diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-09-17 11:31:29 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-09-17 11:43:39 +0200 |
| commit | 2a98a39d7d986f740f21fa14e54cd4d1a5d6dca4 (patch) | |
| tree | a7eec2639cd811aece45b30b7227d4b05e6b1163 /lib | |
| parent | b96164f0cfcacfd5e89440f09fd844eb1e1827bc (diff) | |
| download | gnutls-2a98a39d7d986f740f21fa14e54cd4d1a5d6dca4.tar.gz | |
Introduced separate error codes for invalid private and public keys
This allows functions like decryption and verification to report
the specific issue they encountered on public key error.
The new codes are GNUTLS_E_PK_INVALID_PUBKEY and GNUTLS_E_PK_INVALID_PRIVKEY
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/errors.c | 4 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 2 | ||||
| -rw-r--r-- | lib/nettle/pk.c | 26 |
3 files changed, 16 insertions, 16 deletions
diff --git a/lib/errors.c b/lib/errors.c index 05ef2e3171..5e4610bf8f 100644 --- a/lib/errors.c +++ b/lib/errors.c @@ -391,6 +391,10 @@ static const gnutls_error_entry error_entries[] = { GNUTLS_E_IDNA_ERROR), ERROR_ENTRY(N_("Cannot obtain resumption parameters while handshake is incomplete."), GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE), + ERROR_ENTRY(N_("The obtained public key is invalid."), + GNUTLS_E_PK_INVALID_PUBKEY), + ERROR_ENTRY(N_("The private key is invalid."), + GNUTLS_E_PK_INVALID_PRIVKEY), {NULL, NULL, 0} }; diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index c240f791fe..bad3eee16a 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2770,6 +2770,8 @@ unsigned gnutls_fips140_mode_enabled(void); #define GNUTLS_E_SESSION_USER_ID_CHANGED -406 #define GNUTLS_E_HANDSHAKE_DURING_FALSE_START -407 #define GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE -408 +#define GNUTLS_E_PK_INVALID_PUBKEY -409 +#define GNUTLS_E_PK_INVALID_PRIVKEY -410 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index c50e7efc8d..ffa6476e4a 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -113,7 +113,7 @@ _rsa_params_to_pubkey(const gnutls_pk_params_st * pk_params, memcpy(pub->n, pk_params->params[RSA_MODULUS], SIZEOF_MPZT); memcpy(pub->e, pk_params->params[RSA_PUB], SIZEOF_MPZT); if (rsa_public_key_prepare(pub) == 0) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val(GNUTLS_E_PK_INVALID_PUBKEY); return 0; } @@ -126,7 +126,7 @@ _ecc_params_to_privkey(const gnutls_pk_params_st * pk_params, ecc_scalar_init(priv, curve); if (ecc_scalar_set(priv, pk_params->params[ECC_K]) == 0) { ecc_scalar_clear(priv); - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val(GNUTLS_E_PK_INVALID_PRIVKEY); } return 0; @@ -140,7 +140,7 @@ _ecc_params_to_pubkey(const gnutls_pk_params_st * pk_params, if (ecc_point_set (pub, pk_params->params[ECC_X], pk_params->params[ECC_Y]) == 0) { ecc_point_clear(pub); - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val(GNUTLS_E_PK_INVALID_PUBKEY); } return 0; @@ -348,9 +348,7 @@ _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo, ret = _rsa_params_to_pubkey(pk_params, &pub); if (ret < 0) { - ret = - gnutls_assert_val - (GNUTLS_E_ENCRYPTION_FAILED); + gnutls_assert(); goto cleanup; } @@ -413,9 +411,7 @@ _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo, ret = _rsa_params_to_pubkey(pk_params, &pub); if (ret < 0) return - gnutls_assert_val - (GNUTLS_E_DECRYPTION_FAILED); - + gnutls_assert_val(ret); if (ciphertext->size != pub.size) return @@ -590,8 +586,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, ret = _rsa_params_to_pubkey(pk_params, &pub); if (ret < 0) return - gnutls_assert_val - (GNUTLS_E_PK_SIGN_FAILED); + gnutls_assert_val(ret); mpz_init(s); @@ -731,8 +726,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, ret = _rsa_params_to_pubkey(pk_params, &pub); if (ret < 0) return - gnutls_assert_val - (GNUTLS_E_PK_SIG_VERIFY_FAILED); + gnutls_assert_val(ret); if (signature->size != pub.size) return @@ -1816,12 +1810,12 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, } if (mpz_cmp_ui(TOMPZ(params->params[RSA_PRIME1]), 0) == 0) - return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + return gnutls_assert_val(GNUTLS_E_PK_INVALID_PRIVKEY); if (mpz_invert(TOMPZ(params->params[RSA_COEF]), TOMPZ(params->params[RSA_PRIME2]), TOMPZ(params->params[RSA_PRIME1])) == 0) - return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + return gnutls_assert_val(GNUTLS_E_PK_INVALID_PRIVKEY); /* calculate exp1 [6] and exp2 [7] */ zrelease_mpi_key(¶ms->params[RSA_E1]); @@ -1837,7 +1831,7 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, _rsa_params_to_privkey(params, &priv); ret = rsa_private_key_prepare(&priv); if (ret == 0) { - return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + return gnutls_assert_val(GNUTLS_E_PK_INVALID_PRIVKEY); } } |