isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use BIO_new_file() not BIO_new_fd() to read dhparams file.

Browse Source 
Older versions of OpenSSL and wolfSSL lack BIO_new_fd().
Also explicitly include openssl/bio.h and openssl/dh.h for wolfSSL.
This commit is contained in:
Todd C. Miller
2021-10-26 19:26:20 -06:00
parent fc5fa1bbd4
commit ed13faf9f6
1 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
logsrvd/tls_init.c
View File

@@ -46,6 +46,8 @@
#define DEFAULT_CIPHER_LST13 "TLS_AES_256_GCM_SHA384" #define DEFAULT_CIPHER_LST13 "TLS_AES_256_GCM_SHA384"
#if defined(HAVE_OPENSSL) #if defined(HAVE_OPENSSL)
# include <openssl/bio.h>
# include <openssl/dh.h>
static bool static bool
verify_cert_chain(SSL_CTX *ctx, const char *cert_file) verify_cert_chain(SSL_CTX *ctx, const char *cert_file)
@@ -227,26 +229,21 @@ set_dhparams_bio(SSL_CTX *ctx, BIO *bio)
static bool static bool
set_dhparams(SSL_CTX *ctx, const char *dhparam_file) set_dhparams(SSL_CTX *ctx, const char *dhparam_file)
{ {
BIO *bio = NULL; BIO *bio;
bool ret = false; bool ret = false;
int fd;
debug_decl(set_dhparams, SUDO_DEBUG_UTIL); debug_decl(set_dhparams, SUDO_DEBUG_UTIL);
fd = open(dhparam_file, O_RDONLY); bio = BIO_new_file(dhparam_file, O_RDONLY);
if (fd != -1)
bio = BIO_new_fd(fd, BIO_CLOSE);
if (bio != NULL) { if (bio != NULL) {
if (set_dhparams_bio(ctx, bio)) { if (set_dhparams_bio(ctx, bio)) {
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"loaded diffie-hellman parameters from %s", dhparam_file); "loaded diffie-hellman parameters from %s", dhparam_file);
ret = true; ret = true;
} }
BIO_free(bio);
} else { } else {
sudo_warn(U_("unable to open %s"), dhparam_file); sudo_warn(U_("unable to open %s"), dhparam_file);
if (fd != -1)
close(fd);
} }
BIO_free(bio);
debug_return_bool(ret); debug_return_bool(ret);
} }