[openssl-users] ui_openssl.c is assuming that current console is ECHO(termios) enabled

Khang Nguyen khang.social at gmail.com
Mon Feb 9 10:56:34 UTC 2015


OpenSSL, to be specific, ui_openssl.c, in my opinion, is assuming that
the current console before "Enter PEM pass phrase" prompt being
carried out is set with ECHO on (termios).

After using that prompt to get a pass phrase, applications using stdin
with ECHO off such as in the case of pseudo-terminals (pty) will
display any character twice when its key was pressed instead of only

One example is text-mode pty IRC client irssi 0.8.15, using
self-signed certificate login protected with a pass phrase, utilizing
the "Enter PEM pass phrase" prompt.


static int noecho_console(UI *ui)
  #ifdef TTY_FLAGS
	  tty_new.TTY_FLAGS &= ~ECHO;

static int echo_console(UI *ui)
#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
	tty_new.TTY_FLAGS |= ECHO;

Of course, a guard can be put into client applications to back up and
restore the attributes. But should this behaviour in openssl be
allowed ? Or am I looking into the wrong place ?

I wonder why ECHO is added to the current terminal attributes after
the prompt is finished. My strace log found that c_lflags (local
modes) before the prompt is 0x8a31 and 0x8a39 afterwards.

OS : Slackware 14.1


More information about the openssl-users mailing list