Skip to content

Commit 016e918

Browse files
DoumanAshDoumanAsh
committed
Handle unset key usage
1 parent 4e7c91b commit 016e918

File tree

2 files changed

+54
-1
lines changed

2 files changed

+54
-1
lines changed

openssl/src/x509/mod.rs

+6-1
Original file line numberDiff line numberDiff line change
@@ -692,7 +692,12 @@ impl X509Ref {
692692
#[corresponds(X509_get_key_usage)]
693693
pub fn key_usage(&self) -> X509KeyUsage {
694694
let res = unsafe { ffi::X509_get_key_usage(self.as_ptr()) };
695-
X509KeyUsage::from_bits_retain(res)
695+
//u32::MAX indicates key usage is not set
696+
if res == u32::MAX {
697+
X509KeyUsage::empty()
698+
} else {
699+
X509KeyUsage::from_bits_retain(res)
700+
}
696701
}
697702

698703
to_pem! {

openssl/src/x509/tests.rs

+48
Original file line numberDiff line numberDiff line change
@@ -1255,3 +1255,51 @@ fn should_get_x509_key_usage() {
12551255
assert!(!usage.contains(X509KeyUsage::ENCIPHER_ONLY));
12561256
assert!(!usage.contains(X509KeyUsage::DECIPHER_ONLY));
12571257
}
1258+
1259+
#[cfg(ossl110)]
1260+
#[test]
1261+
fn should_get_x509_key_usage_when_no_set() {
1262+
use crate::x509::X509KeyUsage;
1263+
1264+
let pkey = pkey();
1265+
1266+
let mut name = X509Name::builder().unwrap();
1267+
name.append_entry_by_nid(Nid::COMMONNAME, "key_usage.com")
1268+
.unwrap();
1269+
let name = name.build();
1270+
1271+
let mut builder = X509::builder().unwrap();
1272+
builder.set_version(2).unwrap();
1273+
builder.set_subject_name(&name).unwrap();
1274+
builder.set_issuer_name(&name).unwrap();
1275+
builder
1276+
.set_not_before(&Asn1Time::days_from_now(0).unwrap())
1277+
.unwrap();
1278+
builder
1279+
.set_not_after(&Asn1Time::days_from_now(365).unwrap())
1280+
.unwrap();
1281+
builder.set_pubkey(&pkey).unwrap();
1282+
1283+
let mut serial = BigNum::new().unwrap();
1284+
serial.rand(128, MsbOption::MAYBE_ZERO, false).unwrap();
1285+
builder
1286+
.set_serial_number(&serial.to_asn1_integer().unwrap())
1287+
.unwrap();
1288+
1289+
builder.sign(&pkey, MessageDigest::sha256()).unwrap();
1290+
1291+
let x509 = builder.build();
1292+
1293+
assert!(pkey.public_eq(&x509.public_key().unwrap()));
1294+
assert!(x509.verify(&pkey).unwrap());
1295+
1296+
let cn = x509
1297+
.subject_name()
1298+
.entries_by_nid(Nid::COMMONNAME)
1299+
.next()
1300+
.unwrap();
1301+
assert_eq!(cn.data().as_slice(), b"key_usage.com");
1302+
1303+
let usage = x509.key_usage();
1304+
assert_eq!(usage, X509KeyUsage::empty());
1305+
}

0 commit comments

Comments
 (0)