From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 31 Aug 2023 12:27:09 +0000 (+0200)
Subject: botan: Reject EC keys with explicitly encoded parameters
X-Git-Tag: 5.9.12dr2~2^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0b989c7b20be8e575eda66bf1e107b38b187e08b;p=thirdparty%2Fstrongswan.git

botan: Reject EC keys with explicitly encoded parameters

This requires a function that will be added in the upcoming Botan 3.2
release.
---

diff --git a/configure.ac b/configure.ac
index e89e702be4..365f5cb967 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1215,7 +1215,7 @@ if test x$botan = xtrue; then
 	AC_SUBST(botan_LIBS)
 	saved_LIBS=$LIBS
 	LIBS="$botan_LIBS"
-	AC_CHECK_FUNCS(botan_rng_init_custom)
+	AC_CHECK_FUNCS(botan_rng_init_custom botan_pubkey_ecc_key_used_explicit_encoding)
 	LIBS=$saved_LIBS
 fi
 
diff --git a/src/libstrongswan/plugins/botan/botan_ec_public_key.c b/src/libstrongswan/plugins/botan/botan_ec_public_key.c
index 95def4fa75..bd23bd0c89 100644
--- a/src/libstrongswan/plugins/botan/botan_ec_public_key.c
+++ b/src/libstrongswan/plugins/botan/botan_ec_public_key.c
@@ -235,6 +235,14 @@ botan_ec_public_key_t *botan_ec_public_key_adopt(botan_pubkey_t key)
 {
 	private_botan_ec_public_key_t *this;
 
+#ifdef HAVE_BOTAN_PUBKEY_ECC_KEY_USED_EXPLICIT_ENCODING
+	if (botan_pubkey_ecc_key_used_explicit_encoding(key))
+	{
+		botan_pubkey_destroy(key);
+		return NULL;
+	}
+#endif
+
 	INIT(this,
 		.public = {
 			.key = {