diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-14 15:01:18 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-14 17:15:59 +0100 |
| commit | ba90ad40262b29b1e2c19b62712750697629dae8 (patch) | |
| tree | 80bcc9d95c35f0d9c1766752c74c48286232a33d | |
| parent | f595629011ab4fd5daeae4152c9fca8477136294 (diff) | |
| download | gnutls-ba90ad40262b29b1e2c19b62712750697629dae8.tar.gz | |
PKCS#5,7 decryption: fail without leak on unknown MAC
| -rw-r--r-- | lib/x509/pkcs7-crypt.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c index 279ea1aed6..5d6965d63a 100644 --- a/lib/x509/pkcs7-crypt.c +++ b/lib/x509/pkcs7-crypt.c @@ -1053,9 +1053,11 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, kdf_params->iter_count, kdf_params->salt_size, kdf_params->salt, key_size, key); - else - return + else { + result = gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM); + goto error; + } } else if (p != NULL) { /* PKCS 12 schema */ result = _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), |