You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficserver.apache.org by zw...@apache.org on 2023/03/31 20:34:24 UTC

[trafficserver] branch 9.2.x updated: Fix a build issue with the latest BoringSSL (#9546)

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.2.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.2.x by this push:
     new a9d756727 Fix a build issue with the latest BoringSSL (#9546)
a9d756727 is described below

commit a9d756727397c786843e9962a019513fed8d4a09
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Wed Mar 22 09:53:28 2023 -0600

    Fix a build issue with the latest BoringSSL (#9546)
    
    * Fix a build issue with the latest BoringSSL
    
    * Another fix
    
    (cherry picked from commit 85c900649de021e09ea920dc4e3a86b50a8e5d54)
---
 iocore/net/SSLUtils.cc                    | 18 ++++++++++++------
 iocore/net/TLSSessionResumptionSupport.cc |  1 +
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 5481bcb2b..15afb537e 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -597,15 +597,21 @@ DH_get_2048_256()
     0x1D, 0xB2, 0x46, 0xC3, 0x2F, 0x63, 0x07, 0x84, 0x90, 0xF0, 0x0E, 0xF8, 0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51,
     0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82, 0x66, 0x4B, 0x4C, 0x0F, 0x6C, 0xC4, 0x16, 0x59};
   DH *dh;
+  BIGNUM *p;
+  BIGNUM *g;
 
-  if ((dh = DH_new()) == nullptr)
-    return (nullptr);
-  dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), nullptr);
-  dh->g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), nullptr);
-  if ((dh->p == nullptr) || (dh->g == nullptr)) {
+  if ((dh = DH_new()) == nullptr) {
+    return nullptr;
+  }
+  p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), nullptr);
+  g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), nullptr);
+  if (p == nullptr || g == nullptr) {
     DH_free(dh);
-    return (nullptr);
+    BN_free(p);
+    BN_free(g);
+    return nullptr;
   }
+  DH_set0_pqg(dh, p, nullptr, g);
   return (dh);
 }
 #endif
diff --git a/iocore/net/TLSSessionResumptionSupport.cc b/iocore/net/TLSSessionResumptionSupport.cc
index 9984b4731..4d7019c70 100644
--- a/iocore/net/TLSSessionResumptionSupport.cc
+++ b/iocore/net/TLSSessionResumptionSupport.cc
@@ -29,6 +29,7 @@
 #include "P_SSLConfig.h"
 #include "SSLStats.h"
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 #ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB
 #include <openssl/core_names.h>
 #endif