p11req -X option results in malloc failure

[gl-mc]

Describe the bug using the p11req command with the following options

$ p11req -i testp1 -d /CN=abc/O=def/C=xx-o ~/cavium_testp1.pkcs10 -e IP:0.0.0.0 -X

results in the following bug

*** OpenSSL ERROR at ../../lib/pkcs11_req.c:49  'error:0F076041:common libcrypto routines:OPENSSL_hexstr2buf:malloc failure' - (from crypto/o_str.c:157)

To Reproduce

1. $ p11req -i testp1 -d /CN=abc/O=def/C=xx-o ~/cavium_testp1.pkcs10 -e IP:0.0.0.0 -X
   *** OpenSSL ERROR at ../../lib/pkcs11_req.c:49  'error:0F076041:common libcrypto routines:OPENSSL_hexstr2buf:malloc failure' - (from crypto/o_str.c:157)

Expected behavior No malloc error, command should produce valid pkcs10 request file. Removing the -X option at the end makes it succeed.

Screenshots N/A

Operating System (please complete the following information):

• OS: Linux
• Version

  Linux 3.10.0-1160.71.1.0.1.el7.x86_64 #1 SMP Tue Jun 28 22:16:18 PDT 2022 x86_64 x86_64 x86_64 GNU/Linux

  $ p11req -V
  p11req belongs to pkcs11-tools v2.6.0 (Jul 13 2023)
  arch/CPU/OS: x86_64/x86_64/linux-gnu
  using openssl library: OpenSSL 1.1.1t  7 Feb 2023
  compiled with nCipher extensions
  compiled with Gemalto Safenet Luna extensions

  Additional context N/A

[keldonin]

definitely an issue that requires fixing, however I see that the country code is illegal: C=xx Can this be tested with a valid country code as well?

[keldonin]

which HSM is being interfaced in this case? Marvell, CloudHSM?

[gl-mc]

This was a Marvell. The certificate information string was valid including the country, but I redacted it as this is a public bug report and I did not want to leak information. I'll send you the details in direct email.