Bug 1474675 - CMCRequest: self-signed cmc request has ASN.1 Error: Object has zero length
CMCRequest: self-signed cmc request has ASN.1 Error: Object has zero length
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core (Show other bugs)
7.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Christina Fu
Asha Akkiangady
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-25 03:12 EDT by Geetika Kapoor
Modified: 2018-04-16 20:56 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Geetika Kapoor 2017-07-25 03:12:44 EDT
Description of problem:

CMCRequest: self-signed cmc request has ASN.1 Error: Object has zero length
I have observed that it happens to every self-signed cmc request, but not others.  Although the requests still get processed by the CA without issues.

<snip>
2581    0:       [0]
         :         Error: Object has zero length.
</snip>

Version-Release number of selected component (if applicable):

pki-ca-10.4.1-11.el7.noarch

How reproducible:

always

Steps to Reproduce:
1.Generate a cmcrequest for self signed certificate http://pki.fedoraproject.org/wiki/PKI_10.4_CMC_Feature_Update_%28RFC5272%29#Self-Signed_CMC_Request_Example_.28with_IdentityProofV2.29


Actual results:


Expected results:

Need to understand why we get this and how to resolve it?

Additional info:

dumpasn1 format shows one error:

[root@pki1 certs_db]# dumpasn1 self-signed/cmc.self.req
   0 2978: SEQUENCE {
   4    9:   OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
  15 2963:   [0] {
  19 2959:     SEQUENCE {
  23    1:       INTEGER 3
  26   15:       SET {
  28   13:         SEQUENCE {
  30    9:           OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
  41    0:           NULL
         :           }
         :         }
  43 2534:       SEQUENCE {
  47    8:         OBJECT IDENTIFIER '1 3 6 1 5 5 7 12 2'
  57 2520:         [0] {
  61 2516:           OCTET STRING, encapsulates {
  65 2512:             SEQUENCE {
  69  188:               SEQUENCE {
  72   81:                 SEQUENCE {
  74    1:                   INTEGER 1
  77    8:                   OBJECT IDENTIFIER '1 3 6 1 5 5 7 7 22'
  87   66:                   SET {
  89   64:                     OCTET STRING
         :                     BC E0 F7 45 B8 CD AE FE A0 06 DD 4B 55 77 38 18
         :                     02 D3 16 CB 3E E2 B1 BE AD C7 FF EA C0 49 4C FC
         :                     7A 06 51 14 B0 36 0B 26 26 56 6D B0 FA C8 96 48
         :                     02 8B B2 FA 93 7A 87 39 A8 5D B0 7B DF 9E 22 67
         :                     }
         :                   }
 155   25:                 SEQUENCE {
 157    1:                   INTEGER 1
 160    8:                   OBJECT IDENTIFIER '1 3 6 1 5 5 7 7 2'
 170   10:                   SET {
 172    8:                     UTF8String 'testuser'
         :                     }
         :                   }
 182   76:                 SEQUENCE {
 184    1:                   INTEGER 2
 187    8:                   OBJECT IDENTIFIER '1 3 6 1 5 5 7 7 34'
 197   61:                   SET {
 199   59:                     SEQUENCE {
 201   11:                       SEQUENCE {
 203    9:                         OBJECT IDENTIFIER
         :                           sha-512 (2 16 840 1 101 3 4 2 3)
         :                         }
 214   10:                       SEQUENCE {
 216    8:                         OBJECT IDENTIFIER
         :                           hmacWithSHA256 (1 2 840 113549 2 9)
         :                         }
 226   32:                       OCTET STRING
         :                     97 9C CB 2E 2F DD 06 D2 2A C1 0B 49 6B 04 41 1F
         :                     B5 D9 74 7C DF 30 31 CF 3D C4 DD E0 48 A0 B4 6B
         :                       }
         :                     }
         :                   }
         :                 }
 260 2313:               SEQUENCE {
 264 2309:                 [1] {
 268 2025:                   SEQUENCE {
 272    1:                     INTEGER 1
 275  389:                     SEQUENCE {
 279    1:                       [0] 02
 282   59:                       [5] {
 284   57:                         SEQUENCE {
 286   13:                           SET {
 288   11:                             SEQUENCE {
 290    3:                               OBJECT IDENTIFIER
         :                                 organizationalUnitName (2 5 4 11)
 295    4:                               PrintableString 'test'
         :                               }
         :                             }
 301   23:                           SET {
 303   21:                             SEQUENCE {
 305   10:                               OBJECT IDENTIFIER
