Seems to be the second case. Code check on master:
In app/req.c:1561 the call
if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
(unsigned char *)buf, -1)) {
works through crypto/x509/x509_att.c:313
if ((len == -1) && !(attrtype & MBSTRING_FLAG))
{
if (!ASN1_TYPE_set1(ttmp, attrtype, data))
goto err;
}
and eventually ends up in crypto/asn1/asn1_lib.c: 391 with len = -1
if (c == NULL)
str->data=OPENSSL_malloc(len+1);
producing the encountered error messages.
Hth for further evaluation.
Happy Independence Day,
Cheers Lakhsa
On 03/07/2014 23:09, Michael Wojcik wrote:
>> From: [email protected] [mailto:owner-openssl-
>> [email protected]] On Behalf Of Jakob Bohm
>> Sent: Thursday, 03 July, 2014 12:22
>>
>> On 7/3/2014 5:50 PM, Steven Kinney wrote:
>>> I enter the following command, as instructed by Cisco:
>>>
>>> req -new -config c:\openssl\share\openssl.cnf -newkey rsa:1024 -nodes
>>> -keyout mykey.pem -out myreq.pem
>>>
>>> And I get the following error:
>>>
>>> Please enter the following 'extra' attributes
>>>
>>> to be sent with your certificate request
>>>
>>> A challenge password []:tester
>>>
>>> Error adding attribute
>>>
>>> 7684:error:0D0BA041:asn1 encoding routines:ASN1_STRING_set:malloc
>>> failure:./crypto/asn1/asn1_lib.c:381:
>>> 7684:error:0B08A041:x509 certificate
>>> routines:X509_ATTRIBUTE_set1_data:malloc
>>> failure:./crypto/x509/x509_att.c:317:
>>> problems making Certificate Request
>> I think the important part is "malloc failure", in which case you
>> simply don't have enough free ram to run the command.
> That's extremely unlikely, since OpenSSL shouldn't be trying to allocate very
> much memory there; and the vast majority of, if not all, systems running the
> openssl binary will be virtual-memory systems that require a lot of effort to
> exhaust the available heap space. (Yes, on POSIX systems you have
> setrusage/ulimit, but it'd be extraordinary to have the heap-space limit set
> low enough to bother "openssl req".) And in any event, "free ram" is nearly
> meaningless on a virtual-memory system.
>
> Per the link supplied by Lakhsa in another message, this appears to be a
> known bug with openssl req on Windows - though I wasn't able to find a ticket
> for it in the OpenSSL tracker, so "known" may only be true for small values.
> I admit I've never tried generating a request with a challenge myself.
>
> On modern general-purpose systems, memory allocation failures are most often
> caused by one of the following:
>
> - A bogus request, often due to e.g. integer underflow leading to a request
> for an unreasonable amount of memory.
> - A request for zero bytes when the implementation returns a null pointer for
> such a request. (It's allowed to do this, or to return a valid pointer, per
> ISO 9899-1990 et seq.) Code often checks for a null return from malloc and
> friends and treats it as an error even if it was trying to allocate a
> zero-byte area.
> - Heap corruption.
> - Runaway recursion that actually does eat up the entire available heap.
> - Playing silly buggers with sub-allocators.
>
> In this case, the first two are probably the most likely.
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
