PKCS#5,7 decryption: fail without leak on unknown MAC

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-12-14 10:43:45 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-12-14 11:12:20 +0100
commit: aaa0275e1b517dca2f369b434c9e431bd7ae4d26 (patch)
tree: f0ea2476fcc918f85d784a3981f071de268a9fa8 /lib
parent: c1271082daa4cd0eceeec9ac8fe0378cf4cfa911 (diff)
download: gnutls-aaa0275e1b517dca2f369b434c9e431bd7ae4d26.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 46eee35269..ccfb652d0a 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1669,7 +1669,10 @@ decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
 					 kdf_params->iter_count,
 					 kdf_params->salt_size, kdf_params->salt,
 					 key_size, key);
-		else return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
+		else {
+			result = gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
+			goto error;
+		}
 	} else if (p != NULL) { /* PKCS 12 schema */
 		result =
 		    _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1),
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-12-14 10:43:45 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-12-14 11:12:20 +0100
commit	aaa0275e1b517dca2f369b434c9e431bd7ae4d26 (patch)
tree	f0ea2476fcc918f85d784a3981f071de268a9fa8 /lib
parent	c1271082daa4cd0eceeec9ac8fe0378cf4cfa911 (diff)
download	gnutls-aaa0275e1b517dca2f369b434c9e431bd7ae4d26.tar.gz