Correct handling of AEAD-encrypted CMS with inadmissibly long IV

igus68 · t8m · commit ce39170276da · 2026-01-26T20:34:22.000+01:00
Fixes CVE-2025-15467 Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> MergeDate: Mon Jan 26 19:34:29 2026
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
@@ -249,10 +249,9 @@ int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
     if (type == NULL || asn1_params == NULL)
         return 0;
 
-    i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
-    if (i <= 0)
+    i = ossl_asn1_type_get_octetstring_int(type, &tl, iv, EVP_MAX_IV_LENGTH);
+    if (i <= 0 || i > EVP_MAX_IV_LENGTH)
         return -1;
-    ossl_asn1_type_get_octetstring_int(type, &tl, iv, i);
 
     memcpy(asn1_params->iv, iv, i);
     asn1_params->iv_len = i;
