[Ejbca-develop] PKCS7 indefinite encoding with embedded 00 00 octets breaks pyasn1 parser

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

When using WSDL certificateRequest () with PKCS7WITHCHAIN, the
returned structure use indefinite length encoding:

   0:d=0  hl=2 l=inf  cons: SEQUENCE
    2:d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-signedData
   13:d=1  hl=2 l=inf  cons: cont [ 0 ]
   15:d=2  hl=2 l=inf  cons: SEQUENCE
   17:d=3  hl=2 l=   1 prim: INTEGER           :01
   20:d=3  hl=2 l=  11 cons: SET
   22:d=4  hl=2 l=   9 cons: SEQUENCE
   24:d=5  hl=2 l=   5 prim: OBJECT            :sha1

however the contents of the data structure, "d=1 cont[0]"  contains 00
00 so that some ASN.1 parsers terminate , they treat 00 00 as
end-of-content and drop bytes. Is the ASN.1 stream malformed?

For example pyasn1 will strip out all 00 00 in stream and throw the
following error:

pkcs7_asn1  = decoder.decode(<PKCS7_DER_FROM_EJBCA>, asn1Spec =
rfc2315.ContentInfo())

pyasn1.error.SubstrateUnderrunError: No EOO seen before substrate ends

Could you consider using definite length encoding?

However, OpenSSL utility pkcs7 handles these PKCS7 streams fine: maybe
it assumes the 2nd component continues to the end of file.

Anthony