Bad processing of --usage parameter at request generation - CertInfo

I detected 2 bugs referred to the KeyUsage extensions processing at CertInfo class:

1. The first one at line 501 when the parameter `--usage` is processed:

`ku_args = {k: True in self.usage for k in KU_FIELDS}`

Here I guess that the aim is to set True to those KU_FIELDS that are present in self.usage. Instead of that, what that line is doing is  assigning False to every `k` because the evaluation of `True in self.usage` results **always to False**. The next line fixes it:

`ku_args = {k: True if k in self.usage else False for k in KU_FIELDS }`

2. The second one refers to the `get_invalid_key_usage` function inside keys.py. More specifically the line 115 tries to evaluate if we want to go UNSAFE or the pubkey is instance of rsa.RSAPublicKey:

![image](https://github.com/user-attachments/assets/9e4af4a0-4af6-4bc5-8713-388fa584d705)

Here what I guess is that we want to return empty tuple if the pubkey **IS NOT** a rsa.RSAPublicKey, because of [this possible attack](https://crypto.stackexchange.com/questions/12090/using-the-same-rsa-keypair-to-sign-and-encrypt/12138#12138) which you named "rsa_legacy", but I'm not complete sure about what you've tried to validate here.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bad processing of --usage parameter at request generation - CertInfo #1

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Bad processing of --usage parameter at request generation - CertInfo #1

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions