commit 08fdfb4586a1908dcbc5fd958360b2efa93e5294
author Adam Langley <agl@google.com> Wed Sep 02 15:53:39 2015 -0700
committer Kenny Root <kroot@google.com> Fri Oct 02 17:24:50 2015 -0700
tree c450fd5e7ad3a8d4bd387cd08223bdb1a4057251
parent f95bf50382051437b6689b92fb7bad3b23d28efd

Prepare for BoringSSL update.

This change tweaks things as needed so that the code will compile
against both the BoringSSL that's currently in Android and a version
from upstream. The BORINGSSL_201509 define is temporary to allow the
switch to happen without breaking the build and a followup change will
remove it.

(cherry picked from commit f417aca8ffd57b3817bb24d5a58e01873eecfbde)

Change-Id: Ie60d8fc4d88154feaca8ab5ea85645b78a85640f

src/main/native/org_conscrypt_NativeCrypto.cpp

diff --git a/src/main/native/org_conscrypt_NativeCrypto.cpp b/src/main/native/org_conscrypt_NativeCrypto.cpp
index 6c68750..5f7e938 100644
--- a/src/main/native/org_conscrypt_NativeCrypto.cpp
+++ b/src/main/native/org_conscrypt_NativeCrypto.cpp
@@ -1900,6 +1900,13 @@
   return ex_data->cached_size;
 }
 
+#if defined(BORINGSSL_201509)
+// Newer versions of BoringSSL have dropped the function code. */
+#undef OPENSSL_PUT_ERROR
+#define OPENSSL_PUT_ERROR(library, func, reason) \
+    ERR_put_error(ERR_LIB_##library, reason, OPENSSL_CURRENT_FUNCTION, __FILE__, __LINE__)
+#endif
+
 int RsaMethodEncrypt(RSA* /* rsa */,
                      size_t* /* out_len */,
                      uint8_t* /* out */,
@@ -2054,6 +2061,9 @@
     NULL /* private_transform */,
     RSA_FLAG_OPAQUE,
     NULL /* keygen */,
+#if defined(BORINGSSL_201509)
+    NULL /* multi_prime_keygen */,
+#endif
     NULL /* supports_digest */,
 };
 
@@ -7775,8 +7785,8 @@
         = env->GetMethodID(cls, "clientCertificateRequested", "([B[[B)V");
 
     // Call Java callback which can use SSL_use_certificate and SSL_use_PrivateKey to set values
-    const char* ctype = NULL;
 #if !defined(OPENSSL_IS_BORINGSSL)
+    const char* ctype = NULL;
     char ssl2_ctype = SSL3_CT_RSA_SIGN;
     int ctype_num = 0;
     jobjectArray issuers = NULL;
@@ -7796,6 +7806,11 @@
             break;
     }
 #else
+#if defined(BORINGSSL_201509)
+    const uint8_t* ctype = NULL;
+#else
+    const char* ctype = NULL;
+#endif
     int ctype_num = SSL_get0_certificate_types(ssl, &ctype);
     jobjectArray issuers = getPrincipalBytes(env, ssl->s3->tmp.ca_names);
 #endif
@@ -8129,8 +8144,10 @@
     SSL_CTX_set_tmp_dh_callback(sslCtx.get(), tmp_dh_callback);
     SSL_CTX_set_tmp_ecdh_callback(sslCtx.get(), tmp_ecdh_callback);
 
+#if !defined(BORINGSSL_201509)
     // When TLS Channel ID extension is used, use the new version of it.
     sslCtx.get()->tlsext_channel_id_enabled_new = 1;
+#endif
 
     JNI_TRACE("NativeCrypto_SSL_CTX_new => %p", sslCtx.get());
     return (jlong) sslCtx.release();