pkcs12: unbounded PBKDF iteration count allows CPU exhaustion DoS
The pkcs12.Decode function accepts a PFX file with an arbitrarily
large Iterations field in MacData. This value is passed directly
to the PBKDF key derivation function without any upper bound check,
and executes before MAC verification or password checking.
An attacker can craft a small PFX file with Iterations=2^63-1,
causing any process that calls pkcs12.Decode on untrusted input
to consume CPU indefinitely.
Affected files:
- pkcs12/mac.go:35
- pkcs12/crypto.go:83
Fix: cap Iterations to a safe maximum before calling pbkdf().
PR: golang/crypto#351
pkcs12: unbounded PBKDF iteration count allows CPU exhaustion DoS
The pkcs12.Decode function accepts a PFX file with an arbitrarily
large Iterations field in MacData. This value is passed directly
to the PBKDF key derivation function without any upper bound check,
and executes before MAC verification or password checking.
An attacker can craft a small PFX file with Iterations=2^63-1,
causing any process that calls pkcs12.Decode on untrusted input
to consume CPU indefinitely.
Affected files:
Fix: cap Iterations to a safe maximum before calling pbkdf().
PR: golang/crypto#351