Hi,
OpenSSL, to be specific, ui_openssl.c, in my opinion, is assuming that
the current console before "Enter PEM pass phrase" prompt being
carried out is set with ECHO on (termios).
After using that prompt to get a pass phrase, applications using stdin
with ECHO off such as in the case of pseudo-terminals (pty) will
display any character twice when its key was pressed instead of only
once.
One example is text-mode pty IRC client irssi 0.8.15, using
self-signed certificate login protected with a pass phrase, utilizing
the "Enter PEM pass phrase" prompt.
crypto/ui/ui_openssl.c
static int noecho_console(UI *ui)
{
#ifdef TTY_FLAGS
memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
tty_new.TTY_FLAGS &= ~ECHO;
#endif
...
}
static int echo_console(UI *ui)
{
#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
tty_new.TTY_FLAGS |= ECHO;
#endif
...
}
Of course, a guard can be put into client applications to back up and
restore the attributes. But should this behaviour in openssl be
allowed ? Or am I looking into the wrong place ?
I wonder why ECHO is added to the current terminal attributes after
the prompt is finished. My strace log found that c_lflags (local
modes) before the prompt is 0x8a31 and 0x8a39 afterwards.
OS : Slackware 14.1
Regards,
Khang.