         :                                 userID (0 9 2342 19200300 100 1 1)
 317    7:                               PrintableString 'Testing'
         :                               }
         :                             }
 326   15:                           SET {
 328   13:                             SEQUENCE {
 330    3:                               OBJECT IDENTIFIER commonName (2 5 4 3)
 335    6:                               PrintableString 'Test11'
         :                               }
         :                             }
         :                           }
         :                         }
 343  290:                       [6] {
 347   13:                         SEQUENCE {
 349    9:                           OBJECT IDENTIFIER
         :                             rsaEncryption (1 2 840 113549 1 1 1)
 360    0:                           NULL
         :                           }
 362  271:                         BIT STRING, encapsulates {
 367  266:                           SEQUENCE {
 371  257:                             INTEGER
         :                     00 B8 50 41 39 CB 52 08 DE C2 76 D5 53 6E 9D D6
         :                     72 93 2F 06 EF 9E 7F D5 1D 57 7D 97 E9 06 4B 1F
         :                     A8 73 FF 35 F6 0C B6 83 55 1A 94 5A 4A 16 99 96
         :                     D4 8E 31 36 29 D5 6C 45 6B AB A3 6F CD 24 AD F2
         :                     B9 AB C3 B6 37 61 E2 14 CA E3 5B F4 40 A6 BD 2B
         :                     52 8E 22 0C BF 02 5B 0A AC D8 B2 E6 56 F7 2F 80
         :                     0A C6 F5 DC 92 00 69 55 FC CB EF 1C 1F 41 9E DD
         :                     C7 7D 11 13 E4 1B B5 BC 5F 0F 23 8E 6C A3 FC F3
         :                             [ Another 129 bytes skipped ]
 632    3:                             INTEGER 65537
         :                             }
         :                           }
         :                         }
 637   29:                       [9] {
 639   27:                         SEQUENCE {
 641    3:                           OBJECT IDENTIFIER
         :                             subjectKeyIdentifier (2 5 29 14)
 646   20:                           OCTET STRING
         :                     90 B1 76 39 9C BE FE 62 2F DC 9F 5A 5C 83 FD 81
         :                     03 D3 6A 6B
         :                           }
         :                         }
         :                       }
 668 1625:                     SEQUENCE {
 672 1548:                       SEQUENCE {
 676    9:                         OBJECT IDENTIFIER
         :                           pkiArchiveOptions (1 3 6 1 5 5 7 5 1 4)
 687 1533:                         [0] {
 691 1529:                           SEQUENCE {
 695   29:                             [1] {
 697    9:                               OBJECT IDENTIFIER
         :                                 aes128-CBC (2 16 840 1 101 3 4 1 2)
 708   16:                               OCTET STRING
         :                     9D 16 33 58 F2 E7 C5 F3 F5 51 F0 F8 AE E0 DA AB
         :                               }
 726  257:                             [2]
         :                     00 1E 9C 61 1D AB 75 8B FB 4C 7F FE F1 60 61 50
         :                     80 E6 82 FA C0 BE 74 A7 7B 29 5C DE 3B 44 8B 88
         :                     B6 E9 16 E9 E0 92 5A 91 41 D3 50 CB 79 4F 24 82
         :                     58 FC D5 40 5D 13 B9 76 D9 D0 4D 11 50 7C ED 33
         :                     2D DA 23 B7 51 7D D5 AF 4B 20 52 08 CF 9E 3B 40
         :                     8C 92 15 8A 44 AE 95 D2 8F 94 79 B6 70 2F F5 DA
         :                     87 63 26 49 4E 5A 7E 45 B7 45 5B 92 EB 7D 72 01
         :                     14 82 5D 6E 01 E0 A4 17 1F EB 3D 0C 89 B5 8C 6F
         :                             [ Another 129 bytes skipped ]
 987 1233:                             BIT STRING
         :                     50 D0 11 AB E9 A9 43 29 3B D4 1C 4F 80 CF 3E F1
         :                     84 8D F7 60 2A E6 54 B3 61 1C 41 ED 5A A3 AD EA
         :                     EC 5B A7 60 F4 A5 9C E2 40 CD 6D DC 8B 46 15 0E
         :                     8B CF F2 C0 D7 BB 3D 21 DE 36 EE 11 FE 27 8A AC
         :                     35 40 03 A2 51 A3 05 65 FB 05 85 06 9A DB 71 2F
         :                     43 A0 A2 6B 05 9A D2 7C A3 4C 9F 75 60 EF 29 B9
         :                     D0 0C 4F EC E4 65 F7 57 DE A8 F3 76 13 27 7B 44
         :                     8E 4E 90 5B 3B 9B 99 9B 4E B8 E4 40 B1 A0 4C 75
         :                             [ Another 1104 bytes skipped ]
         :                             }
         :                           }
