You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
67 lines
2.4 KiB
67 lines
2.4 KiB
From 89af85f9d4fc2ef3e89ad1b2a58c751f00f54a4f Mon Sep 17 00:00:00 2001 |
|
From: Alex Gaynor <alex.gaynor@gmail.com> |
|
Date: Thu, 3 Mar 2022 16:24:21 -0500 |
|
Subject: [PATCH 5/5] Fixed serialization of keyusage ext with no bits (#6930) |
|
|
|
fixes #6926 |
|
--- |
|
src/rust/src/x509/extensions.rs | 17 +++++++++++------ |
|
tests/x509/test_x509_ext.py | 14 ++++++++++++++ |
|
2 files changed, 25 insertions(+), 6 deletions(-) |
|
|
|
diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs |
|
index 606566dd9..68b9839a0 100644 |
|
--- a/src/rust/src/x509/extensions.rs |
|
+++ b/src/rust/src/x509/extensions.rs |
|
@@ -135,12 +135,17 @@ pub(crate) fn encode_extension( |
|
certificate::set_bit(&mut bs, 7, ext.getattr("encipher_only")?.is_true()?); |
|
certificate::set_bit(&mut bs, 8, ext.getattr("decipher_only")?.is_true()?); |
|
} |
|
- let bits = if bs[1] == 0 { &bs[..1] } else { &bs[..] }; |
|
- let unused_bits = bits.last().unwrap().trailing_zeros() as u8; |
|
- Ok(Some(asn1::write_single(&asn1::BitString::new( |
|
- bits, |
|
- unused_bits, |
|
- )))) |
|
+ let (bits, unused_bits) = if bs[1] == 0 { |
|
+ if bs[0] == 0 { |
|
+ (&[][..], 0) |
|
+ } else { |
|
+ (&bs[..1], bs[0].trailing_zeros() as u8) |
|
+ } |
|
+ } else { |
|
+ (&bs[..], bs[1].trailing_zeros() as u8) |
|
+ }; |
|
+ let v = asn1::BitString::new(bits, unused_bits).unwrap(); |
|
+ Ok(Some(asn1::write_single(&v))) |
|
} else if oid == &*oid::AUTHORITY_INFORMATION_ACCESS_OID |
|
|| oid == &*oid::SUBJECT_INFORMATION_ACCESS_OID |
|
{ |
|
diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py |
|
index 66ac43d95..2bbba8ec6 100644 |
|
--- a/tests/x509/test_x509_ext.py |
|
+++ b/tests/x509/test_x509_ext.py |
|
@@ -1137,6 +1137,20 @@ class TestKeyUsage(object): |
|
), |
|
b"\x03\x02\x02\x94", |
|
), |
|
+ ( |
|
+ x509.KeyUsage( |
|
+ digital_signature=False, |
|
+ content_commitment=False, |
|
+ key_encipherment=False, |
|
+ data_encipherment=False, |
|
+ key_agreement=False, |
|
+ key_cert_sign=False, |
|
+ crl_sign=False, |
|
+ encipher_only=False, |
|
+ decipher_only=False, |
|
+ ), |
|
+ b"\x03\x01\x00", |
|
+ ), |
|
], |
|
) |
|
def test_public_bytes(self, ext, serialized): |
|
-- |
|
2.35.1 |
|
|
|
|