Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

p11req -X option results in malloc failure #48

Open
gl-mc opened this issue Aug 30, 2023 · 4 comments
Open

p11req -X option results in malloc failure #48

gl-mc opened this issue Aug 30, 2023 · 4 comments
Assignees
@keldonin

Comments

@gl-mc
Copy link
Contributor

gl-mc commented Aug 30, 2023
edited
Loading

Describe the bug
using the p11req command with the following options

$ p11req -i testp1 -d /CN=abc/O=def/C=xx-o ~/cavium_testp1.pkcs10 -e IP:0.0.0.0 -X

results in the following bug

*** OpenSSL ERROR at ../../lib/pkcs11_req.c:49  'error:0F076041:common libcrypto routines:OPENSSL_hexstr2buf:malloc failure' - (from crypto/o_str.c:157)

To Reproduce
1.

$ p11req -i testp1 -d /CN=abc/O=def/C=xx-o ~/cavium_testp1.pkcs10 -e IP:0.0.0.0 -X
*** OpenSSL ERROR at ../../lib/pkcs11_req.c:49  'error:0F076041:common libcrypto routines:OPENSSL_hexstr2buf:malloc failure' - (from crypto/o_str.c:157)

Expected behavior
No malloc error, command should produce valid pkcs10 request file. Removing the -X option at the end makes it succeed.

Screenshots
N/A

Operating System (please complete the following information):

  • OS: Linux
  • Version
Linux 3.10.0-1160.71.1.0.1.el7.x86_64 #1 SMP Tue Jun 28 22:16:18 PDT 2022 x86_64 x86_64 x86_64 GNU/Linux

$ p11req -V
p11req belongs to pkcs11-tools v2.6.0 (Jul 13 2023)
arch/CPU/OS: x86_64/x86_64/linux-gnu
using openssl library: OpenSSL 1.1.1t  7 Feb 2023
compiled with nCipher extensions
compiled with Gemalto Safenet Luna extensions

Additional context
N/A
@keldonin keldonin self-assigned this Sep 1, 2023
@keldonin
Copy link
Contributor

keldonin commented Sep 1, 2023
edited
Loading

definitely an issue that requires fixing, however I see that the country code is illegal:
C=xx
Can this be tested with a valid country code as well?

@keldonin
Copy link
Contributor

keldonin commented Sep 1, 2023

which HSM is being interfaced in this case? Marvell, CloudHSM?

@gl-mc
Copy link
Contributor Author

gl-mc commented Sep 4, 2023

This was a Marvell. The certificate information string was valid including the country, but I redacted it as this is a public bug report and I did not want to leak information. I'll send you the details in direct email.

@testingapisname
Copy link

testingapisname commented Aug 13, 2024
edited
Loading

I tried recreating this bug using softhsm but was unable to duplicate. Could this be HSM specific?
I may be pointing to the wrong location with -l

[root@localhost ~]# p11req -V
p11req belongs to pkcs11-tools v2.6.0 (Aug 13 2024)
arch/CPU/OS: x86_64/x86_64/linux-gnu
using openssl library: OpenSSL 1.1.1t  7 Feb 2023
[root@localhost ~]# uname -a
Linux localhost.localdomain 3.10.0-1160.71.1.el7.x86_64 #1 SMP Tue Jun 28 15:37:28 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost ~]# p11req -l /usr/local/lib/softhsm/libsofthsm2.so -s 0 -p 1111 -i testp1 -d "/CN=abc/O=def/C=xx" -e IP:0.0.0.0 -X -o ~/cavium_testp1.pkcs10
[root@localhost ~]# cat cavium_testp1.pkcs10 
-----BEGIN CERTIFICATE REQUEST-----
MIICrzCCAZcCAQAwKTELMAkGA1UEBhMCeHgxDDAKBgNVBAoMA2RlZjEMMAoGA1UE
AwwDYWJjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2ZxSfjYnump
2W1H1l8uohCu+h/miFx0F0FVtrEcSeLOrVkqdf/bIAi0yVyJXxbMxqlizcmsX4K3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@keldonin keldonin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@keldonin @testingapisname @gl-mc