From 89af85f9d4fc2ef3e89ad1b2a58c751f00f54a4f Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 3 Mar 2022 16:24:21 -0500 Subject: [PATCH 5/5] Fixed serialization of keyusage ext with no bits (#6930) fixes #6926 --- src/rust/src/x509/extensions.rs | 17 +++++++++++------ tests/x509/test_x509_ext.py | 14 ++++++++++++++ 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs index 606566dd9..68b9839a0 100644 --- a/src/rust/src/x509/extensions.rs +++ b/src/rust/src/x509/extensions.rs @@ -135,12 +135,17 @@ pub(crate) fn encode_extension( certificate::set_bit(&mut bs, 7, ext.getattr("encipher_only")?.is_true()?); certificate::set_bit(&mut bs, 8, ext.getattr("decipher_only")?.is_true()?); } - let bits = if bs[1] == 0 { &bs[..1] } else { &bs[..] }; - let unused_bits = bits.last().unwrap().trailing_zeros() as u8; - Ok(Some(asn1::write_single(&asn1::BitString::new( - bits, - unused_bits, - )))) + let (bits, unused_bits) = if bs[1] == 0 { + if bs[0] == 0 { + (&[][..], 0) + } else { + (&bs[..1], bs[0].trailing_zeros() as u8) + } + } else { + (&bs[..], bs[1].trailing_zeros() as u8) + }; + let v = asn1::BitString::new(bits, unused_bits).unwrap(); + Ok(Some(asn1::write_single(&v))) } else if oid == &*oid::AUTHORITY_INFORMATION_ACCESS_OID || oid == &*oid::SUBJECT_INFORMATION_ACCESS_OID { diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py index 66ac43d95..2bbba8ec6 100644 --- a/tests/x509/test_x509_ext.py +++ b/tests/x509/test_x509_ext.py @@ -1137,6 +1137,20 @@ class TestKeyUsage(object): ), b"\x03\x02\x02\x94", ), + ( + x509.KeyUsage( + digital_signature=False, + content_commitment=False, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=False, + crl_sign=False, + encipher_only=False, + decipher_only=False, + ), + b"\x03\x01\x00", + ), ], ) def test_public_bytes(self, ext, serialized): -- 2.35.1