Use the tls_password_cb() callback with all PEM_read_bio_*() calls, so that

we can prevent libcrypto from going behind our back and trying to read passwords from standard input (which we may not be permitted to do). Found by jsg@ with httpd and password protected keys.
author: jsing <> 2017-06-22 18:03:57 +0000
committer: jsing <> 2017-06-22 18:03:57 +0000
commit: 90062b095bce6ad54ec2645782fc8fb9c66c8d1a (patch)
tree: fd55783db0a8125ddd4a355217eca79710738964 /src
parent: 76ff5fe336f69e4da4140cc2ea4324229e3fc762 (diff)
download: openbsd-90062b095bce6ad54ec2645782fc8fb9c66c8d1a.tar.gz
openbsd-90062b095bce6ad54ec2645782fc8fb9c66c8d1a.tar.bz2
openbsd-90062b095bce6ad54ec2645782fc8fb9c66c8d1a.zip
4 files changed, 14 insertions, 11 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index b75fae7f2b..f64f6d7632 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.66 2017/06/22 17:58:54 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.67 2017/06/22 18:03:57 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -289,11 +289,11 @@ tls_keypair_cert_hash(struct tls_keypair *keypair, char **hash)
        *hash = NULL;
-        if ((membio = BIO_new_mem_buf(keypair->cert_mem, keypair->cert_len))
+        if ((membio = BIO_new_mem_buf(keypair->cert_mem,
-            == NULL)
+            keypair->cert_len)) == NULL)
                goto err;
+        if ((cert = PEM_read_bio_X509_AUX(membio, NULL, tls_password_cb,
-        if ((cert = PEM_read_bio_X509_AUX(membio, NULL, NULL, NULL)) == NULL)
+            NULL)) == NULL)
                goto err;
        rv = tls_cert_hash(cert, hash);
@@ -344,7 +344,7 @@ tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
                        tls_set_errorx(ctx, "failed to create buffer");
                        goto err;
                }
-                if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
+                if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,
                    NULL)) == NULL) {
                        tls_set_errorx(ctx, "failed to read private key");
                        goto err;
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index 2b451697dc..c0c55216df 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.60 2017/05/07 03:27:06 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.61 2017/06/22 18:03:57 jsing Exp $ */
 /*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -246,6 +246,8 @@ int tls_hex_string(const unsigned char *_in, size_t _inlen, char **_out,
    size_t *_outlen);
 int tls_cert_hash(X509 *_cert, char **_hash);
+int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u);
 __END_HIDDEN_DECLS
 /* XXX this function is not fully hidden so relayd can use it */
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index ea8f0ce728..fd5a617582 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.38 2017/06/22 17:34:25 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.39 2017/06/22 18:03:57 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -215,7 +215,8 @@ tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
                tls_error_set(error, "failed to create certificate bio");
                goto err;
        }
-        if ((*cert = PEM_read_bio_X509(cert_bio, NULL, NULL, NULL)) == NULL) {
+        if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb,
+            NULL)) == NULL) {
                if ((ssl_err = ERR_peek_error()) != 0)
                    errstr = ERR_error_string(ssl_err, NULL);
                tls_error_set(error, "failed to load certificate: %s", errstr);
diff --git a/src/lib/libtls/tls_util.c b/src/lib/libtls/tls_util.c
index b7dd5ed472..aaa3eef49f 100644
--- a/src/lib/libtls/tls_util.c
+++ b/src/lib/libtls/tls_util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_util.c,v 1.8 2017/05/06 21:34:13 jsing Exp $ */
+/* $OpenBSD: tls_util.c,v 1.9 2017/06/22 18:03:57 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -86,7 +86,7 @@ tls_host_port(const char *hostport, char **host, char **port)
        return (rv);
 }
-static int
+int
 tls_password_cb(char *buf, int size, int rwflag, void *u)
 {
        size_t len;
author	jsing <>	2017-06-22 18:03:57 +0000
committer	jsing <>	2017-06-22 18:03:57 +0000
commit	90062b095bce6ad54ec2645782fc8fb9c66c8d1a (patch)
tree	fd55783db0a8125ddd4a355217eca79710738964 /src
parent	76ff5fe336f69e4da4140cc2ea4324229e3fc762 (diff)
download	openbsd-90062b095bce6ad54ec2645782fc8fb9c66c8d1a.tar.gz openbsd-90062b095bce6ad54ec2645782fc8fb9c66c8d1a.tar.bz2 openbsd-90062b095bce6ad54ec2645782fc8fb9c66c8d1a.zip

diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index b75fae7f2b..f64f6d7632 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls.c,v 1.66 2017/06/22 17:58:54 jsing Exp $ */	1	/* $OpenBSD: tls.c,v 1.67 2017/06/22 18:03:57 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -289,11 +289,11 @@ tls_keypair_cert_hash(struct tls_keypair keypair, char *hash)
289		289
290	*hash = NULL;	290	*hash = NULL;
291		291
292	if ((membio = BIO_new_mem_buf(keypair->cert_mem, keypair->cert_len))	292	if ((membio = BIO_new_mem_buf(keypair->cert_mem,
293	== NULL)	293	keypair->cert_len)) == NULL)
294	goto err;	294	goto err;
295		295	if ((cert = PEM_read_bio_X509_AUX(membio, NULL, tls_password_cb,
296	if ((cert = PEM_read_bio_X509_AUX(membio, NULL, NULL, NULL)) == NULL)	296	NULL)) == NULL)
297	goto err;	297	goto err;
298		298
299	rv = tls_cert_hash(cert, hash);	299	rv = tls_cert_hash(cert, hash);
@@ -344,7 +344,7 @@ tls_configure_ssl_keypair(struct tls ctx, SSL_CTX ssl_ctx,
344	tls_set_errorx(ctx, "failed to create buffer");	344	tls_set_errorx(ctx, "failed to create buffer");
345	goto err;	345	goto err;
346	}	346	}
347	if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,	347	if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,
348	NULL)) == NULL) {	348	NULL)) == NULL) {
349	tls_set_errorx(ctx, "failed to read private key");	349	tls_set_errorx(ctx, "failed to read private key");
350	goto err;	350	goto err;


diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index 2b451697dc..c0c55216df 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_internal.h,v 1.60 2017/05/07 03:27:06 jsing Exp $ */	1	/* $OpenBSD: tls_internal.h,v 1.61 2017/06/22 18:03:57 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>	3	* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	4	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -246,6 +246,8 @@ int tls_hex_string(const unsigned char _in, size_t _inlen, char *_out,
246	size_t *_outlen);	246	size_t *_outlen);
247	int tls_cert_hash(X509 _cert, char *_hash);	247	int tls_cert_hash(X509 _cert, char *_hash);
248		248
		249	int tls_password_cb(char _buf, int _size, int _rwflag, void _u);
		250
249	__END_HIDDEN_DECLS	251	__END_HIDDEN_DECLS
250		252
251	/* XXX this function is not fully hidden so relayd can use it */	253	/* XXX this function is not fully hidden so relayd can use it */


diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index ea8f0ce728..fd5a617582 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_server.c,v 1.38 2017/06/22 17:34:25 jsing Exp $ */	1	/* $OpenBSD: tls_server.c,v 1.39 2017/06/22 18:03:57 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -215,7 +215,8 @@ tls_keypair_load_cert(struct tls_keypair keypair, struct tls_error error,
215	tls_error_set(error, "failed to create certificate bio");	215	tls_error_set(error, "failed to create certificate bio");
216	goto err;	216	goto err;
217	}	217	}
218	if ((*cert = PEM_read_bio_X509(cert_bio, NULL, NULL, NULL)) == NULL) {	218	if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb,
		219	NULL)) == NULL) {
219	if ((ssl_err = ERR_peek_error()) != 0)	220	if ((ssl_err = ERR_peek_error()) != 0)
220	errstr = ERR_error_string(ssl_err, NULL);	221	errstr = ERR_error_string(ssl_err, NULL);
221	tls_error_set(error, "failed to load certificate: %s", errstr);	222	tls_error_set(error, "failed to load certificate: %s", errstr);


diff --git a/src/lib/libtls/tls_util.c b/src/lib/libtls/tls_util.c index b7dd5ed472..aaa3eef49f 100644 --- a/src/lib/libtls/tls_util.c +++ b/src/lib/libtls/tls_util.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_util.c,v 1.8 2017/05/06 21:34:13 jsing Exp $ */	1	/* $OpenBSD: tls_util.c,v 1.9 2017/06/22 18:03:57 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>	4	* Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -86,7 +86,7 @@ tls_host_port(const char hostport, char host, char *port)
86	return (rv);	86	return (rv);
87	}	87	}
88		88
89	static int	89	int
90	tls_password_cb(char buf, int size, int rwflag, void u)	90	tls_password_cb(char buf, int size, int rwflag, void u)
91	{	91	{
92	size_t len;	92	size_t len;