diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-08-05 10:17:46 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-07 14:51:19 +0200 |
| commit | b548f73d6774dce378e5bfd50f8c16bd5d96e458 (patch) | |
| tree | 54f23ded0f7621c337e78f1b5d7427d1fcac76a2 | |
| parent | bab09d3b4780a2d2720d415dcce4442a91e3246f (diff) | |
| download | gnutls-b548f73d6774dce378e5bfd50f8c16bd5d96e458.tar.gz | |
gnutls_x509_privkey_verify_seed: improved error on missing validation parameters
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| -rw-r--r-- | lib/errors.c | 2 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 1 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 4 | ||||
| -rw-r--r-- | src/certtool.c | 5 |
4 files changed, 9 insertions, 3 deletions
diff --git a/lib/errors.c b/lib/errors.c index 8cedd4a281..b5213707a3 100644 --- a/lib/errors.c +++ b/lib/errors.c @@ -408,6 +408,8 @@ static const gnutls_error_entry error_entries[] = { GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE), ERROR_ENTRY(N_("The public key is invalid."), GNUTLS_E_PK_INVALID_PUBKEY), + ERROR_ENTRY(N_("There are no validation parameters present."), + GNUTLS_E_PK_NO_VALIDATION_PARAMS), ERROR_ENTRY(N_("The public key parameters are invalid."), GNUTLS_E_PK_INVALID_PUBKEY_PARAMS), ERROR_ENTRY(N_("The private key is invalid."), diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index e5ba7c6439..80c0819fb6 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2935,6 +2935,7 @@ unsigned gnutls_fips140_mode_enabled(void); #define GNUTLS_E_ASN1_TIME_ERROR -418 #define GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY -419 #define GNUTLS_E_PK_INVALID_PUBKEY_PARAMS -420 +#define GNUTLS_E_PK_NO_VALIDATION_PARAMS -421 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 09a9bf03d3..dc02738cf9 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1896,7 +1896,7 @@ int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, gnutls_digest_alg } if (key->params.algo != GNUTLS_PK_RSA && key->params.algo != GNUTLS_PK_DSA) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); ret = gnutls_x509_privkey_get_pk_algorithm2(key, &bits); if (ret < 0) @@ -1912,7 +1912,7 @@ int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, gnutls_digest_alg } if (seed == NULL || seed_size == 0) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val(GNUTLS_E_PK_NO_VALIDATION_PARAMS); data.type = GNUTLS_KEYGEN_SEED; data.data = (void*)seed; diff --git a/src/certtool.c b/src/certtool.c index f0b154b8c5..b61185fc09 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -284,7 +284,10 @@ static void verify_provable_privkey(common_info_st * cinfo) } if (ret < 0) { - fprintf(stderr, "Error verifying private key: %s\n", gnutls_strerror(ret)); + if (ret == GNUTLS_E_UNIMPLEMENTED_FEATURE) + fprintf(stderr, "The private key type cannot be associated with validated parameters\n"); + else + fprintf(stderr, "Error verifying private key: %s\n", gnutls_strerror(ret)); app_exit(1); } |