[openssl.org #77] Openssl 0.9.6d coredumps

[Richard Levitte via RT]

OK, there are several issues here.

First of all, your private key is broken, or rather the structure it 
has been packed into.  "BEGIN PRIVATE KEY" indicates that the key is 
wrapped in a PKCS8 structure.  That structure should start with an 
integer indicating the version number of the structure (for now, 
it'll always be 0).  That integer is missing, meaning the structure 
can't be correctly parsed.

Second, it seems like OpenSSL lacks error control during the parsing 
of this particular type of structure, leading to the coredump you 
experienced.  The following patch (which I shall commit promptly) 
fixes the problem (instead of a coredump, you'll get a few lines of 
error messages):

--- crypto/pem/pem_lib.c        2002/02/20 17:55:34     1.30.2.1
+++ crypto/pem/pem_lib.c        2002/06/05 11:52:06
@@ -258,6 +258,7 @@
                        PKCS8_PRIV_KEY_INFO *p8inf;
                        p8inf=d2i_PKCS8_PRIV_KEY_INFO(
                                        (PKCS8_PRIV_KEY_INFO **) x, 
&p, len);
+                       if(!p8inf) goto p8err;
                        ret = (char *)EVP_PKCS82PKEY(p8inf);
                        PKCS8_PRIV_KEY_INFO_free(p8inf);
                } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {


For everyones info, the same error exists in 0.9.7 beta 1 as well.  
Beta 2 will be corrected appropriately.

[[EMAIL PROTECTED] - Tue Jun  4 19:49:46 2002]:

> Hi all,
> 
> I've tried to use the following certificate and private key to 
sign my
> own requested certificate but for some reason, openssl coredumps.
> 
> Coredumps occur also when trying to obtain information from private
> key
> (with commands like pkcs8, rsa).
> Any idea why this is happening? (I can provide the coredump file if
> necessary)
> 
> 
> -----BEGIN PRIVATE KEY-----
> 
MIIB5DANBgkqhkiG9w0BAQEFADCCAdECgYBTAI9HrMBfEfuTiT9NyUD2jGsWIi1YKqsLt3SdTwi
> 
9Bh/k7/x68GpTRcAzDpklvs4ZaJBXwiJxs6cLJabV+dCHZnH9X3SSrn8Hz1zYrcNgkHqm3Jx6jE
> 
aZxjN4MwRQd3KOjwmdZAvHd3+5IXRZPbmYdM1gC0QMiQpCP8rXXJzkZwIBIwKBgANzDplBB1Roe
> 
ioJsYI8Oo3nP6ErT66NaNqV65QrLj5hVcWw30WbnLBYAqsD7m1JwhUBBVVvIgNlOM/sSW1MNeGs
> 
RTOxpo6hbqe6WRqqtTEIopyOx/RUNM33NQ6Rfvo27/Sop4/xUe8DUQsnYJ0pJ5QStwOjlSXo9KV
> 
mT3nkuQYLAkEAgwz57Wdk9dGOxyYKHsWTk2Y4NlV87/+/QNRO5Wfl/YNKIDuHxLFTin7netad7X
> 
MFp43TPtBaNceNzx1UmctmuwJBAKIj149VZaw21RQ2vONV4R1Ll3qblnIQPnjyesCdBbABVVSOH
> 
gCW7K0ytUMY9aH+N8rrxTw+0h3D6ILVHbMtXEUCQCwSZx1ZSpxyRU6/6SWMZDibdjxd5Zh03GZh
> XxLSxzoiRyMygmB65OS5wFncscrd9CYmlpMpAKmatE7G0p+IrVE=
> -----END PRIVATE KEY-----
> 
> The matching public key: (this seems to work)
> 
> -----BEGIN CERTIFICATE-----
> 
MIICRzCCAbCgAwIBAgIEATEF8TANBgkqhkiG9w0BAQQFADBVMQswCQYDVQQGEwJGSTEoMCYGA1U
> 
EChMfVGhlIEZpbm5pc2ggQmFua2VycyBBc3NvY2lhdGlvbjEcMBoGA1UECxMTQ2xpZW50IENBIF
> 
VudHJ1c3RlZDAeFw0wMDA2MTQwNjMwMDBaFw0yNzEwMzEwODMwMDBaMFUxCzAJBgNVBAYTAkZJM
> 
SgwJgYDVQQKEx9UaGUgRmlubmlzaCBCYW5rZXJzIEFzc29jaWF0aW9uMRwwGgYDVQQLExNDbGll
> 
bnQgQ0EgVW50cnVzdGVkMIGcMA0GCSqGSIb3DQEBAQUAA4GKADCBhgKBgFMAj0eswF8R+5OJP03
> 
JQPaMaxYiLVgqqwu3dJ1PCL0GH+Tv/HrwalNFwDMOmSW+zhlokFfCInGzpwslptX50Idmcf1fdJ
> 
KufwfPXNitw2CQeqbcnHqMRpnGM3gzBFB3co6PCZ1kC8d3f7khdFk9uZh0zWALRAyJCkI/ytdcn
> 
ORnAgEjoycwJTAPBgNVHQ8BAf8EBQMDB4AAMBIGA1UdEwEB/wQIMAYBAf8CAQIwDQYJKoZIhvcN
> 
AQEEBQADgYEAUQu1peUXTmTBcNvNXAc8bQ5TDW8vL5Sl9zPNJsWD99pAqjIyMXLx02+96g46fUA
> 
ujxTzsVFNlnJ+tbejvTDZcWqSc6r/H1TeGOc14HAAFIRGV3ifI65Kj3XAHYRAuaVQtb69DAvWxM
> 7VINWzZp1Ip3kM1MC1J7GjlbW5yyxDiGM=
> -----END CERTIFICATE-----
> 
> Regards,
> Jarmo
> 
______________________________________________________________________
> OpenSSL Project                                 
http://www.openssl.org
> User Support Mailing List                    
[EMAIL PROTECTED]
> Automated List Manager                           
[EMAIL PROTECTED]


-- 
Richard Levitte
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]