feat: TLSDecodeError instead of TLSIllegalParameter

tlsfuzzer · Nov 27, 2024 · 08ee649 · 08ee649
1 parent 2a21d8a
commit 08ee649
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/tlslite/keyexchange.py b/tlslite/keyexchange.py
@@ -714,8 +714,7 @@ def makeServerKeyExchange(self, sigHash=None):
         ext_s = self.serverHello.getExtension(ExtensionType.ec_point_formats)
         if ext_c:
             if ext_c.formats == []:
-                raise TLSIllegalParameterException("Point formats \
-                                                   extension is empty.")
+                raise TLSDecodeError("Point formats extension is empty.")
             elif ECPointFormat.uncompressed not in ext_c.formats:
                 raise TLSIllegalParameterException(
                     "The client does not advertise "
@@ -1110,7 +1109,8 @@ def calc_shared_key(self, private, peer_share,
         :returns: shared key
 
         :raises TLSIllegalParameterException
-            when the paramentrs for point are invalid;
+            when the paramentrs for point are invalid.
+        :raises TLSDecodeError
             when the the valid_point_formats is empty.
 
         """
@@ -1135,7 +1135,7 @@ def calc_shared_key(self, private, peer_share,
         except AssertionError:
             raise TLSIllegalParameterException("Invalid ECC point")
         except DecodeError:
-            raise TLSIllegalParameterException("Empty point format extension")
+            raise TLSDecodeError("Empty point formats extension")
         if isinstance(private, ecdsa.keys.SigningKey):
             ecdh = ecdsa.ecdh.ECDH(curve=curve, private_key=private)
             ecdh.load_received_public_key_bytes(peer_share,

diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
@@ -4473,6 +4473,12 @@ def _serverCertKeyExchange(self, clientHello, serverHello, sigHashAlg,
             for result in self._sendError(alert):
                 yield result
             raise
+        except TLSDecodeError as alert:
+            alert = Alert().create(AlertDescription.decode_error,
+                                           AlertLevel.fatal)
+            for result in self._sendError(alert):
+                yield result
+            raise
         if serverKeyExchange is not None:
             msgs.append(serverKeyExchange)
         if reqCert: