Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad processing of --usage parameter at request generation - CertInfo #1

Open
giordand opened this issue Aug 26, 2024 · 0 comments
Open

Bad processing of --usage parameter at request generation - CertInfo #1

giordand opened this issue Aug 26, 2024 · 0 comments

Comments

@giordand
Copy link

I detected 2 bugs referred to the KeyUsage extensions processing at CertInfo class:

  1. The first one at line 501 when the parameter --usage is processed:

ku_args = {k: True in self.usage for k in KU_FIELDS}

Here I guess that the aim is to set True to those KU_FIELDS that are present in self.usage. Instead of that, what that line is doing is assigning False to every k because the evaluation of True in self.usage results always to False. The next line fixes it:

ku_args = {k: True if k in self.usage else False for k in KU_FIELDS }

  1. The second one refers to the get_invalid_key_usage function inside keys.py. More specifically the line 115 tries to evaluate if we want to go UNSAFE or the pubkey is instance of rsa.RSAPublicKey:

image

Here what I guess is that we want to return empty tuple if the pubkey IS NOT a rsa.RSAPublicKey, because of this possible attack which you named "rsa_legacy", but I'm not complete sure about what you've tried to validate here.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@giordand