summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_internal.h
diff options
context:
space:
mode:
authorjsing <>2017-06-22 18:03:57 +0000
committerjsing <>2017-06-22 18:03:57 +0000
commitc9b1852dc910671bb8042219d73820d7a47138dd (patch)
treefd55783db0a8125ddd4a355217eca79710738964 /src/lib/libtls/tls_internal.h
parent3895fcdf85644002ad1f9d8ea60c0027856ffac8 (diff)
downloadopenbsd-c9b1852dc910671bb8042219d73820d7a47138dd.tar.gz
openbsd-c9b1852dc910671bb8042219d73820d7a47138dd.tar.bz2
openbsd-c9b1852dc910671bb8042219d73820d7a47138dd.zip
Use the tls_password_cb() callback with all PEM_read_bio_*() calls, so that
we can prevent libcrypto from going behind our back and trying to read passwords from standard input (which we may not be permitted to do). Found by jsg@ with httpd and password protected keys.
Diffstat (limited to '')
-rw-r--r--src/lib/libtls/tls_internal.h4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index 2b451697dc..c0c55216df 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_internal.h,v 1.60 2017/05/07 03:27:06 jsing Exp $ */ 1/* $OpenBSD: tls_internal.h,v 1.61 2017/06/22 18:03:57 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> 3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -246,6 +246,8 @@ int tls_hex_string(const unsigned char *_in, size_t _inlen, char **_out,
246 size_t *_outlen); 246 size_t *_outlen);
247int tls_cert_hash(X509 *_cert, char **_hash); 247int tls_cert_hash(X509 *_cert, char **_hash);
248 248
249int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u);
250
249__END_HIDDEN_DECLS 251__END_HIDDEN_DECLS
250 252
251/* XXX this function is not fully hidden so relayd can use it */ 253/* XXX this function is not fully hidden so relayd can use it */