widevine: update to work with BoringSSL.

This change:

1) Switches the Makefiles over to using LOCAL_STATIC_LIBRARIES, which I
understand is the new hotness, rather than setting a -I flag directly.

2) Switches to the non-deprecated _ex versions for EVP_EncryptFinal.

3) Uses the EVP_PKEY interface for checking PSS signatures. This is the
only supported interface in OpenSSL: the PSS padding check functions are
only exported in upstream OpenSSL because it's a library from the 90s
and they don't have a concept of "unexported". Also, by using the EVP
functions, OpenSSL/BoringSSL can do a better job of being constant-time.

Since there aren't any obvious tests for checking that the signtaure
verification still works, I tested with the code in the referenced
paste, which includes both the old and new verification functions and
checks that they both work on a sample signature. (And I also checked
that they both fail when a bit in the signature is changed.)

https://paste.googleplex.com/5747976139964416

Change-Id: Iae7409c53eeea9c3892a32c180d7181d72467dcb

proprietary/cryptoPlugin/Android.mk

@@ -10,12 +10,12 @@ LOCAL_SRC_FILES := \
 
 LOCAL_C_INCLUDES := \
         $(TOP)/vendor/widevine/proprietary/wvm/include \
-        $(TOP)/external/openssl/include
 
 LOCAL_CFLAGS += -Wno-unused-parameter
 
 LOCAL_MODULE:= libwvdecryptcommon
 LOCAL_MODULE_TAGS := optional
+LOCAL_STATIC_LIBRARIES := libcrypto_static
 
 # Not 64-bit compatible, WVCryptoPlugin::decrypt stores a pointer in a uint32
 LOCAL_MULTILIB := 32