summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--usr.sbin/rpki-client/x509.c19
1 files changed, 17 insertions, 2 deletions
diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c
index f8dadf41447..50bc92b9b9b 100644
--- a/usr.sbin/rpki-client/x509.c
+++ b/usr.sbin/rpki-client/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.104 2024/10/16 06:09:45 tb Exp $ */
+/* $OpenBSD: x509.c,v 1.105 2024/12/03 14:51:09 job Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -414,6 +414,7 @@ x509_get_pubkey(X509 *x, const char *fn)
{
EVP_PKEY *pkey;
const EC_KEY *eckey;
+ const EC_GROUP *ecg;
int nid;
const char *cname;
uint8_t *pubkey = NULL;
@@ -437,7 +438,21 @@ x509_get_pubkey(X509 *x, const char *fn)
goto out;
}
- nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
+ if ((ecg = EC_KEY_get0_group(eckey)) == NULL) {
+ warnx("%s: EC_KEY_get0_group failed", fn);
+ goto out;
+ }
+
+ if (EC_GROUP_get_asn1_flag(ecg) != OPENSSL_EC_NAMED_CURVE) {
+ warnx("%s: curve encoding issue", fn);
+ goto out;
+ }
+
+ if (EC_GROUP_get_point_conversion_form(ecg) !=
+ POINT_CONVERSION_UNCOMPRESSED)
+ warnx("%s: unconventional point encoding", fn);
+
+ nid = EC_GROUP_get_curve_name(ecg);
if (nid != NID_X9_62_prime256v1) {
if ((cname = EC_curve_nid2nist(nid)) == NULL)
cname = nid2str(nid);
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-29 20:06:08 +0000