widevine: update to work with BoringSSL.

This change:

1) Switches the Makefiles over to using LOCAL_STATIC_LIBRARIES, which I
understand is the new hotness, rather than setting a -I flag directly.

2) Switches to the non-deprecated _ex versions for EVP_EncryptFinal.

3) Uses the EVP_PKEY interface for checking PSS signatures. This is the
only supported interface in OpenSSL: the PSS padding check functions are
only exported in upstream OpenSSL because it's a library from the 90s
and they don't have a concept of "unexported". Also, by using the EVP
functions, OpenSSL/BoringSSL can do a better job of being constant-time.

Since there aren't any obvious tests for checking that the signtaure
verification still works, I tested with the code in the referenced
paste, which includes both the old and new verification functions and
checks that they both work on a sample signature. (And I also checked
that they both fail when a bit in the signature is changed.)

https://paste.googleplex.com/5747976139964416

Change-Id: Iae7409c53eeea9c3892a32c180d7181d72467dcb

libwvdrmengine/mediacrypto/Android.mk

@@ -5,7 +5,6 @@ LOCAL_SRC_FILES := \
   src/WVCryptoPlugin.cpp \
 
 LOCAL_C_INCLUDES := \
-  external/openssl/include \
   frameworks/av/include \
   frameworks/native/include \
   vendor/widevine/libwvdrmengine/cdm/core/include \
@@ -20,4 +19,6 @@ LOCAL_MODULE_TAGS := optional
 
 LOCAL_MODULE_TARGET_ARCH := arm x86
 
+LOCAL_STATIC_LIBRARIES := libcrypto_static
+
 include $(BUILD_STATIC_LIBRARY)