]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4430162) | patch
pkcs12: Validate salt and keylength in PBMAC1
authorTomas Mraz <tomas@openssl.org>
Thu, 8 Jan 2026 13:31:19 +0000 (14:31 +0100)
committerTomas Mraz <tomas@openssl.org>
Mon, 26 Jan 2026 16:14:10 +0000 (17:14 +0100)
commitde157b8ff3328d41448779fa23b071c8e88304d2
treec89eac1dea67636a33d9e7ce1a8c26d43126f211tree | snapshot
parent44301622038022535f8452314e81d1493d8b91b5commit | diff
pkcs12: Validate salt and keylength in PBMAC1

The keylength value must be present and we accept
EVP_MAX_MD_SIZE at maximum.

The salt ASN.1 type must be OCTET STRING.

Fixes CVE-2025-11187

Reported by Stanislav Fort (Aisle Research) and Petr Simecek (Aisle Research).
Reported independently also by Hamza (Metadust).

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Alicja Kario <hkario@redhat.com>
MergeDate: Mon Jan 26 16:14:15 2026
crypto/pkcs12/p12_mutl.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git