[openssl.org #1717] Bug in openssl when generating a CSR?

[David McGaughey via RT]

I get a segmentation fault when using "Information Technology" for the
optional company name.  This worked previous to 0.9.8h
 
Here's the stuff you require:
 
   - On Unix systems: 
        Self-test report generated by 'make report' 
 
OpenSSL self-test report:
 
OpenSSL version:  0.9.8h
Last change:      Fix flaw if 'Server Key exchange message' is omitted
fr...
Options:          enable-shared no-camellia no-cms no-gmp no-krb5
no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-tlsext no-zlib
no-zlib-dynamic
OS (uname):       Linux intranetsrv7 2.6.16.46-0.12-smp #1 SMP Thu May
17 14:00:09 UTC 2007 i686 athlon i386 GNU/Linux
OS (config):      i686-whatever-linux2
Target (default): linux-elf
Target:           linux-elf
Compiler:         Using built-in specs.
Target: i586-suse-linux
Configured with: ../configure --enable-threads=posix --prefix=/usr
--with-local-prefix=/usr/local --infodir=/usr/share/info
--mandir=/usr/share/man --libdir=/usr/lib --libexecdir=/usr/lib
--enable-languages=c,c++,objc,fortran,obj-c++,java,ada
--enable-checking=release --with-gxx-include-dir=/usr/include/c++/4.1.2
--enable-ssp --disable-libssp --disable-libgcj --with-slibdir=/lib
--with-system-zlib --enable-shared --enable-__cxa_atexit
--enable-libstdcxx-allocator=new --program-suffix=
--enable-version-specific-runtime-libs --without-system-libunwind
--with-cpu=generic --host=i586-suse-linux
Thread model: posix
gcc version 4.1.2 20070115 (prerelease) (SUSE Linux)
 
Test passed.
 
 
 
    - On other systems:
        OpenSSL version: output of 'openssl version -a'
intranetsrv7:/home/openvpn # openssl version -a
OpenSSL 0.9.8h 28 May 2008
built on: Thu May 29 14:59:33 CDT 2008
platform: linux-elf
options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long)
idea(int) blowfish(idx) 
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer
-Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM
-DMD5_ASM -DRMD160_ASM -DAES_ASM
OPENSSLDIR: "/usr/local/ssl"
        OS Name, Version, Hardware platform
intranetsrv7:/home/openvpn # uname -a
Linux intranetsrv7 2.6.16.46-0.12-smp #1 SMP Thu May 17 14:00:09 UTC
2007 i686 athlon i386 GNU/Linux
        Compiler Details (name, version)
intranetsrv7:/home/openvpn # gcc --version
gcc (GCC) 4.1.2 20070115 (prerelease) (SUSE Linux)
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is
NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
 
    - Application Details (name, version) 
openssl - the command that comes with the package
 
    - Problem Description (steps that will reproduce the problem, if
known)
When I use the optional company name "Information Technology" in a csr
request, I get a segmentation fault.  This used to work!  Here's the
details:
 

openssl req -days 3650 -nodes -new -keyout 6666.key -out 6666.csr
-config /home/openvpn/easyrsa/openssl.cnf");
 Country Name (2 letter code) [US]:
 State or Province Name (full name) [Texas]:
 Locality Name (eg, city) [Lubbock]:
 Organization Name (eg, company) [City of Lubbock, Texas]:
 Organizational Unit Name (eg, section) []:Lubbock Power and Light
 Common Name (eg, your name or your server's hostname) []:6666
 Email Address [EMAIL PROTECTED]:
 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:Information Technology
 
segmentation fault
 
if I use just IT, it works still - but Information Technology worked in
previous releases.
 
    - Stack Traceback (if the application dumps core) 
 
 
 
 
David McGaughey 
City of Lubbock, Texas www.ci.lubbock.tx.us
[EMAIL PROTECTED]
806-775-2372

I get a segmentation fault when using "Information Technology" for the optional company name.  This worked previous to 0.9.8h   Here's the stuff you require:      - On Unix systems:         Self-test report generated by 'make report'   OpenSSL self-test report:   OpenSSL version:  0.9.8h Last change:      Fix flaw if 'Server Key exchange message' is omitted fr... Options:          enable-shared no-camellia no-cms no-gmp no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-tlsext no-zlib no-zlib-dynamic OS (uname):       Linux intranetsrv7 2.6.16.46-0.12-smp #1 SMP Thu May 17 14:00:09 UTC 2007 i686 athlon i386 GNU/Linux OS (config):      i686-whatever-linux2 Target (default): linux-elf Target:           linux-elf Compiler:         Using built-in specs. Target: i586-suse-linux Configured with: ../configure --enable-threads=posix --prefix=/usr --with-local-prefix=/usr/local --infodir=/usr/share/info --mandir=/usr/share/man --libdir=/usr/lib --libexecdir=/usr/lib --enable-languages=c,c++,objc,fortran,obj-c++,java,ada --enable-checking=release --with-gxx-include-dir=/usr/include/c++/4.1.2 --enable-ssp --disable-libssp --disable-libgcj --with-slibdir=/lib --with-system-zlib --enable-shared --enable-__cxa_atexit --enable-libstdcxx-allocator=new --program-suffix= --enable-version-specific-runtime-libs --without-system-libunwind --with-cpu=generic --host=i586-suse-linux Thread model: posix gcc version 4.1.2 20070115 (prerelease) (SUSE Linux)   Test passed.           - On other systems:         OpenSSL version: output of 'openssl version -a' intranetsrv7:/home/openvpn # openssl version -a OpenSSL 0.9.8h 28 May 2008 built on: Thu May 29 14:59:33 CDT 2008 platform: linux-elf options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM OPENSSLDIR: "/usr/local/ssl"         OS Name, Version, Hardware platform intranetsrv7:/home/openvpn # uname -a Linux intranetsrv7 2.6.16.46-0.12-smp #1 SMP Thu May 17 14:00:09 UTC 2007 i686 athlon i386 GNU/Linux         Compiler Details (name, version) intranetsrv7:/home/openvpn # gcc --version gcc (GCC) 4.1.2 20070115 (prerelease) (SUSE Linux) Copyright (C) 2006 Free Software Foundation, Inc. This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.       - Application Details (name, version) openssl - the command that comes with the package       - Problem Description (steps that will reproduce the problem, if known) When I use the optional company name "Information Technology" in a csr request, I get a segmentation fault.  This used to work!  Here's the details:   openssl req -days 3650 -nodes -new -keyout 6666.key -out 6666.csr -config /home/openvpn/easyrsa/openssl.cnf");  Country Name (2 letter code) [US]:  State or Province Name (full name) [Texas]:  Locality Name (eg, city) [Lubbock]:  Organization Name (eg, company) [City of Lubbock, Texas]:  Organizational Unit Name (eg, section) []:Lubbock Power and Light  Common Name (eg, your name or your server's hostname) []:6666  Email Address [EMAIL PROTECTED]:  Please enter the following 'extra' attributes  to be sent with your certificate request  A challenge password []:  An optional company name []:Information Technology   segmentation fault   if I use just IT, it works still - but Information Technology worked in previous releases.       - Stack Traceback (if the application dumps core)         David McGaughey City of Lubbock, Texas www.ci.lubbock.tx.us [EMAIL PROTECTED] 806-775-2372