Revert "Switch to BoringSSL."

This reverts commit 283542.

This broke the WebView Android build.

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@283591 0039d316-1c4b-4281-b951-d872f2087c98

DEPS

@@ -55,7 +55,7 @@ vars = {
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling WebRTC
   # and V8 without interference from each other.
-  "webrtc_revision": "6683",
+  "webrtc_revision": "6680",
   "jsoncpp_revision": "248",
   "nss_revision": "277057",
   # Three lines of non-changing comments so that
@@ -65,7 +65,7 @@ vars = {
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling openssl
   # and whatever else without interference from each other.
-  "openssl_revision": "283115",
+  "openssl_revision": "275836",
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling ANGLE
   # and whatever else without interference from each other.
@@ -85,7 +85,7 @@ vars = {
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling BoringSSL
   # and whatever else without interference from each other.
-  "boringssl_revision": "045cc5590a214a0efb982d028a4f1f0e9dfe3314",
+  "boringssl_revision": "09020c2f08df11179b93e6548117806a4c0d0d45",
 }
 
 deps = {

android_webview/native/webview_native.gyp

@@ -24,7 +24,7 @@
         '../../webkit/common/webkit_common.gyp:webkit_common',
         '../../webkit/storage_browser.gyp:webkit_storage_browser',
         '../../webkit/storage_common.gyp:webkit_storage_common',
-        '../../third_party/boringssl/boringssl.gyp:boringssl',
+        '../../third_party/openssl/openssl.gyp:openssl',
         'android_webview_native_jni',
       ],
       'include_dirs': [

build/linux/system.gyp

@@ -985,7 +985,7 @@
           'conditions': [
             ['use_openssl==1', {
               'dependencies': [
-                '../../third_party/boringssl/boringssl.gyp:boringssl',
+                '../../third_party/openssl/openssl.gyp:openssl',
               ],
             }],
             ['use_openssl==0', {

build/linux/unbundle/replace_gyp_files.py

@@ -31,7 +31,7 @@
   'use_system_libxml': 'third_party/libxml/libxml.gyp',
   'use_system_libxnvctrl' : 'third_party/libXNVCtrl/libXNVCtrl.gyp',
   'use_system_libxslt': 'third_party/libxslt/libxslt.gyp',
-  'use_system_openssl': 'third_party/boringssl/boringssl.gyp',
+  'use_system_openssl': 'third_party/openssl/openssl.gyp',
   'use_system_opus': 'third_party/opus/opus.gyp',
   'use_system_re2': 'third_party/re2/re2.gyp',
   'use_system_snappy': 'third_party/snappy/snappy.gyp',

chrome/chrome_browser_ui.gypi

@@ -2773,7 +2773,7 @@
         ['OS=="android"', {
           'dependencies': [
             '../components/components.gyp:web_contents_delegate_android',
-            '../third_party/boringssl/boringssl.gyp:boringssl',
+            '../third_party/openssl/openssl.gyp:openssl',
             'chrome_browser_jni_headers',
           ],
           'dependencies!': [

chrome/chrome_common.gypi

@@ -653,7 +653,7 @@
         ],
         ['OS == "android"', {
             'dependencies': [
-              '../third_party/boringssl/boringssl.gyp:boringssl',
+              '../third_party/openssl/openssl.gyp:openssl',
             ],
             'sources!': [
               'common/net/x509_certificate_model.cc',

content/child/webcrypto/platform_crypto_openssl.cc

@@ -53,10 +53,12 @@ class SymKey : public Key {
 namespace {
 
 const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) {
-  // OpenSSL supports AES CBC ciphers for only 2 key lengths: 128, 256 bits
+  // OpenSSL supports AES CBC ciphers for only 3 key lengths: 128, 192, 256 bits
   switch (key_length_bytes) {
     case 16:
       return EVP_aes_128_cbc();
+    case 24:
+      return EVP_aes_192_cbc();
     case 32:
       return EVP_aes_256_cbc();
     default:
@@ -437,43 +439,40 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
   crypto::ScopedOpenSSL<EVP_AEAD_CTX, EVP_AEAD_CTX_cleanup>::Type ctx_cleanup(
       &ctx);
 
-  size_t len;
-  int ok;
+  ssize_t len;
 
   if (mode == DECRYPT) {
     if (data.byte_length() < tag_length_bytes)
       return Status::ErrorDataTooSmall();
 
     buffer->resize(data.byte_length() - tag_length_bytes);
 
-    ok = EVP_AEAD_CTX_open(&ctx,
-                           Uint8VectorStart(buffer),
-                           &len,
-                           buffer->size(),
-                           iv.bytes(),
-                           iv.byte_length(),
-                           data.bytes(),
-                           data.byte_length(),
-                           additional_data.bytes(),
-                           additional_data.byte_length());
+    len = EVP_AEAD_CTX_open(&ctx,
+                            Uint8VectorStart(buffer),
+                            buffer->size(),
+                            iv.bytes(),
+                            iv.byte_length(),
+                            data.bytes(),
+                            data.byte_length(),
+                            additional_data.bytes(),
+                            additional_data.byte_length());
   } else {
     // No need to check for unsigned integer overflow here (seal fails if
     // the output buffer is too small).
     buffer->resize(data.byte_length() + tag_length_bytes);
 
