From b548f73d6774dce378e5bfd50f8c16bd5d96e458 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 5 Aug 2017 10:17:46 +0200
Subject: gnutls_x509_privkey_verify_seed: improved error on missing validation
 parameters

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---
 lib/errors.c                    | 2 ++
 lib/includes/gnutls/gnutls.h.in | 1 +
 lib/x509/privkey.c              | 4 ++--
 src/certtool.c                  | 5 ++++-
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/errors.c b/lib/errors.c
index 8cedd4a281..b5213707a3 100644
--- a/lib/errors.c
+++ b/lib/errors.c
@@ -408,6 +408,8 @@ static const gnutls_error_entry error_entries[] = {
 		    GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE),
 	ERROR_ENTRY(N_("The public key is invalid."),
 		    GNUTLS_E_PK_INVALID_PUBKEY),
+	ERROR_ENTRY(N_("There are no validation parameters present."),
+		    GNUTLS_E_PK_NO_VALIDATION_PARAMS),
 	ERROR_ENTRY(N_("The public key parameters are invalid."),
 		    GNUTLS_E_PK_INVALID_PUBKEY_PARAMS),
 	ERROR_ENTRY(N_("The private key is invalid."),
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index e5ba7c6439..80c0819fb6 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -2935,6 +2935,7 @@ unsigned gnutls_fips140_mode_enabled(void);
 #define GNUTLS_E_ASN1_TIME_ERROR -418
 #define GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY -419
 #define GNUTLS_E_PK_INVALID_PUBKEY_PARAMS -420
+#define GNUTLS_E_PK_NO_VALIDATION_PARAMS -421
 
 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
 
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 09a9bf03d3..dc02738cf9 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1896,7 +1896,7 @@ int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, gnutls_digest_alg
 	}
 
 	if (key->params.algo != GNUTLS_PK_RSA && key->params.algo != GNUTLS_PK_DSA)
-		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+		return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
 
 	ret = gnutls_x509_privkey_get_pk_algorithm2(key, &bits);
 	if (ret < 0)
@@ -1912,7 +1912,7 @@ int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, gnutls_digest_alg
 	}
 
 	if (seed == NULL || seed_size == 0)
-		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+		return gnutls_assert_val(GNUTLS_E_PK_NO_VALIDATION_PARAMS);
 
 	data.type = GNUTLS_KEYGEN_SEED;
 	data.data = (void*)seed;
diff --git a/src/certtool.c b/src/certtool.c
index f0b154b8c5..b61185fc09 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -284,7 +284,10 @@ static void verify_provable_privkey(common_info_st * cinfo)
 	}
 
 	if (ret < 0) {
-		fprintf(stderr, "Error verifying private key: %s\n", gnutls_strerror(ret));
+		if (ret == GNUTLS_E_UNIMPLEMENTED_FEATURE)
+			fprintf(stderr, "The private key type cannot be associated with validated parameters\n");
+		else
+			fprintf(stderr, "Error verifying private key: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
-- 
cgit v1.2.1