Blame SOURCES/0005-Fixed-serialization-of-keyusage-ext-with-no-bits-693.patch

2753bc
From 89af85f9d4fc2ef3e89ad1b2a58c751f00f54a4f Mon Sep 17 00:00:00 2001
2753bc
From: Alex Gaynor <alex.gaynor@gmail.com>
2753bc
Date: Thu, 3 Mar 2022 16:24:21 -0500
2753bc
Subject: [PATCH 5/5] Fixed serialization of keyusage ext with no bits (#6930)
2753bc
2753bc
fixes #6926
2753bc
---
2753bc
 src/rust/src/x509/extensions.rs | 17 +++++++++++------
2753bc
 tests/x509/test_x509_ext.py     | 14 ++++++++++++++
2753bc
 2 files changed, 25 insertions(+), 6 deletions(-)
2753bc
2753bc
diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs
2753bc
index 606566dd9..68b9839a0 100644
2753bc
--- a/src/rust/src/x509/extensions.rs
2753bc
+++ b/src/rust/src/x509/extensions.rs
2753bc
@@ -135,12 +135,17 @@ pub(crate) fn encode_extension(
2753bc
             certificate::set_bit(&mut bs, 7, ext.getattr("encipher_only")?.is_true()?);
2753bc
             certificate::set_bit(&mut bs, 8, ext.getattr("decipher_only")?.is_true()?);
2753bc
         }
2753bc
-        let bits = if bs[1] == 0 { &bs[..1] } else { &bs[..] };
2753bc
-        let unused_bits = bits.last().unwrap().trailing_zeros() as u8;
2753bc
-        Ok(Some(asn1::write_single(&asn1::BitString::new(
2753bc
-            bits,
2753bc
-            unused_bits,
2753bc
-        ))))
2753bc
+        let (bits, unused_bits) = if bs[1] == 0 {
2753bc
+            if bs[0] == 0 {
2753bc
+                (&[][..], 0)
2753bc
+            } else {
2753bc
+                (&bs[..1], bs[0].trailing_zeros() as u8)
2753bc
+            }
2753bc
+        } else {
2753bc
+            (&bs[..], bs[1].trailing_zeros() as u8)
2753bc
+        };
2753bc
+        let v = asn1::BitString::new(bits, unused_bits).unwrap();
2753bc
+        Ok(Some(asn1::write_single(&v)))
2753bc
     } else if oid == &*oid::AUTHORITY_INFORMATION_ACCESS_OID
2753bc
         || oid == &*oid::SUBJECT_INFORMATION_ACCESS_OID
2753bc
     {
2753bc
diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
2753bc
index 66ac43d95..2bbba8ec6 100644
2753bc
--- a/tests/x509/test_x509_ext.py
2753bc
+++ b/tests/x509/test_x509_ext.py
2753bc
@@ -1137,6 +1137,20 @@ class TestKeyUsage(object):
2753bc
                 ),
2753bc
                 b"\x03\x02\x02\x94",
2753bc
             ),
2753bc
+            (
2753bc
+                x509.KeyUsage(
2753bc
+                    digital_signature=False,
2753bc
+                    content_commitment=False,
2753bc
+                    key_encipherment=False,
2753bc
+                    data_encipherment=False,
2753bc
+                    key_agreement=False,
2753bc
+                    key_cert_sign=False,
2753bc
+                    crl_sign=False,
2753bc
+                    encipher_only=False,
2753bc
+                    decipher_only=False,
2753bc
+                ),
2753bc
+                b"\x03\x01\x00",
2753bc
+            ),
2753bc
         ],
2753bc
     )
2753bc
     def test_public_bytes(self, ext, serialized):
2753bc
-- 
2753bc
2.35.1
2753bc