diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 09:06:32 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 11:08:51 +0200 |
commit | 68fc06c0a963fe1cd3e907dec1e2571c457f953a (patch) | |
tree | 0b00afd7c1b666b13c55e2bd1cf803fdba8ea595 | |
parent | f10289f6d8c04111d3a7777f4ed9710a8114ef2f (diff) | |
download | gnutls-68fc06c0a963fe1cd3e907dec1e2571c457f953a.tar.gz |
introduced error code GNUTLS_E_PK_INVALID_PUBKEY_PARAMS
This is being use to indicate errors in the public key parameters
such as the RSA-PSS salt size or digest algorithm.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/errors.c | 4 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 1 | ||||
-rw-r--r-- | lib/nettle/pk.c | 4 | ||||
-rw-r--r-- | lib/x509/key_decode.c | 4 |
4 files changed, 8 insertions, 5 deletions
diff --git a/lib/errors.c b/lib/errors.c index f870426a44..8cedd4a281 100644 --- a/lib/errors.c +++ b/lib/errors.c @@ -406,8 +406,10 @@ static const gnutls_error_entry error_entries[] = { GNUTLS_E_IDNA_ERROR), ERROR_ENTRY(N_("Cannot perform this action while handshake is in progress."), GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE), - ERROR_ENTRY(N_("The obtained public key is invalid."), + ERROR_ENTRY(N_("The public key is invalid."), GNUTLS_E_PK_INVALID_PUBKEY), + ERROR_ENTRY(N_("The public key parameters are invalid."), + GNUTLS_E_PK_INVALID_PUBKEY_PARAMS), ERROR_ENTRY(N_("The private key is invalid."), GNUTLS_E_PK_INVALID_PRIVKEY), ERROR_ENTRY(N_("The DER time encoding is invalid."), diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index ebee1b1478..da8db487a0 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2929,6 +2929,7 @@ unsigned gnutls_fips140_mode_enabled(void); #define GNUTLS_E_RECORD_OVERFLOW -417 /* GNUTLS_A_RECORD_OVERFLOW */ #define GNUTLS_E_ASN1_TIME_ERROR -418 #define GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY -419 +#define GNUTLS_E_PK_INVALID_PUBKEY_PARAMS -420 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index f32a82d8e7..cd7dce243b 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -530,7 +530,7 @@ _rsa_pss_sign_digest_tr(gnutls_digest_algorithm_t dig, } /* This is also checked in pss_encode_mgf1, but error out earlier. */ - CHECK_INVALID_RSA_PSS_PARAMS(hash_size, salt_size, pub->size, GNUTLS_E_ILLEGAL_PARAMETER); + CHECK_INVALID_RSA_PSS_PARAMS(hash_size, salt_size, pub->size, GNUTLS_E_PK_INVALID_PUBKEY_PARAMS); if (salt_size > 0) { salt = gnutls_malloc(salt_size); @@ -2352,7 +2352,7 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, /* sanity check for private key */ CHECK_INVALID_RSA_PSS_PARAMS(gnutls_hash_get_len(params->spki.rsa_pss_dig), params->spki.salt_size, pub_size, - GNUTLS_E_PK_INVALID_PRIVKEY); + GNUTLS_E_PK_INVALID_PUBKEY_PARAMS); } } diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index 4dab121fcf..fa65ba14fe 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -468,11 +468,11 @@ int _gnutls_x509_check_pubkey_params(gnutls_pk_params_st * params) me = hash_to_entry(params->spki.rsa_pss_dig); if (unlikely(me == NULL)) - return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR); + return gnutls_assert_val(GNUTLS_E_PK_INVALID_PUBKEY_PARAMS); hash_size = _gnutls_hash_get_algo_len(me); if (hash_size + params->spki.salt_size + 2 > (bits + 7) / 8) - return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR); + return gnutls_assert_val(GNUTLS_E_PK_INVALID_PUBKEY_PARAMS); return 0; } case GNUTLS_PK_RSA: |