ip_addr_parse() sticks its fingers into undocumented API surface of libcrypto. What is true is that the unused bit count is in the lower three bits of p->flags, provided that ASN1_STRING_FLAG_BITS_LEFT is set. This is "documented" in asn1.h
#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ What the flags beyond 0x08 mean is mostly unspecified. They a priori don't have anything to do with the bit string's unused bits, so the checks and errors make no sense. Maybe we should add a check of the form if (p->flags & ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07)) { warnx("%s: unexpected flags set in address bit string", fn); return 0; } since equivalent checks have been working so far, but I'm not sure. This complains about an implementation detail, not on anything directly related to the (mis)parsing of a cert, roa, or ... Index: ip.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/ip.c,v retrieving revision 1.22 diff -u -p -r1.22 ip.c --- ip.c 11 May 2022 18:48:35 -0000 1.22 +++ ip.c 12 May 2022 11:20:52 -0000 @@ -189,17 +189,9 @@ ip_addr_parse(const ASN1_BIT_STRING *p, /* Weird OpenSSL-ism to get unused bit count. */ if ((p->flags & ASN1_STRING_FLAG_BITS_LEFT)) - unused = p->flags & ~ASN1_STRING_FLAG_BITS_LEFT; + unused = p->flags & 0x07; - if (unused < 0) { - warnx("%s: RFC 3779 section 2.2.3.8: " - "unused bit count must be non-negative", fn); - return 0; - } else if (unused >= 8) { - warnx("%s: RFC 3779 section 2.2.3.8: " - "unused bit count must mask an unsigned char", fn); - return 0; - } else if (p->length == 0 && unused != 0) { + if (p->length == 0 && unused != 0) { warnx("%s: RFC 3779 section 2.2.3.8: " "unused bit count must be zero if length is zero", fn); return 0;