-    ok = EVP_AEAD_CTX_seal(&ctx,
-                           Uint8VectorStart(buffer),
-                           &len,
-                           buffer->size(),
-                           iv.bytes(),
-                           iv.byte_length(),
-                           data.bytes(),
-                           data.byte_length(),
-                           additional_data.bytes(),
-                           additional_data.byte_length());
+    len = EVP_AEAD_CTX_seal(&ctx,
+                            Uint8VectorStart(buffer),
+                            buffer->size(),
+                            iv.bytes(),
+                            iv.byte_length(),
+                            data.bytes(),
+                            data.byte_length(),
+                            additional_data.bytes(),
+                            additional_data.byte_length());
   }
 
-  if (!ok)
+  if (len < 0)
     return Status::OperationError();
   buffer->resize(len);
   return Status::Success();

content/content_child.gypi

@@ -297,7 +297,7 @@
         '<@(webcrypto_openssl_sources)',
       ],
       'dependencies': [
-        '../third_party/boringssl/boringssl.gyp:boringssl',
+        '../third_party/openssl/openssl.gyp:openssl',
       ],
     }, {
       'sources': [

crypto/BUILD.gn

@@ -242,7 +242,7 @@ test("crypto_unittests") {
 # on the current SSL library should just depend on this.
 group("platform") {
   if (use_openssl) {
-    deps = [ "//third_party/boringssl" ]
+    deps = [ "//third_party/openssl" ]
   } else {
     deps = [ "//net/third_party/nss/ssl:libssl" ]
     if (is_linux) {

crypto/crypto.gyp

@@ -100,7 +100,7 @@
         }],
         [ 'use_openssl==1', {
             'dependencies': [
-              '../third_party/boringssl/boringssl.gyp:boringssl',
+              '../third_party/openssl/openssl.gyp:openssl',
             ],
             # TODO(joth): Use a glob to match exclude patterns once the
             #             OpenSSL file set is complete.
@@ -209,7 +209,7 @@
         }],
         [ 'use_openssl==1', {
           'dependencies': [
-            '../third_party/boringssl/boringssl.gyp:boringssl',
+            '../third_party/openssl/openssl.gyp:openssl',
           ],
           'sources!': [
             'nss_util_unittest.cc',

crypto/crypto_nacl.gyp

@@ -22,7 +22,7 @@
         'build_pnacl_newlib': 1,
       },
       'dependencies': [
-        '../third_party/boringssl/boringssl_nacl.gyp:boringssl_nacl',
+        '../third_party/openssl/openssl_nacl.gyp:openssl_nacl',
         '../native_client/tools.gyp:prep_toolchain',
         '../native_client_sdk/native_client_sdk_untrusted.gyp:nacl_io_untrusted',
       ],

crypto/encryptor_openssl.cc

@@ -19,6 +19,7 @@ namespace {
 const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) {
   switch (key->key().length()) {
     case 16: return EVP_aes_128_cbc();
+    case 24: return EVP_aes_192_cbc();
     case 32: return EVP_aes_256_cbc();
     default: return NULL;
   }
@@ -99,8 +100,8 @@ bool Encryptor::Crypt(bool do_encrypt,
   DCHECK(cipher);  // Already handled in Init();
 
   const std::string& key = key_->key();
-  DCHECK_EQ(EVP_CIPHER_iv_length(cipher), iv_.length());
-  DCHECK_EQ(EVP_CIPHER_key_length(cipher), key.length());
+  DCHECK_EQ(EVP_CIPHER_iv_length(cipher), static_cast<int>(iv_.length()));
+  DCHECK_EQ(EVP_CIPHER_key_length(cipher), static_cast<int>(key.length()));
 
   ScopedCipherCTX ctx;
   if (!EVP_CipherInit_ex(ctx.get(), cipher, NULL,

crypto/openssl_bio_string_unittest.cc

@@ -23,17 +23,24 @@ TEST(OpenSSLBIOString, TestWrite) {
     EXPECT_EQ(static_cast<int>(expected1.size()),
               BIO_printf(bio.get(), "a %s\nb %i\n", "one", 2));
     EXPECT_EQ(expected1, s);
+    EXPECT_EQ(static_cast<int>(expected1.size()), BIO_tell(bio.get()));
 
     EXPECT_EQ(1, BIO_flush(bio.get()));
+    EXPECT_EQ(-1, BIO_seek(bio.get(), 0));
     EXPECT_EQ(expected1, s);
 
     EXPECT_EQ(static_cast<int>(expected2.size()),
               BIO_write(bio.get(), expected2.data(), expected2.size()));
     EXPECT_EQ(expected1 + expected2, s);
+    EXPECT_EQ(static_cast<int>(expected1.size() + expected2.size()),
+              BIO_tell(bio.get()));
 
