> On Mar 27, 2016, at 5:13 AM, Miod Vallat <[email protected]> wrote: > > >> Accidentally ask for a password: >> >> # openssl genrsa -aes256 -out /etc/ssl/private/server.key 2048 >> Generating RSA private key, 2048 bit long modulus >> .........+++ >> ...............................................................................................................+++ >> e is 65537 (0x10001) >> Enter pass phrase for /etc/ssl/private/server.key: >> 822626074580:error:28069065:lib(40):UI_set_result:result too >> small:/home/tedu/src/lib/libcrypto/crypto/../../libssl/src/crypto/ui/ui_lib.c:834:You >> must type in 4 to 1023 characters >> Enter pass phrase for /etc/ssl/private/server.key: >> Enter pass phrase for /etc/ssl/private/server.key: >> >> And now you can't quit. ^C doesn't work. ^D doesn't work. pkill openssl in >> another terminal doesn't work. Nothing works. > > Haha, this is a good one. > > It is caused by this in openssl apps.c!password_callback() > > if (ok >= 0) > do { > ok = UI_process(ui); > } while (ok < 0 && > UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); > > which causes the loop to spin, because the redoable flag gets set on > the first error, but if never cleared by true failures such as ^C. > > The following diff will fix the problem. > > Index: ui/ui_lib.c > =================================================================== > RCS file: /OpenBSD/src/lib/libssl/src/crypto/ui/ui_lib.c,v > retrieving revision 1.30 > diff -u -p -r1.30 ui_lib.c > --- ui/ui_lib.c 10 Feb 2015 11:22:21 -0000 1.30 > +++ ui/ui_lib.c 27 Mar 2016 10:10:59 -0000 > @@ -491,6 +491,7 @@ UI_process(UI *ui) > switch (ui->meth->ui_read_string(ui, > sk_UI_STRING_value(ui->strings, i))) { > case -1: /* Interrupt/Cancel/something... */ > + ui->flags &= ~UI_FLAG_REDOABLE; > ok = -2; > goto err; > case 0: /* Errors */
Oldie but a goodie, I can repro this behavior back to 0.9.8 at least. ok bcook@, are you committing these days, or shall I?
