TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 6 (ENXIO, Solaris) and 5 (EIO, Linux) #7271

rainerjung · 2018-09-19T16:01:43Z

I am running multiple iterations of the Apache httpd test suite using shell scripts. When I log out while the scripts are running in the background, invocations of "openssl pkcs12" binary throw errors:

Solaris:

openssl pkcs12 -export -in certs/ca.crt -inkey keys/ca.pem -out export/ca.p12 -passin pass:httpd -passout pass:httpd
User interface error
1:error:2807206C:UI routines:open_console:unknown ttyget errno value:crypto/ui/ui_openssl.c:451:errno=6
1:error:2807106B:UI routines:UI_process:processing error:crypto/ui/ui_lib.c:493:while opening session
unable to load private key
1:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:536:
1:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:crypto/pkcs12/p12_decr.c:63:
1:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:crypto/pkcs12/p12_decr.c:94:
1:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:87:

Linux:

openssl pkcs12 -export -in certs/ca.crt -inkey keys/ca.pem -out export/ca.p12 -passin pass:httpd -passout pass:httpd
User interface error
140287533819648:error:2807206C:UI routines:open_console:unknown ttyget errno value:crypto/ui/ui_openssl.c:451:errno=5
140287533819648:error:2807106B:UI routines:UI_process:processing error:crypto/ui/ui_lib.c:493:while opening session
unable to load private key
140287533819648:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:536:
140287533819648:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:crypto/pkcs12/p12_decr.c:63:
140287533819648:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:crypto/pkcs12/p12_decr.c:94:
140287533819648:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:87:

IMHO that means, errno 6 (ENXIO) for Solaris and 5 (EIO) for Linux should be handled just like the errnos already handled by the code in crypto/ui/ui_openssl.c open_console() (ENOTTY, EINVAL, ENODEV) by setting "is_a_tty = 0;" and continuing instead of returning due to unknown error.

The problem occurs in 1.1.0 and 1.1.1 (and probably master).

Patch for master:

index 3ccd8a720e..e54bdd2e4e 100644
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
@@ -415,6 +415,24 @@ static int open_console(UI *ui)
             is_a_tty = 0;
         else
 #  endif
+#  ifdef ENXIO
+            /*
+             * Solaris can return ENXIO.
+             * This should be ok
+             */
+        if (errno == ENXIO)
+            is_a_tty = 0;
+        else
+#  endif
+#  ifdef EIO
+            /*
+             * Linux can return ENXIO.
+             * This should be ok
+             */
+        if (errno == EIO)
+            is_a_tty = 0;
+        else
+#  endif
 #  ifdef ENODEV
             /*
              * MacOS X returns ENODEV (Operation not supported by device),

Regards,

Rainer

The text was updated successfully, but these errors were encountered:

levitte · 2018-09-19T19:26:35Z

I suppose this occurs in 1.0.2 as well, btw...

These both indicate that the file descriptor we're trying to use as a terminal isn't, in fact, a terminal. Fixes openssl#7271

These both indicate that the file descriptor we're trying to use as a terminal isn't, in fact, a terminal. Fixes #7271 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from #7272) (cherry picked from commit 276bf86)

These both indicate that the file descriptor we're trying to use as a terminal isn't, in fact, a terminal. Fixes #7271 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from #7272) (cherry picked from commit 276bf86) (cherry picked from commit ad17303)

levitte added branch: master Merge to master branch branch: 1.0.2 Merge to OpenSSL_1_0_2-stable branch 1.1.0 branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch labels Sep 19, 2018

mspncp mentioned this issue Sep 19, 2018

crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too #7272

Closed

levitte added a commit to levitte/openssl that referenced this issue Sep 19, 2018

crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too

dbd16e0

These both indicate that the file descriptor we're trying to use as a terminal isn't, in fact, a terminal. Fixes openssl#7271

levitte closed this as completed in 276bf86 Sep 20, 2018

mspncp added this to the 1.1.1a milestone Oct 23, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 6 (ENXIO, Solaris) and 5 (EIO, Linux) #7271

TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 6 (ENXIO, Solaris) and 5 (EIO, Linux) #7271

rainerjung commented Sep 19, 2018 •

edited by levitte

levitte commented Sep 19, 2018

TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 6 (ENXIO, Solaris) and 5 (EIO, Linux) #7271

TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 6 (ENXIO, Solaris) and 5 (EIO, Linux) #7271

Comments

rainerjung commented Sep 19, 2018 • edited by levitte

levitte commented Sep 19, 2018

rainerjung commented Sep 19, 2018 •

edited by levitte