Prepare for BoringSSL update.
This change tweaks things as needed so that the code will compile
against both the BoringSSL that's currently in Android and a version
from upstream. The BORINGSSL_201509 define is temporary to allow the
switch to happen without breaking the build and a followup change will
remove it.
(cherry picked from commit f417aca8ffd57b3817bb24d5a58e01873eecfbde)
Change-Id: Ie60d8fc4d88154feaca8ab5ea85645b78a85640f
diff --git a/src/main/native/org_conscrypt_NativeCrypto.cpp b/src/main/native/org_conscrypt_NativeCrypto.cpp
index 6c68750..5f7e938 100644
--- a/src/main/native/org_conscrypt_NativeCrypto.cpp
+++ b/src/main/native/org_conscrypt_NativeCrypto.cpp
@@ -1900,6 +1900,13 @@
return ex_data->cached_size;
}
+#if defined(BORINGSSL_201509)
+// Newer versions of BoringSSL have dropped the function code. */
+#undef OPENSSL_PUT_ERROR
+#define OPENSSL_PUT_ERROR(library, func, reason) \
+ ERR_put_error(ERR_LIB_##library, reason, OPENSSL_CURRENT_FUNCTION, __FILE__, __LINE__)
+#endif
+
int RsaMethodEncrypt(RSA* /* rsa */,
size_t* /* out_len */,
uint8_t* /* out */,
@@ -2054,6 +2061,9 @@
NULL /* private_transform */,
RSA_FLAG_OPAQUE,
NULL /* keygen */,
+#if defined(BORINGSSL_201509)
+ NULL /* multi_prime_keygen */,
+#endif
NULL /* supports_digest */,
};
@@ -7775,8 +7785,8 @@
= env->GetMethodID(cls, "clientCertificateRequested", "([B[[B)V");
// Call Java callback which can use SSL_use_certificate and SSL_use_PrivateKey to set values
- const char* ctype = NULL;
#if !defined(OPENSSL_IS_BORINGSSL)
+ const char* ctype = NULL;
char ssl2_ctype = SSL3_CT_RSA_SIGN;
int ctype_num = 0;
jobjectArray issuers = NULL;
@@ -7796,6 +7806,11 @@
break;
}
#else
+#if defined(BORINGSSL_201509)
+ const uint8_t* ctype = NULL;
+#else
+ const char* ctype = NULL;
+#endif
int ctype_num = SSL_get0_certificate_types(ssl, &ctype);
jobjectArray issuers = getPrincipalBytes(env, ssl->s3->tmp.ca_names);
#endif
@@ -8129,8 +8144,10 @@
SSL_CTX_set_tmp_dh_callback(sslCtx.get(), tmp_dh_callback);
SSL_CTX_set_tmp_ecdh_callback(sslCtx.get(), tmp_ecdh_callback);
+#if !defined(BORINGSSL_201509)
// When TLS Channel ID extension is used, use the new version of it.
sslCtx.get()->tlsext_channel_id_enabled_new = 1;
+#endif
JNI_TRACE("NativeCrypto_SSL_CTX_new => %p", sslCtx.get());
return (jlong) sslCtx.release();