widevine: update to work with BoringSSL.
This change:
1) Switches the Makefiles over to using LOCAL_STATIC_LIBRARIES, which I
understand is the new hotness, rather than setting a -I flag directly.
2) Switches to the non-deprecated _ex versions for EVP_EncryptFinal.
3) Uses the EVP_PKEY interface for checking PSS signatures. This is the
only supported interface in OpenSSL: the PSS padding check functions are
only exported in upstream OpenSSL because it's a library from the 90s
and they don't have a concept of "unexported". Also, by using the EVP
functions, OpenSSL/BoringSSL can do a better job of being constant-time.
Since there aren't any obvious tests for checking that the signtaure
verification still works, I tested with the code in the referenced
paste, which includes both the old and new verification functions and
checks that they both work on a sample signature. (And I also checked
that they both fail when a bit in the signature is changed.)
https://paste.googleplex.com/5747976139964416
(cherry picked from commit 4f01ef23d1)
Change-Id: Iae7409c53eeea9c3892a32c180d7181d72467dcb
This commit is contained in:
Adam Langley
@@ -5,7 +5,6 @@ LOCAL_SRC_FILES := \
|
||||
src/WVCryptoPlugin.cpp \
|
||||
|
||||
LOCAL_C_INCLUDES := \
|
||||
external/openssl/include \
|
||||
frameworks/av/include \
|
||||
frameworks/native/include \
|
||||
vendor/widevine/libwvdrmengine/cdm/core/include \
|
||||
@@ -22,4 +21,6 @@ LOCAL_MODULE_TARGET_ARCH := arm mips x86
|
||||
|
||||
LOCAL_CXX_STL := stlport
|
||||
|
||||
LOCAL_STATIC_LIBRARIES := libcrypto_static
|
||||
|
||||
include $(BUILD_STATIC_LIBRARY)
|
||||
|
||||
Reference in New Issue
Block a user