diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-26 15:07:42 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 09:38:27 +0200 |
commit | 43249f233a4340f6ba0b4e99c137d12050d20045 (patch) | |
tree | 64acacc6427208c8f42b5d8cb9a1cf9e0b5ac68f | |
parent | 0e39b8e0e04d201af120ed7c1cb034ed8ba534b8 (diff) | |
download | gnutls-43249f233a4340f6ba0b4e99c137d12050d20045.tar.gz |
_gnutls_privkey_update_spki_params: use GNUTLS_E_CONSTRAINT_ERROR on mismatch of hash
That is a more specific error code for hash mismatch between
public key information and signature. In addition only override
the salt size, if it is set to zero without the proper flags.
That prevents the update function from setting an invalid (lower)
than the expected size.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/privkey.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/privkey.c b/lib/privkey.c index 91ec22479d..543886eef0 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -325,7 +325,7 @@ _gnutls_privkey_update_spki_params(gnutls_privkey_t key, if ((key_pk != pk) && !(key_pk == GNUTLS_PK_RSA && pk == GNUTLS_PK_RSA_PSS)) { gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + return GNUTLS_E_CONSTRAINT_ERROR; } if (pk == GNUTLS_PK_RSA_PSS) { @@ -339,8 +339,7 @@ _gnutls_privkey_update_spki_params(gnutls_privkey_t key, salt_size = 0; else if (params->pk == GNUTLS_PK_RSA_PSS) { if (params->rsa_pss_dig != GNUTLS_DIG_UNKNOWN && dig != params->rsa_pss_dig) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR); } salt_size = params->salt_size; |