i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

Viktor Dukhovni openssl-users at dukhovni.org
Thu Mar 21 01:35:12 UTC 2019 

> On Mar 20, 2019, at 8:36 PM, Graham Leggett <minfrin at sharp.fm> wrote:
> 
> The problem seems that at some point during the 1.0.2 releases, the X509_REQ was previously serialised with what looks like an empty X509_ALGOR structure:
> 
> 507:d=2  hl=2 l=   1 prim: OBJECT            :itu-t
> 
> and at some point openssl changed to serialise with a bad object instead:
> 
> 508:d=2  hl=2 l=   0 prim: OBJECT            :BAD OBJECT
> 
> A change from something from optional to mandatory should have happened in the 1.1.0 release, not within the 1.0.2 point releases.

Sorry, are you saying that the serialized form changed in a 1.0.2
patch release?  I may have missed that detail.

Your github issue notes a change from 1.0.1 to 1.0.2, not a change
within the 1.0.2 patch release series...

Changes of behaviour between 1.0.1 and 1.0.2 were not off limits.

When testing a short program to reproduce the reported symptoms
I see the same output encoding (BAD OBJECT) with both 1.0.1 and
1.0.2.  For me, it is only 0.9.8 and 1.0.0 that generate the "0" OID.

    0:d=0  hl=3 l= 163 cons: SEQUENCE
    3:d=1  hl=3 l= 152 cons: SEQUENCE
    6:d=2  hl=2 l=   1 prim: INTEGER           :00
    9:d=2  hl=2 l=  51 cons: SEQUENCE
   11:d=3  hl=2 l=  11 cons: SET
   13:d=4  hl=2 l=   9 cons: SEQUENCE
   15:d=5  hl=2 l=   3 prim: OBJECT            :countryName
   20:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
   24:d=3  hl=2 l=  13 cons: SET
   26:d=4  hl=2 l=  11 cons: SEQUENCE
   28:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
   33:d=5  hl=2 l=   4 prim: UTF8STRING        :None
   39:d=3  hl=2 l=  21 cons: SET
   41:d=4  hl=2 l=  19 cons: SEQUENCE
   43:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   48:d=5  hl=2 l=  12 prim: UTF8STRING        :test.example
   62:d=2  hl=2 l=  92 cons: SEQUENCE
   64:d=3  hl=2 l=  13 cons: SEQUENCE
   66:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   77:d=4  hl=2 l=   0 prim: NULL
   79:d=3  hl=2 l=  75 prim: BIT STRING
  156:d=2  hl=2 l=   0 cons: cont [ 0 ]
  158:d=1  hl=2 l=   3 cons: SEQUENCE
  160:d=2  hl=2 l=   1 prim: OBJECT            :0.0
  163:d=1  hl=2 l=   1 prim: BIT STRING

With 1.0.1 I get:

    0:d=0  hl=3 l= 162 cons: SEQUENCE
    3:d=1  hl=3 l= 152 cons: SEQUENCE
    6:d=2  hl=2 l=   1 prim: INTEGER           :00
    9:d=2  hl=2 l=  51 cons: SEQUENCE
   11:d=3  hl=2 l=  11 cons: SET
   13:d=4  hl=2 l=   9 cons: SEQUENCE
   15:d=5  hl=2 l=   3 prim: OBJECT            :countryName
   20:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
   24:d=3  hl=2 l=  13 cons: SET
   26:d=4  hl=2 l=  11 cons: SEQUENCE
   28:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
   33:d=5  hl=2 l=   4 prim: UTF8STRING        :None
   39:d=3  hl=2 l=  21 cons: SET
   41:d=4  hl=2 l=  19 cons: SEQUENCE
   43:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   48:d=5  hl=2 l=  12 prim: UTF8STRING        :test.example
   62:d=2  hl=2 l=  92 cons: SEQUENCE
   64:d=3  hl=2 l=  13 cons: SEQUENCE
   66:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   77:d=4  hl=2 l=   0 prim: NULL
   79:d=3  hl=2 l=  75 prim: BIT STRING
  156:d=2  hl=2 l=   0 cons: cont [ 0 ]
  158:d=1  hl=2 l=   2 cons: SEQUENCE
  160:d=2  hl=2 l=   0 prim: OBJECT            :BAD OBJECT
  162:d=1  hl=2 l=   1 prim: BIT STRING

-- 
	Viktor.

More information about the openssl-users mailing list