_gnutls_privkey_update_spki_params: use GNUTLS_E_CONSTRAINT_ERROR on mismatch of hash

That is a more specific error code for hash mismatch between public key information and signature. In addition only override the salt size, if it is set to zero without the proper flags. That prevents the update function from setting an invalid (lower) than the expected size. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-07-26 15:07:42 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-08-04 09:38:27 +0200
commit: 43249f233a4340f6ba0b4e99c137d12050d20045 (patch)
tree: 64acacc6427208c8f42b5d8cb9a1cf9e0b5ac68f
parent: 0e39b8e0e04d201af120ed7c1cb034ed8ba534b8 (diff)
download: gnutls-43249f233a4340f6ba0b4e99c137d12050d20045.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/privkey.c b/lib/privkey.c
index 91ec22479d..543886eef0 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -325,7 +325,7 @@ _gnutls_privkey_update_spki_params(gnutls_privkey_t key,
 	if ((key_pk != pk) &&
 	      !(key_pk == GNUTLS_PK_RSA && pk == GNUTLS_PK_RSA_PSS)) {
 		gnutls_assert();
-		return GNUTLS_E_INVALID_REQUEST;
+		return GNUTLS_E_CONSTRAINT_ERROR;
 	}
 
 	if (pk == GNUTLS_PK_RSA_PSS) {
@@ -339,8 +339,7 @@ _gnutls_privkey_update_spki_params(gnutls_privkey_t key,
 			salt_size = 0;
 		else if (params->pk == GNUTLS_PK_RSA_PSS) {
 			if (params->rsa_pss_dig != GNUTLS_DIG_UNKNOWN && dig != params->rsa_pss_dig) {
-				gnutls_assert();
-				return GNUTLS_E_INVALID_REQUEST;
+				return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR);
 			}
 
 			salt_size = params->salt_size;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-07-26 15:07:42 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-08-04 09:38:27 +0200
commit	43249f233a4340f6ba0b4e99c137d12050d20045 (patch)
tree	64acacc6427208c8f42b5d8cb9a1cf9e0b5ac68f
parent	0e39b8e0e04d201af120ed7c1cb034ed8ba534b8 (diff)
download	gnutls-43249f233a4340f6ba0b4e99c137d12050d20045.tar.gz