From e27c8bbf715dff2f2e9f026a1084fa8597e4061c Mon Sep 17 00:00:00 2001
From: joshua <>
Date: Thu, 28 Mar 2024 06:55:02 +0000
Subject: Use TLS_ERROR_INVALID_ARGUMENT for "too large" and "too small" errors

ok beck tb
---
 src/lib/libtls/tls_signer.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib/libtls/tls_signer.c')

diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c
index 95a3640d7a..d423b3b1c8 100644
--- a/src/lib/libtls/tls_signer.c
+++ b/src/lib/libtls/tls_signer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_signer.c,v 1.11 2024/03/28 02:08:24 joshua Exp $ */
+/* $OpenBSD: tls_signer.c,v 1.12 2024/03/28 06:55:02 joshua Exp $ */
 /*
  * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
  *
@@ -204,7 +204,7 @@ tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey,
 	}
 
 	if (input_len > INT_MAX) {
-		tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
+		tls_error_setx(&signer->error, TLS_ERROR_INVALID_ARGUMENT,
 		    "input too large");
 		return (-1);
 	}
@@ -252,7 +252,7 @@ tls_sign_ecdsa(struct tls_signer *signer, struct tls_signer_key *skey,
 	}
 
 	if (input_len > INT_MAX) {
-		tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
+		tls_error_setx(&signer->error, TLS_ERROR_INVALID_ARGUMENT,
 		    "digest too large");
 		return (-1);
 	}
-- 
cgit v1.2.3-55-g6feb