Pedro Monreal Gonzalez
b0d78d2994
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* TLS 1.3 CompressedCertificate excessive memory allocation
- openssl-CVE-2025-66199.patch [bsc#1256833, CVE-2025-66199]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB
- openssl-CVE-2025-15469.patch [bsc#1256832, CVE-2025-15469]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
* Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
- openssl-CVE-2025-11187.patch [bsc#1256829, CVE-2025-11187]
* NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
- openssl-CVE-2025-15468.patch [bsc#1256831, CVE-2025-15468]
- Enable livepatching support for ppc64le [bsc#1257274]
- Security fix: [bsc#1250232 CVE-2025-9230]
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=160
55 lines
2.0 KiB
Diff
55 lines
2.0 KiB
Diff
From a26d82c5b141c706bc97455cde511e710c2510a9 Mon Sep 17 00:00:00 2001
|
|
From: Tomas Mraz <tomas@openssl.org>
|
|
Date: Thu, 8 Jan 2026 14:31:19 +0100
|
|
Subject: [PATCH] pkcs12: Validate salt and keylength in PBMAC1
|
|
|
|
The keylength value must be present and we accept
|
|
EVP_MAX_MD_SIZE at maximum.
|
|
|
|
The salt ASN.1 type must be OCTET STRING.
|
|
|
|
Fixes CVE-2025-11187
|
|
|
|
Reported by Stanislav Fort (Aisle Research) and Petr Simecek (Aisle Research).
|
|
Reported independently also by Hamza (Metadust).
|
|
---
|
|
crypto/pkcs12/p12_mutl.c | 18 ++++++++++++++++--
|
|
1 file changed, 16 insertions(+), 2 deletions(-)
|
|
|
|
Index: openssl-3.5.0/crypto/pkcs12/p12_mutl.c
|
|
===================================================================
|
|
--- openssl-3.5.0.orig/crypto/pkcs12/p12_mutl.c
|
|
+++ openssl-3.5.0/crypto/pkcs12/p12_mutl.c
|
|
@@ -122,8 +122,6 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_C
|
|
ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED);
|
|
goto err;
|
|
}
|
|
- keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
|
|
- pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
|
|
|
|
if (pbkdf2_param->prf == NULL) {
|
|
kdf_hmac_nid = NID_hmacWithSHA1;
|
|
@@ -138,6 +136,22 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_C
|
|
goto err;
|
|
}
|
|
|
|
+ /* Validate salt is an OCTET STRING choice */
|
|
+ if (pbkdf2_param->salt == NULL
|
|
+ || pbkdf2_param->salt->type != V_ASN1_OCTET_STRING) {
|
|
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
|
|
+ goto err;
|
|
+ }
|
|
+ pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
|
|
+
|
|
+ /* RFC 9579 specifies missing key length as invalid */
|
|
+ if (pbkdf2_param->keylength != NULL)
|
|
+ keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
|
|
+ if (keylen <= 0 || keylen > EVP_MAX_MD_SIZE) {
|
|
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
|
|
+ goto err;
|
|
+ }
|
|
+
|
|
if (PKCS5_PBKDF2_HMAC(pass, passlen, pbkdf2_salt->data, pbkdf2_salt->length,
|
|
ASN1_INTEGER_get(pbkdf2_param->iter), kdf_md, keylen, key) <= 0) {
|
|
ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
|