Prepare for BoringSSL update.
This change tweaks things as needed so that the code will compile
against both the BoringSSL that's currently in Android and a version
from upstream. The BORINGSSL_201509 define is temporary to allow the
switch to happen without breaking the build and a followup change will
remove it.
Change-Id: Ie60d8fc4d88154feaca8ab5ea85645b78a85640f
diff --git a/src/main/native/org_conscrypt_NativeCrypto.cpp b/src/main/native/org_conscrypt_NativeCrypto.cpp
index 1877649..df78810 100644
--- a/src/main/native/org_conscrypt_NativeCrypto.cpp
+++ b/src/main/native/org_conscrypt_NativeCrypto.cpp
@@ -1896,6 +1896,13 @@
return ex_data->cached_size;
}
+#if defined(BORINGSSL_201509)
+// Newer versions of BoringSSL have dropped the function code. */
+#undef OPENSSL_PUT_ERROR
+#define OPENSSL_PUT_ERROR(library, func, reason) \
+ ERR_put_error(ERR_LIB_##library, reason, OPENSSL_CURRENT_FUNCTION, __FILE__, __LINE__)
+#endif
+
int RsaMethodEncrypt(RSA* /* rsa */,
size_t* /* out_len */,
uint8_t* /* out */,
@@ -2050,6 +2057,9 @@
NULL /* private_transform */,
RSA_FLAG_OPAQUE,
NULL /* keygen */,
+#if defined(BORINGSSL_201509)
+ NULL /* multi_prime_keygen */,
+#endif
NULL /* supports_digest */,
};
@@ -7767,8 +7777,8 @@
= env->GetMethodID(cls, "clientCertificateRequested", "([B[[B)V");
// Call Java callback which can use SSL_use_certificate and SSL_use_PrivateKey to set values
- const char* ctype = NULL;
#if !defined(OPENSSL_IS_BORINGSSL)
+ const char* ctype = NULL;
char ssl2_ctype = SSL3_CT_RSA_SIGN;
int ctype_num = 0;
jobjectArray issuers = NULL;
@@ -7788,6 +7798,11 @@
break;
}
#else
+#if defined(BORINGSSL_201509)
+ const uint8_t* ctype = NULL;
+#else
+ const char* ctype = NULL;
+#endif
int ctype_num = SSL_get0_certificate_types(ssl, &ctype);
jobjectArray issuers = getPrincipalBytes(env, ssl->s3->tmp.ca_names);
#endif
@@ -8103,8 +8118,10 @@
}
SSL_CTX_set_tmp_ecdh(sslCtx.get(), ec.get());
+#if !defined(BORINGSSL_201509)
// When TLS Channel ID extension is used, use the new version of it.
sslCtx.get()->tlsext_channel_id_enabled_new = 1;
+#endif
JNI_TRACE("NativeCrypto_SSL_CTX_new => %p", sslCtx.get());
return (jlong) sslCtx.release();