auth: failures of _gnutls_mpi_init_scan_nz map to GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER

That ensures that the right alert is send when illegal
parameters are received (e.g., zero length).

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2 files changed, 12 insertions, 12 deletions

diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index 405579b926..9b6731ac5f 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -77,7 +77,7 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session,
 
 	if (_gnutls_mpi_init_scan_nz(&session->key.client_Y, &data[2], _n_Y)) {
 		gnutls_assert();
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; /* most likely zero or illegal size */
 	}
 
 	_gnutls_dh_set_peer_public(session, session->key.client_Y);
@@ -252,19 +252,19 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
 
 	if (_gnutls_mpi_init_scan_nz(&session->key.client_Y, data_Y, _n_Y) != 0) {
 		gnutls_assert();
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
 	}
 
 	if (_gnutls_mpi_init_scan_nz(&session->key.dh_params.params[DH_G], data_g, _n_g) != 0) {
 		gnutls_assert();
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
 	}
 
 	if (_gnutls_mpi_init_scan_nz(&session->key.dh_params.params[DH_P], data_p, _n_p) != 0) {
 		gnutls_assert();
 		/* we release now because session->key.dh_params.params_nr is not yet set */
 		_gnutls_mpi_release(&session->key.dh_params.params[DH_G]);
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
 	}
 
 	session->key.dh_params.params_nr = 3; /* include empty q */
diff --git a/lib/auth/srp_kx.c b/lib/auth/srp_kx.c
index ec13894d19..ecaefb8b8c 100644
--- a/lib/auth/srp_kx.c
+++ b/lib/auth/srp_kx.c
@@ -162,21 +162,21 @@ _gnutls_gen_srp_server_kx(gnutls_session_t session,
 	tmp_size = pwd_entry->g.size;
 	if (_gnutls_mpi_init_scan_nz(&G, pwd_entry->g.data, tmp_size) < 0) {
 		gnutls_assert();
-		ret = GNUTLS_E_MPI_SCAN_FAILED;
+		ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
 		goto cleanup;
 	}
 
 	tmp_size = pwd_entry->n.size;
 	if (_gnutls_mpi_init_scan_nz(&N, pwd_entry->n.data, tmp_size) < 0) {
 		gnutls_assert();
-		ret = GNUTLS_E_MPI_SCAN_FAILED;
+		ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
 		goto cleanup;
 	}
 
 	tmp_size = pwd_entry->v.size;
 	if (_gnutls_mpi_init_scan_nz(&V, pwd_entry->v.data, tmp_size) < 0) {
 		gnutls_assert();
-		ret = GNUTLS_E_MPI_SCAN_FAILED;
+		ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
 		goto cleanup;
 	}
 
@@ -355,7 +355,7 @@ _gnutls_proc_srp_client_kx(gnutls_session_t session, uint8_t * data,
 	DECR_LEN(data_size, _n_A);
 	if (_gnutls_mpi_init_scan_nz(&A, &data[2], _n_A) || A == NULL) {
 		gnutls_assert();
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
 	}
 
 	_gnutls_mpi_log("SRP A: ", A);
@@ -914,17 +914,17 @@ _gnutls_proc_srp_server_kx(gnutls_session_t session, uint8_t * data,
 
 	if (_gnutls_mpi_init_scan_nz(&N, data_n, _n_n) != 0) {
 		gnutls_assert();
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
 	}
 
 	if (_gnutls_mpi_init_scan_nz(&G, data_g, _n_g) != 0) {
 		gnutls_assert();
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
 	}
 
 	if (_gnutls_mpi_init_scan_nz(&B, data_b, _n_b) != 0) {
 		gnutls_assert();
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
 	}
 
 
@@ -961,7 +961,7 @@ _gnutls_proc_srp_server_kx(gnutls_session_t session, uint8_t * data,
 
 	if (_gnutls_mpi_init_scan_nz(&session->key.x, hd, _n_g) != 0) {
 		gnutls_assert();
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
 	}