Google Git
Sign in
android / platform / external / conscrypt / f417aca8ffd57b3817bb24d5a58e01873eecfbde^! / .
commitf417aca8ffd57b3817bb24d5a58e01873eecfbde[log] [tgz]
authorAdam Langley <agl@google.com>Wed Sep 02 15:53:39 2015 -0700
committerAdam Langley <agl@google.com>Wed Sep 02 15:53:39 2015 -0700
tree5f6822c5b8fda55fc5b594a6e4952206e901d0f4
parent44ecbe6c70abfe229f1fe313df84fb1e5ed28acf [diff]
Prepare for BoringSSL update.

This change tweaks things as needed so that the code will compile
against both the BoringSSL that's currently in Android and a version
from upstream. The BORINGSSL_201509 define is temporary to allow the
switch to happen without breaking the build and a followup change will
remove it.

Change-Id: Ie60d8fc4d88154feaca8ab5ea85645b78a85640f

diff --git a/src/main/native/org_conscrypt_NativeCrypto.cpp b/src/main/native/org_conscrypt_NativeCrypto.cpp
index 1877649..df78810 100644
--- a/src/main/native/org_conscrypt_NativeCrypto.cpp
+++ b/src/main/native/org_conscrypt_NativeCrypto.cpp

@@ -1896,6 +1896,13 @@
   return ex_data->cached_size;
 }
 
+#if defined(BORINGSSL_201509)
+// Newer versions of BoringSSL have dropped the function code. */
+#undef OPENSSL_PUT_ERROR
+#define OPENSSL_PUT_ERROR(library, func, reason) \
+    ERR_put_error(ERR_LIB_##library, reason, OPENSSL_CURRENT_FUNCTION, __FILE__, __LINE__)
+#endif
+
 int RsaMethodEncrypt(RSA* /* rsa */,
                      size_t* /* out_len */,
                      uint8_t* /* out */,
@@ -2050,6 +2057,9 @@
     NULL /* private_transform */,
     RSA_FLAG_OPAQUE,
     NULL /* keygen */,
+#if defined(BORINGSSL_201509)
+    NULL /* multi_prime_keygen */,
+#endif
     NULL /* supports_digest */,
 };
 
@@ -7767,8 +7777,8 @@
         = env->GetMethodID(cls, "clientCertificateRequested", "([B[[B)V");
 
     // Call Java callback which can use SSL_use_certificate and SSL_use_PrivateKey to set values
-    const char* ctype = NULL;
 #if !defined(OPENSSL_IS_BORINGSSL)
+    const char* ctype = NULL;
     char ssl2_ctype = SSL3_CT_RSA_SIGN;
     int ctype_num = 0;
     jobjectArray issuers = NULL;
@@ -7788,6 +7798,11 @@
             break;
     }
 #else
+#if defined(BORINGSSL_201509)
+    const uint8_t* ctype = NULL;
+#else
+    const char* ctype = NULL;
+#endif
     int ctype_num = SSL_get0_certificate_types(ssl, &ctype);
     jobjectArray issuers = getPrincipalBytes(env, ssl->s3->tmp.ca_names);
 #endif
@@ -8103,8 +8118,10 @@
     }
     SSL_CTX_set_tmp_ecdh(sslCtx.get(), ec.get());
 
+#if !defined(BORINGSSL_201509)
     // When TLS Channel ID extension is used, use the new version of it.
     sslCtx.get()->tlsext_channel_id_enabled_new = 1;
+#endif
 
     JNI_TRACE("NativeCrypto_SSL_CTX_new => %p", sslCtx.get());
     return (jlong) sslCtx.release();