i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

[Graham Leggett]

On 18 Mar 2019, at 18:49, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:

> A mandatory part of the CSR is missing.  It is malformed.

Some further digging shows the CSR is indeed malformed - the old openssl code created a CSR like this:

  507:d=2  hl=2 l=   1 prim: OBJECT            :itu-t

while the new openssl code produces a CSR like this:

  508:d=2  hl=2 l=   0 prim: OBJECT            :BAD OBJECT

It looks like X509_REQ_new() in older versions of openssl created an object with an empty signature, while the new code produces a bad signature.

> Since you don't have a CSR, the fix is to not attempt to encode the data
> as a CSR.  It sounds like what you have is a CRI (that is a
> CertificationRequestInfo structure) so you'll need to encode that instead.
> 
>  https://tools.ietf.org/html/rfc2986#section-4
> 
> The relevant codec functions are:  i2d_X509_REQ_INFO and d2i_X509_REQ_INFO.
> 
> A CSR is:
> 
>   CertificationRequest ::= SEQUENCE {
>        certificationRequestInfo CertificationRequestInfo,
>        signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
>        signature          BIT STRING
>   }
> 
> which encapsulates the CRI a larger signed structure, adding precisely
> the bits you're missing.

This makes sense - however there don’t appear to be any APIs in openssl that allow you to manipulate a X509_REQ_INFO structure. I can create it, and encode/decode it, but there is no X509_REQ_INFO_get_subject_name() (or friends) to populate the structure. X509_REQ_INFO itself is opaque.

> An alternative (if you must) is to create an actual CSR, with a dummy
> signature OID, and signature and then ignore the signature on the other
> side.

This looks like a workaround for now, what API call would I use to do that?

The X509_REQ structure is opaque, so I can’t see what options I have for setting any OIDs.

Regards,
Graham
—