> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Jakob Bohm > Sent: Thursday, 03 July, 2014 12:22 > > On 7/3/2014 5:50 PM, Steven Kinney wrote: > > I enter the following command, as instructed by Cisco: > > > > req -new -config c:\openssl\share\openssl.cnf -newkey rsa:1024 -nodes > > -keyout mykey.pem -out myreq.pem > > > > And I get the following error: > > > > Please enter the following 'extra' attributes > > > > to be sent with your certificate request > > > > A challenge password []:tester > > > > Error adding attribute > > > > 7684:error:0D0BA041:asn1 encoding routines:ASN1_STRING_set:malloc > > failure:./crypto/asn1/asn1_lib.c:381: > > 7684:error:0B08A041:x509 certificate > > routines:X509_ATTRIBUTE_set1_data:malloc > > failure:./crypto/x509/x509_att.c:317: > > problems making Certificate Request > > I think the important part is "malloc failure", in which case you > simply don't have enough free ram to run the command.
That's extremely unlikely, since OpenSSL shouldn't be trying to allocate very much memory there; and the vast majority of, if not all, systems running the openssl binary will be virtual-memory systems that require a lot of effort to exhaust the available heap space. (Yes, on POSIX systems you have setrusage/ulimit, but it'd be extraordinary to have the heap-space limit set low enough to bother "openssl req".) And in any event, "free ram" is nearly meaningless on a virtual-memory system. Per the link supplied by Lakhsa in another message, this appears to be a known bug with openssl req on Windows - though I wasn't able to find a ticket for it in the OpenSSL tracker, so "known" may only be true for small values. I admit I've never tried generating a request with a challenge myself. On modern general-purpose systems, memory allocation failures are most often caused by one of the following: - A bogus request, often due to e.g. integer underflow leading to a request for an unreasonable amount of memory. - A request for zero bytes when the implementation returns a null pointer for such a request. (It's allowed to do this, or to return a valid pointer, per ISO 9899-1990 et seq.) Code often checks for a null return from malloc and friends and treats it as an error even if it was trying to allocate a zero-byte area. - Heap corruption. - Runaway recursion that actually does eat up the entire available heap. - Playing silly buggers with sub-allocators. In this case, the first two are probably the most likely. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
