From ed13faf9f6ba460cbf30d9828c74ce79cc070efa Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Tue, 26 Oct 2021 19:26:20 -0600
Subject: [PATCH] Use BIO_new_file() not BIO_new_fd() to read dhparams file.
 Older versions of OpenSSL and wolfSSL lack BIO_new_fd(). Also explicitly
 include openssl/bio.h and openssl/dh.h for wolfSSL.

---
 logsrvd/tls_init.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/logsrvd/tls_init.c b/logsrvd/tls_init.c
index 244df9742..2210d58d1 100644
--- a/logsrvd/tls_init.c
+++ b/logsrvd/tls_init.c
@@ -46,6 +46,8 @@
 #define DEFAULT_CIPHER_LST13 "TLS_AES_256_GCM_SHA384"
 
 #if defined(HAVE_OPENSSL)
+# include <openssl/bio.h>
+# include <openssl/dh.h>
 
 static bool
 verify_cert_chain(SSL_CTX *ctx, const char *cert_file)
@@ -227,26 +229,21 @@ set_dhparams_bio(SSL_CTX *ctx, BIO *bio)
 static bool
 set_dhparams(SSL_CTX *ctx, const char *dhparam_file)
 {
-    BIO *bio = NULL;
+    BIO *bio;
     bool ret = false;
-    int fd;
     debug_decl(set_dhparams, SUDO_DEBUG_UTIL);
 
-    fd = open(dhparam_file, O_RDONLY);
-    if (fd != -1)
-	bio = BIO_new_fd(fd, BIO_CLOSE);
+    bio = BIO_new_file(dhparam_file, O_RDONLY);
     if (bio != NULL) {
 	if (set_dhparams_bio(ctx, bio)) {
 	    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
 		"loaded diffie-hellman parameters from %s", dhparam_file);
 	    ret = true;
 	}
+	BIO_free(bio);
     } else {
 	sudo_warn(U_("unable to open %s"), dhparam_file);
-	if (fd != -1)
-	    close(fd);
     }
-    BIO_free(bio);
 
     debug_return_bool(ret);
 }