         :                         }
2224   71:                       SEQUENCE {
2226    8:                         OBJECT IDENTIFIER '1 3 6 1 5 5 7 7 33'
2236   59:                         SEQUENCE {
2238   11:                           SEQUENCE {
2240    9:                             OBJECT IDENTIFIER
         :                               sha-256 (2 16 840 1 101 3 4 2 1)
         :                             }
2251   10:                           SEQUENCE {
2253    8:                             OBJECT IDENTIFIER
         :                               hmacWithSHA256 (1 2 840 113549 2 9)
         :                             }
2263   32:                           OCTET STRING
         :                     5B BC 95 92 AB D1 93 03 7B 93 DA F8 25 2D 3F DB
         :                     EF 77 D6 83 98 FE 47 8C D0 BF 77 BB 9F 25 3B F4
         :                           }
         :                         }
         :                       }
         :                     }
2297  276:                   [1] {
2301   13:                     SEQUENCE {
2303    9:                       OBJECT IDENTIFIER
         :                         sha256WithRSAEncryption (1 2 840 113549 1 1 11)
2314    0:                       NULL
         :                       }
2316  257:                     BIT STRING
         :                     33 D0 AB D4 94 09 AB BD F2 73 DF B9 3C 7B A3 6A
         :                     C7 A6 04 DF 3C 10 E6 9E 3E D1 03 21 DF 26 97 D6
         :                     91 FA 6E 42 B0 D4 93 61 E1 B0 FC 00 79 A6 32 C3
         :                     32 4E C7 D3 C0 47 4B 1D 7E 8F 14 9A B3 3E 46 C7
         :                     89 83 1F AD 74 CA 40 64 E1 F2 12 FA AC 47 CC F4
         :                     6C A2 76 EA E6 76 B0 35 B2 AB DF 9B 33 A7 20 98
         :                     05 1C 62 05 EA F9 81 C5 C3 87 12 39 AC 43 1F 10
         :                     A9 EF DB 86 AF 3B A9 52 FA 76 DB E3 4D E3 FB B1
         :                             [ Another 128 bytes skipped ]
         :                     }
         :                   }
         :                 }
2577    0:               SEQUENCE {}
2579    0:               SEQUENCE {}
         :               }
         :             }
         :           }
         :         }
2581    0:       [0]
         :         Error: Object has zero length.
2583  395:       SET {
2587  391:         SEQUENCE {
2591    1:           INTEGER 3
2594   20:           [0]
         :             90 B1 76 39 9C BE FE 62 2F DC 9F 5A 5C 83 FD 81
         :             03 D3 6A 6B
2616   13:           SEQUENCE {
2618    9:             OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
2629    0:             NULL
         :             }
2631   74:           [0] {
2633   23:             SEQUENCE {
2635    9:               OBJECT IDENTIFIER contentType (1 2 840 113549 1 9 3)
2646   10:               SET {
2648    8:                 OBJECT IDENTIFIER '1 3 6 1 5 5 7 12 2'
         :                 }
         :               }
2658   47:             SEQUENCE {
2660    9:               OBJECT IDENTIFIER messageDigest (1 2 840 113549 1 9 4)
2671   34:               SET {
2673   32:                 OCTET STRING
         :                   62 04 2F 43 8E 94 60 CC 9B 8A 38 D8 52 17 22 18
         :                   41 11 94 8F 1F AA 6B F7 48 D2 50 3D B3 62 AD 00
         :                 }
         :               }
         :             }
2707   13:           SEQUENCE {
2709    9:             OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
2720    0:             NULL
         :             }
2722  256:           OCTET STRING
         :             30 6C 67 10 45 90 7B BD ED 4B 9C 55 1E 6A 0D 5B
         :             9C 3F 63 D2 65 96 DF 25 29 A0 29 3C 86 09 27 09
         :             43 F2 8D 1F E4 B2 49 F5 D2 D6 DE A3 D0 CC E6 A5
         :             09 75 3E 7F B9 EE FA D3 36 59 63 DE 9E 79 8B 9F
         :             7A 40 F9 8A C8 0A 68 58 6D 0D C5 4C 25 CC 6B 36
         :             A2 27 05 46 9E 3B 31 35 19 D8 B4 DA 63 C0 8E 7C
         :             BB 86 7E 9F 05 17 84 2A 46 35 B8 AE AE 34 B7 D9
         :             F5 E6 04 19 95 01 A8 0C 88 89 00 1E 79 9A 33 E5
         :                     [ Another 128 bytes skipped ]
         :           }
         :         }
         :       }
         :     }
         :   }

0 warnings, 1 error.
Comment 3 Matthew Harmsen 2017-10-25 12:28:28 EDT
[20171025] - RHEL 7.5 / RHCS 9.3 pre-Alpha Offline Triage ==> 7.6
Comment 4 Matthew Harmsen 2018-04-16 20:56:34 EDT
Per RHEL 7.5.z/7.6/8.0 Triage:  7.6

Note You need to log in before you can comment on or make changes to this bug.