From 90062b095bce6ad54ec2645782fc8fb9c66c8d1a Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 22 Jun 2017 18:03:57 +0000
Subject: Use the tls_password_cb() callback with all PEM_read_bio_*() calls,
 so that we can prevent libcrypto from going behind our back and trying to
 read passwords from standard input (which we may not be permitted to do).

Found by jsg@ with httpd and password protected keys.
---
 src/lib/libtls/tls_util.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/libtls/tls_util.c')

diff --git a/src/lib/libtls/tls_util.c b/src/lib/libtls/tls_util.c
index b7dd5ed472..aaa3eef49f 100644
--- a/src/lib/libtls/tls_util.c
+++ b/src/lib/libtls/tls_util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_util.c,v 1.8 2017/05/06 21:34:13 jsing Exp $ */
+/* $OpenBSD: tls_util.c,v 1.9 2017/06/22 18:03:57 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -86,7 +86,7 @@ tls_host_port(const char *hostport, char **host, char **port)
 	return (rv);
 }
 
-static int
+int
 tls_password_cb(char *buf, int size, int rwflag, void *u)
 {
 	size_t len;
-- 
cgit v1.2.3-55-g6feb