     EXPECT_EQ(static_cast<int>(expected3.size()),
               BIO_puts(bio.get(), expected3.c_str()));
     EXPECT_EQ(expected1 + expected2 + expected3, s);
+    EXPECT_EQ(static_cast<int>(expected1.size() + expected2.size() +
+                               expected3.size()),
+              BIO_tell(bio.get()));
   }
   EXPECT_EQ(expected1 + expected2 + expected3, s);
 }

crypto/openssl_util.cc

@@ -6,7 +6,6 @@
 
 #include <openssl/err.h>
 #include <openssl/ssl.h>
-#include <openssl/cpu.h>
 
 #include "base/logging.h"
 #include "base/memory/scoped_vector.h"
@@ -23,9 +22,8 @@ namespace crypto {
 
 namespace {
 
-void CurrentThreadId(CRYPTO_THREADID* id) {
-  CRYPTO_THREADID_set_numeric(
-      id, static_cast<unsigned long>(base::PlatformThread::CurrentId()));
+unsigned long CurrentThreadId() {
+  return static_cast<unsigned long>(base::PlatformThread::CurrentId());
 }
 
 // Singleton for initializing and cleaning up the OpenSSL library.
@@ -55,7 +53,7 @@ class OpenSSLInitSingleton {
     for (int i = 0; i < num_locks; ++i)
       locks_.push_back(new base::Lock());
     CRYPTO_set_locking_callback(LockingCallback);
-    CRYPTO_THREADID_set_callback(CurrentThreadId);
+    CRYPTO_set_id_callback(CurrentThreadId);
 
 #if defined(OS_ANDROID) && defined(ARCH_CPU_ARMEL)
     const bool has_neon =

crypto/rsa_private_key_openssl.cc

@@ -4,8 +4,6 @@
 
 #include "crypto/rsa_private_key.h"
 
-#include <openssl/bio.h>
-#include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
 #include <openssl/rsa.h>

crypto/scoped_openssl_types.h

@@ -5,7 +5,6 @@
 #ifndef CRYPTO_SCOPED_OPENSSL_TYPES_H_
 #define CRYPTO_SCOPED_OPENSSL_TYPES_H_
 
-#include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/ec.h>

crypto/signature_verifier_openssl.cc

@@ -26,7 +26,7 @@ const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) {
     case SignatureVerifier::SHA256:
       return EVP_sha256();
   }
-  return NULL;
+  return EVP_md_null();
 }
 
 }  // namespace
@@ -80,11 +80,8 @@ bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
                                          const uint8* public_key_info,
                                          int public_key_info_len) {
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
-  const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
+  const EVP_MD* digest = ToOpenSSLDigest(hash_alg);
   DCHECK(digest);
-  if (!digest) {
-    return false;
-  }
 
   EVP_PKEY_CTX* pkey_ctx;
   if (!CommonInit(digest, signature, signature_len, public_key_info,
@@ -95,12 +92,8 @@ bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
   int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
   if (rv != 1)
     return false;
-  const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg);
-  DCHECK(mgf_digest);
-  if (!mgf_digest) {
-    return false;
-  }
-  rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest);
+  rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx,
+                                    ToOpenSSLDigest(mask_hash_alg));
   if (rv != 1)
     return false;
   rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);

google_apis/google_apis.gyp

@@ -44,7 +44,7 @@
         }],
         ['OS=="android"', {
           'dependencies': [
-            '../third_party/boringssl/boringssl.gyp:boringssl',
+            '../third_party/openssl/openssl.gyp:openssl',
           ],
           'sources/': [
             ['exclude', 'cup/client_update_protocol_nss\.cc$'],

net/BUILD.gn

@@ -523,6 +523,10 @@ component("net") {
 
     if (!is_android_webview_build) {
       deps += [ ":net_jni_headers" ]
+
+      # The net/android/keystore_openssl.cc source file needs to access an
+      # OpenSSL-internal header.
+      include_dirs = [ "//third_party/openssl" ]
     }
   }
 
@@ -913,7 +917,7 @@ if (is_linux) {
       ":epoll_server",
       ":net",
       "//base",
-      "//third_party/boringssl",
+      "//third_party/openssl",
     ]
   }
 
@@ -932,7 +936,7 @@ if (is_linux) {
       ":test_support",
       "//testing/gtest",
       "//testing/gmock",
-      "//third_party/boringssl",
+      "//third_party/openssl",
     ]
   }
 
@@ -983,7 +987,7 @@ if (is_linux) {
       "//base",
       "//base/third_party/dynamic_annotations",
       "//crypto",
-      "//third_party/boringssl",
+      "//third_party/openssl",
       "//url",
     ]
   }
@@ -994,7 +998,7 @@ if (is_linux) {
       ":quic_base",
       ":net",
       "//base",
-      "//third_party/boringssl",
+      "//third_party/openssl",
     ]
   }
 }
@@ -1324,7 +1328,7 @@ executable("quic_server") {
     ":quic_tools",
     ":net",
     "//base",
-    "//third_party/boringssl",
+    "//third_party/openssl",
   ]
 }