diff options
| author | jsing <> | 2017-06-22 18:03:57 +0000 |
|---|---|---|
| committer | jsing <> | 2017-06-22 18:03:57 +0000 |
| commit | 90062b095bce6ad54ec2645782fc8fb9c66c8d1a (patch) | |
| tree | fd55783db0a8125ddd4a355217eca79710738964 /src/lib/libtls/tls_util.c | |
| parent | 76ff5fe336f69e4da4140cc2ea4324229e3fc762 (diff) | |
| download | openbsd-90062b095bce6ad54ec2645782fc8fb9c66c8d1a.tar.gz openbsd-90062b095bce6ad54ec2645782fc8fb9c66c8d1a.tar.bz2 openbsd-90062b095bce6ad54ec2645782fc8fb9c66c8d1a.zip | |
Use the tls_password_cb() callback with all PEM_read_bio_*() calls, so that
we can prevent libcrypto from going behind our back and trying to read
passwords from standard input (which we may not be permitted to do).
Found by jsg@ with httpd and password protected keys.
Diffstat (limited to 'src/lib/libtls/tls_util.c')
| -rw-r--r-- | src/lib/libtls/tls_util.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libtls/tls_util.c b/src/lib/libtls/tls_util.c index b7dd5ed472..aaa3eef49f 100644 --- a/src/lib/libtls/tls_util.c +++ b/src/lib/libtls/tls_util.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_util.c,v 1.8 2017/05/06 21:34:13 jsing Exp $ */ | 1 | /* $OpenBSD: tls_util.c,v 1.9 2017/06/22 18:03:57 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> | 4 | * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> |
| @@ -86,7 +86,7 @@ tls_host_port(const char *hostport, char **host, char **port) | |||
| 86 | return (rv); | 86 | return (rv); |
| 87 | } | 87 | } |
| 88 | 88 | ||
| 89 | static int | 89 | int |
| 90 | tls_password_cb(char *buf, int size, int rwflag, void *u) | 90 | tls_password_cb(char *buf, int size, int rwflag, void *u) |
| 91 | { | 91 | { |
| 92 | size_t len; | 92 | size_t len; |