]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4430162)
pkcs12: Validate salt and keylength in PBMAC1
authorTomas Mraz <tomas@openssl.org>
Thu, 8 Jan 2026 13:31:19 +0000 (14:31 +0100)
committerTomas Mraz <tomas@openssl.org>
Mon, 26 Jan 2026 16:14:10 +0000 (17:14 +0100)
The keylength value must be present and we accept
EVP_MAX_MD_SIZE at maximum.

The salt ASN.1 type must be OCTET STRING.

Fixes CVE-2025-11187

Reported by Stanislav Fort (Aisle Research) and Petr Simecek (Aisle Research).
Reported independently also by Hamza (Metadust).

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Alicja Kario <hkario@redhat.com>
MergeDate: Mon Jan 26 16:14:15 2026

crypto/pkcs12/p12_mutl.c patch | blob | blame | history

diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index f8d0bbd109bd8a1f6a9bd16ba5a04e5942ebc581..8bb4e30529d205f74c4dba911518f94ca84d36bb 100644 (file)
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -123,8 +123,6 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq,
         ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED);
         goto err;
     }
-    keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
-    pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
 
     if (pbkdf2_param->prf == NULL) {
         kdf_hmac_nid = NID_hmacWithSHA1;
@@ -139,6 +137,22 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq,
         goto err;
     }
 
+    /* Validate salt is an OCTET STRING choice */
+    if (pbkdf2_param->salt == NULL
+        || pbkdf2_param->salt->type != V_ASN1_OCTET_STRING) {
+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
+        goto err;
+    }
+    pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
+
+    /* RFC 9579 specifies missing key length as invalid */
+    if (pbkdf2_param->keylength != NULL)
+        keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
+    if (keylen <= 0 || keylen > EVP_MAX_MD_SIZE) {
+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
+        goto err;
+    }
+
     if (PKCS5_PBKDF2_HMAC(pass, passlen, pbkdf2_salt->data, pbkdf2_salt->length,
             ASN1_INTEGER_get(pbkdf2_param->iter), kdf_md, keylen, key)
         <= 0) {
Mirror of https://github.com/openssl/openssl.git