Roll BoringSSL forward and remove temporary ifdefs. (google#1166)

Sync to the BoringSSL revision used in current Chromium stable.

Author: davidben

DEPS

@@ -7,7 +7,7 @@ vars = {
 
      # SSL implementation alternatives:
      "openssl": 				 "https://github.com/openssl/openssl.git@OpenSSL_1_0_2d",
-     "boringssl":        "https://boringssl.googlesource.com/boringssl.git@2661"
+     "boringssl":        "https://boringssl.googlesource.com/boringssl.git@2883"
 }
 
 deps = {

cpp/log/cert.cc

@@ -476,24 +476,8 @@ StatusOr<bool> Cert::IsSignedBy(const Cert& issuer) const {
   unsigned long err = ERR_peek_last_error();
   const int reason = ERR_GET_REASON(err);
   const int lib = ERR_GET_LIB(err);
-#if defined(OPENSSL_IS_BORINGSSL) && !defined(BORINGSSL_201603)
-  // BoringSSL returns only 0 and 1.  This is an attempt to
-  // approximate the circumstances that in OpenSSL cause a 0 return,
-  // and that are too boring/spammy to log, e.g. malformed inputs.
-  if (err == 0 || lib == ERR_LIB_ASN1 || lib == ERR_LIB_X509) {
-    ClearOpenSSLErrors();
-    return false;
-  }
-
-  if (lib == ERR_LIB_EVP &&
-      (reason == EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ||
-       reason == EVP_R_UNKNOWN_SIGNATURE_ALGORITHM)) {
-    return LogUnsupportedAlgorithm();
-  }
-#else
-  // OpenSSL and recent versions of BoringSSL use ERR_R_EVP_LIB when a
-  // signature fails to verify. Clear errors in this case, but log
-  // unusual failures.
+  // OpenSSL and BoringSSL use ERR_R_EVP_LIB when a signature fails to verify.
+  // Clear errors in this case, but log unusual failures.
   if (err == 0 || ((lib == ERR_LIB_X509 || lib == ERR_LIB_ASN1) &&
                    reason == ERR_R_EVP_LIB)) {
     ClearOpenSSLErrors();
@@ -504,7 +488,6 @@ StatusOr<bool> Cert::IsSignedBy(const Cert& issuer) const {
        reason == ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM)) {
     return LogUnsupportedAlgorithm();
   }
-#endif
   LOG(ERROR) << "OpenSSL X509_verify returned " << ret;
   LOG_OPENSSL_ERRORS(ERROR);
   return util::Status(Code::INTERNAL, "X509 verify error");

cpp/log/cert_test.cc

@@ -493,8 +493,7 @@ TEST_F(CertTest, SignatureAlgorithmMatches) {
 TEST_F(CertTest, IllegalSignatureAlgorithmParameter) {
   const unique_ptr<Cert> cert(
       Cert::FromPemString(kIllegalSigAlgParameterCertString));
-#if defined(OPENSSL_IS_BORINGSSL) && \
-    (defined(BORINGSSL_201603) || defined(BORINGSSL_201512))
+#if defined(OPENSSL_IS_BORINGSSL)
   EXPECT_FALSE(cert.get());
 #else
   EXPECT_TRUE(cert.get());