Ubuntu
openssl package

Ctrl-\ after rejected key-encryption password causes hang

Bug #665209 reported by Daniel Franke
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: openssl

Create the following shell script:

#!/bin/sh
openssl genrsa -aes256

And run it.

After a key is generated, you will be prompted for an encryption password. Press enter. Since empty passwords are not allowed here, you will be prompted a second time. Now press Ctrl-\. Openssl then falls into an infinite loop of repeatedly displaying the password prompt without responding to user input.

This behavior does *not* seem to occur if:

1. You run openssl directly from the shell rather than from a shell script; or
2. You press Ctrl-\ immediately without first having a password rejected; or
3. You use an openssl built from upstream sources. Hence, this seems to be a Debian- or Ubuntu-specific bug.

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: openssl 0.9.8o-1ubuntu4.1
ProcVersionSignature: Ubuntu 2.6.35-22.35-virtual 2.6.35.4
Uname: Linux 2.6.35-22-virtual i686
Architecture: i386
Date: Fri Oct 22 16:33:12 2010
Ec2AMI: ami-508c7839
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: us-east-1d
Ec2InstanceType: t1.micro
Ec2Kernel: aki-407d9529
Ec2Ramdisk: unavailable
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: openssl

Revision history for this message
Daniel Franke (dafranke) wrote :
Revision history for this message
Maarten Bezemer (veger) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. We are sorry that we do not always have the capacity to look at all reported bugs in a timely manner. There have been many changes in Ubuntu since that time you reported the bug and your problem may have been fixed with some of the updates.

I tried to reproduce your issue on Precise, but I do not have the problem.
It would help us a lot if you could test it on a currently supported Ubuntu version. When you test it and it is still an issue, kindly upload the updated logs by running apport-collect 665209 and any other logs that are relevant for this particular issue.

Changed in openssl (Ubuntu):
status: New → Incomplete
summary: - C-\ after rejected key-encryption password causes hang
+ Ctrl-\ after rejected key-encryption password causes hang
Revision history for this message
Maarten Bezemer (veger) wrote :

I was too hasty: while I was typing my response, openssl repeatedly displaying the password prompt without responding to user input as you described.

Changed in openssl (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Adrien Nader (adrien) wrote :

I tried this again (openssl3) and got the following:

    40C75734AE7F0000:error:14000065:UI routines:UI_set_result_ex:result too small:../crypto/ui/ui_lib.c:884:You must type in 4 to 1024 characters
    40C75734AE7F0000:error:1400006B:UI routines:UI_process:processing error:../crypto/ui/ui_lib.c:544:while reading strings
    40C75734AE7F0000:error:0480006D:PEM routines:PEM_def_callback:problems getting password:../crypto/pem/pem_lib.c:62:
    40C75734AE7F0000:error:07880109:common libcrypto routines:do_ui_passphrase:interrupted or cancelled:../crypto/passphrase.c:184:
    40C75734AE7F0000:error:1C80009F:Provider routines:p8info_to_encp8:unable to get passphrase:../providers/implementations/encode_decode/encode_key2any.c:116:

I'm going to mark this as Fix Released.

Changed in openssl (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.