botan: Reject EC keys with explicitly encoded parameters

This requires a function that will be added in the upcoming Botan 3.2
release.

diff --git a/configure.ac b/configure.ac
index e89e702be455cbf00a5dec359f6dd010742c6267..365f5cb967e25eabba5a67686d3d1f01b6b78ed8 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1215,7 +1215,7 @@ if test x$botan = xtrue; then
        AC_SUBST(botan_LIBS)
        saved_LIBS=$LIBS
        LIBS="$botan_LIBS"
-       AC_CHECK_FUNCS(botan_rng_init_custom)
+       AC_CHECK_FUNCS(botan_rng_init_custom botan_pubkey_ecc_key_used_explicit_encoding)
        LIBS=$saved_LIBS
 fi
 

diff --git a/src/libstrongswan/plugins/botan/botan_ec_public_key.c b/src/libstrongswan/plugins/botan/botan_ec_public_key.c
index 95def4fa7588506c9633a48c96a2e1e66ea767dc..bd23bd0c89f229b8e959d2f382b9e54c6c0bb969 100644 (file)
--- a/src/libstrongswan/plugins/botan/botan_ec_public_key.c
+++ b/src/libstrongswan/plugins/botan/botan_ec_public_key.c
@@ -235,6 +235,14 @@ botan_ec_public_key_t *botan_ec_public_key_adopt(botan_pubkey_t key)
 {
        private_botan_ec_public_key_t *this;
 
+#ifdef HAVE_BOTAN_PUBKEY_ECC_KEY_USED_EXPLICIT_ENCODING
+       if (botan_pubkey_ecc_key_used_explicit_encoding(key))
+       {
+               botan_pubkey_destroy(key);
+               return NULL;
+       }
+#endif
+
        INIT(this,
                .public = {
                        .key = {