Roll src/third_party/boringssl/src/ to 209b2562235f7dab66b8260624e7b3c5b00d14a6.

net/android/keystore_openssl.cc

Index: net/android/keystore_openssl.cc
diff --git a/net/android/keystore_openssl.cc b/net/android/keystore_openssl.cc
index c9d30892e2f286345d44ead24279591b86ce27dd..fb0365c6a8d53f9500631b2be276b0acbde6dda0 100644
--- a/net/android/keystore_openssl.cc
+++ b/net/android/keystore_openssl.cc
@@ -176,7 +176,7 @@ int RsaMethodEncrypt(RSA* rsa,
                      size_t in_len,
                      int padding) {
   NOTIMPLEMENTED();
-  OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+  OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE);

[davidben, 2015/07/21 18:27:56]

This will be going away once the Chrome/Android code uses the async signing
stuff (Android and everything else go through slightly different codepaths right
now. I'm probably going to have my new minion finish this cleanup as his first
task.), but it occurs to me you'll probably have to do something similar in
Conscrypt. That should have occurred to me. Oops.

[agl, 2015/07/21 19:25:58]

You mean that the code to bridge BoringSSL to Java-backed certs (in Conscrypt)
and keystore-backed certs (in keystore) will have to change? The ENGINE-based
code will still work, won't it? I don't have any problem changing Conscrypt, but
things like wpa_supplicant expect an ENGINE at the moment and changing that code
is more of a pain.

[davidben, 2015/07/21 19:43:25]

Just the Conscrypt stuff. You'll need to make the analogous change to
OPENSSL_PUT_ERROR lines when pulling the new BoringSSL in. wpa_supplicant
doesn't have any of those.

   return 0;
 }
 
@@ -196,7 +196,7 @@ int RsaMethodSignRaw(RSA* rsa,
     // the same Android version as the "NONEwithRSA"
     // java.security.Signature algorithm, so the same version checks
     // for GetRsaLegacyKey should work.
-    OPENSSL_PUT_ERROR(RSA, sign_raw, RSA_R_UNKNOWN_PADDING_TYPE);
+    OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE);
     return 0;
   }
 
@@ -204,7 +204,7 @@ int RsaMethodSignRaw(RSA* rsa,
   const KeyExData *ex_data = RsaGetExData(rsa);
   if (!ex_data || !ex_data->private_key) {
     LOG(WARNING) << "Null JNI reference passed to RsaMethodSignRaw!";
-    OPENSSL_PUT_ERROR(RSA, sign_raw, ERR_R_INTERNAL_ERROR);
+    OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
     return 0;
   }
 
@@ -221,7 +221,7 @@ int RsaMethodSignRaw(RSA* rsa,
       // if there were some way to convince Java to do it. (Without going
       // through Java, it's difficult to get a handle on a system OpenSSL
       // function; dlopen loads a second copy.)
-      OPENSSL_PUT_ERROR(RSA, sign_raw, ERR_R_INTERNAL_ERROR);
+      OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
       return 0;
     }
     *out_len = ret;
@@ -234,7 +234,7 @@ int RsaMethodSignRaw(RSA* rsa,
   // PKCS#1 padding.
   if (!RawSignDigestWithPrivateKey(ex_data->private_key, from_piece, &result)) {
     LOG(WARNING) << "Could not sign message in RsaMethodSignRaw!";
-    OPENSSL_PUT_ERROR(RSA, sign_raw, ERR_R_INTERNAL_ERROR);
+    OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
     return 0;
   }
 
@@ -242,12 +242,12 @@ int RsaMethodSignRaw(RSA* rsa,
   if (result.size() > expected_size) {
     LOG(ERROR) << "RSA Signature size mismatch, actual: "
                <<  result.size() << ", expected <= " << expected_size;
-    OPENSSL_PUT_ERROR(RSA, sign_raw, ERR_R_INTERNAL_ERROR);
+    OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
     return 0;
   }
 
   if (max_out < expected_size) {
-    OPENSSL_PUT_ERROR(RSA, sign_raw, RSA_R_DATA_TOO_LARGE);
+    OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE);
     return 0;
   }
 
@@ -269,7 +269,7 @@ int RsaMethodDecrypt(RSA* rsa,
                      size_t in_len,
                      int padding) {
   NOTIMPLEMENTED();
-  OPENSSL_PUT_ERROR(RSA, decrypt, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+  OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE);
   return 0;
 }
 
@@ -281,7 +281,7 @@ int RsaMethodVerifyRaw(RSA* rsa,
                        size_t in_len,
                        int padding) {
   NOTIMPLEMENTED();
-  OPENSSL_PUT_ERROR(RSA, verify_raw, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+  OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE);
   return 0;
 }
 
@@ -485,7 +485,7 @@ int EcdsaMethodVerify(const uint8_t* digest,
                       size_t sig_len,
                       EC_KEY* ec_key) {
   NOTIMPLEMENTED();
-  OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_NOT_IMPLEMENTED);
+  OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED);
   return 0;
 }