
     ]
   }
 }
@@ -1330,7 +1334,7 @@ executable("quic_server") {
     ":quic_tools",
     ":net",
     "//base",
-    "//third_party/boringssl",
+    "//third_party/openssl",
   ]
 }