Function X509GetDERCsrTbs() in x509bldr.c calls the following function:
CHK( DERAddInteger(Context, 0));
This call results in ASN.1 byte encoding of "0x02 0x00".
OpenSSL will fail to parse the generated CSR (Certificate Signing Request).
For example, typing the command:
openssl req -in riot.csr -noout -text
Results in the following error:
unable to load X509 request
25769902144:error:0D0E20DE:asn1 encoding routines:c2i_ibuf:illegal zero content:crypto/asn1/a_int.c:154:
25769902144:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=version, Type=X509_REQ_INFO
25769902144:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=req_info, Type=X509_REQ
25769902144:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:
The correct byte encoding should be "0x02 0x01 0x00".
The problem lies with function DERAddInteger().
I have used the following hack to circumvent the issue but a proper fix needs to be implemented :
// CHK( DERAddInteger(Context, 0));
Context->Buffer[Context->Position++] = 0x02;
Context->Buffer[Context->Position++] = 0x01;
Context->Buffer[Context->Position++] = 0x00;
Function X509GetDERCsrTbs() in x509bldr.c calls the following function:
CHK( DERAddInteger(Context, 0));
This call results in ASN.1 byte encoding of "0x02 0x00".
OpenSSL will fail to parse the generated CSR (Certificate Signing Request).
For example, typing the command:
Results in the following error:
The correct byte encoding should be "0x02 0x01 0x00".
The problem lies with function DERAddInteger().
I have used the following hack to circumvent the issue but a proper fix needs to be implemented :