Skip to content

Fix regression in key usage purpose encoding #369

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 20, 2025
Merged

Fix regression in key usage purpose encoding #369

merged 2 commits into from
Jul 20, 2025
+15 −6

Conversation

djc
Copy link
Member

@djc djc commented Jul 18, 2025
edited
Loading

Key usage purpose encoding regressed in #287.

I don't (yet) really know what I'm doing here, just implementing @ctz's suggestion from the issue to keep this moving.

Anyone want to suggest some tests that would prevent this from regressing again? There are some tests in https://github.com/rustls/rcgen/pull/287/files#diff-1340717e703c8244b2ad18d09955bd825f1565daee83f900a26a5c956b57c125R380 but we should have something that catches this.

Fixes #368.

@djc djc requested review from cpu, ctz and est31 July 18, 2025 07:23
ctz
ctz reviewed Jul 18, 2025
View reviewed changes
Copy link
Member

@ctz ctz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a test, how about this?

diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs
index 8f625b8..9438018 100644
--- a/rcgen/src/certificate.rs
+++ b/rcgen/src/certificate.rs
@@ -1146,6 +1150,10 @@ mod tests {

                for ext in cert.extensions() {
                        if key_usage_oid_str == ext.oid.to_id_string() {
+                               // should have the minimal number of octets, and no extra trailing zero bytes
+                               // ref. https://github.com/rustls/rcgen/issues/368
+                               assert_eq!(ext.value, vec![0x03, 0x02, 0x05, 0xe0]);
+
                                if let x509_parser::extensions::ParsedExtension::KeyUsage(usage) =
                                        ext.parsed_extension()

@djc djc force-pushed the key-usage-bits branch from 38be30a to 41d9e5e Compare July 18, 2025 08:33
@djc
Copy link
Member Author

djc commented Jul 18, 2025

Thanks! I made you the commit author. 👍

@djc djc added this pull request to the merge queue Jul 20, 2025
Merged via the queue into main with commit 620e219 Jul 20, 2025
16 checks passed
@djc djc deleted the key-usage-bits branch July 20, 2025 18:41
@djc
Copy link
Member Author

djc commented Jul 21, 2025

  • Published rcgen v0.14.3 at registry crates-io
  • [new tag] v0.14.3 -> v0.14.3
  • Release notes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctz ctz ctz left review comments

@cpu cpu cpu approved these changes

@est31 est31 est31 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Extra byte in Key Usage value
4 participants
@djc @cpu @ctz @est31