From 495aa9b57a3ce3ee546a0498ef232b4aa47d0f51 Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Tue, 28 Jan 2020 13:05:14 +0300
Subject: [PATCH] pkcs12: do not go try calculating pbkdf2 with 0 iterations

Nettle will abort on a call to pbkdf2 if iterations is 0. Add check to
GnuTLS PKCS12 GOST code to check that iter is not 0.

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 .../dcbb6c7d385ddf87823849890768b022dc9e1eff     | Bin 0 -> 1011 bytes
 lib/x509/pkcs12.c                                |   3 +++
 2 files changed, 3 insertions(+)

diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 8c3310d066..6324fb25a3 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -867,6 +867,9 @@ _gnutls_pkcs12_gost_string_to_key(gnutls_mac_algorithm_t algo,
 	size_t temp_len = sizeof(temp);
 	unsigned int pass_len = 0;
 
+	if (iter == 0)
+		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
 	if (pass)
 		pass_len = strlen(pass);
 
-- 
2.26.2