|
|
2753bc |
From 89af85f9d4fc2ef3e89ad1b2a58c751f00f54a4f Mon Sep 17 00:00:00 2001
|
|
|
2753bc |
From: Alex Gaynor <alex.gaynor@gmail.com>
|
|
|
2753bc |
Date: Thu, 3 Mar 2022 16:24:21 -0500
|
|
|
2753bc |
Subject: [PATCH 5/5] Fixed serialization of keyusage ext with no bits (#6930)
|
|
|
2753bc |
|
|
|
2753bc |
fixes #6926
|
|
|
2753bc |
---
|
|
|
2753bc |
src/rust/src/x509/extensions.rs | 17 +++++++++++------
|
|
|
2753bc |
tests/x509/test_x509_ext.py | 14 ++++++++++++++
|
|
|
2753bc |
2 files changed, 25 insertions(+), 6 deletions(-)
|
|
|
2753bc |
|
|
|
2753bc |
diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs
|
|
|
2753bc |
index 606566dd9..68b9839a0 100644
|
|
|
2753bc |
--- a/src/rust/src/x509/extensions.rs
|
|
|
2753bc |
+++ b/src/rust/src/x509/extensions.rs
|
|
|
2753bc |
@@ -135,12 +135,17 @@ pub(crate) fn encode_extension(
|
|
|
2753bc |
certificate::set_bit(&mut bs, 7, ext.getattr("encipher_only")?.is_true()?);
|
|
|
2753bc |
certificate::set_bit(&mut bs, 8, ext.getattr("decipher_only")?.is_true()?);
|
|
|
2753bc |
}
|
|
|
2753bc |
- let bits = if bs[1] == 0 { &bs[..1] } else { &bs[..] };
|
|
|
2753bc |
- let unused_bits = bits.last().unwrap().trailing_zeros() as u8;
|
|
|
2753bc |
- Ok(Some(asn1::write_single(&asn1::BitString::new(
|
|
|
2753bc |
- bits,
|
|
|
2753bc |
- unused_bits,
|
|
|
2753bc |
- ))))
|
|
|
2753bc |
+ let (bits, unused_bits) = if bs[1] == 0 {
|
|
|
2753bc |
+ if bs[0] == 0 {
|
|
|
2753bc |
+ (&[][..], 0)
|
|
|
2753bc |
+ } else {
|
|
|
2753bc |
+ (&bs[..1], bs[0].trailing_zeros() as u8)
|
|
|
2753bc |
+ }
|
|
|
2753bc |
+ } else {
|
|
|
2753bc |
+ (&bs[..], bs[1].trailing_zeros() as u8)
|
|
|
2753bc |
+ };
|
|
|
2753bc |
+ let v = asn1::BitString::new(bits, unused_bits).unwrap();
|
|
|
2753bc |
+ Ok(Some(asn1::write_single(&v)))
|
|
|
2753bc |
} else if oid == &*oid::AUTHORITY_INFORMATION_ACCESS_OID
|
|
|
2753bc |
|| oid == &*oid::SUBJECT_INFORMATION_ACCESS_OID
|
|
|
2753bc |
{
|
|
|
2753bc |
diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
|
|
|
2753bc |
index 66ac43d95..2bbba8ec6 100644
|
|
|
2753bc |
--- a/tests/x509/test_x509_ext.py
|
|
|
2753bc |
+++ b/tests/x509/test_x509_ext.py
|
|
|
2753bc |
@@ -1137,6 +1137,20 @@ class TestKeyUsage(object):
|
|
|
2753bc |
),
|
|
|
2753bc |
b"\x03\x02\x02\x94",
|
|
|
2753bc |
),
|
|
|
2753bc |
+ (
|
|
|
2753bc |
+ x509.KeyUsage(
|
|
|
2753bc |
+ digital_signature=False,
|
|
|
2753bc |
+ content_commitment=False,
|
|
|
2753bc |
+ key_encipherment=False,
|
|
|
2753bc |
+ data_encipherment=False,
|
|
|
2753bc |
+ key_agreement=False,
|
|
|
2753bc |
+ key_cert_sign=False,
|
|
|
2753bc |
+ crl_sign=False,
|
|
|
2753bc |
+ encipher_only=False,
|
|
|
2753bc |
+ decipher_only=False,
|
|
|
2753bc |
+ ),
|
|
|
2753bc |
+ b"\x03\x01\x00",
|
|
|
2753bc |
+ ),
|
|
|
2753bc |
],
|
|
|
2753bc |
)
|
|
|
2753bc |
def test_public_bytes(self, ext, serialized):
|
|
|
2753bc |
--
|
|
|
2753bc |
2.35.1
|
|
|
2753bc |
|