diff --git a/tlslite/keyexchange.py b/tlslite/keyexchange.py index 7dd60a39..88789e06 100644 --- a/tlslite/keyexchange.py +++ b/tlslite/keyexchange.py @@ -714,7 +714,8 @@ def makeServerKeyExchange(self, sigHash=None): ext_s = self.serverHello.getExtension(ExtensionType.ec_point_formats) if ext_c: if ext_c.formats == []: - raise TLSDecodeError("The compression list is empty.") + raise TLSIllegalParameterException("Point formats \ + extension is empty.") elif ECPointFormat.uncompressed not in ext_c.formats: raise TLSIllegalParameterException( "The client does not advertise " @@ -1109,10 +1110,9 @@ def calc_shared_key(self, private, peer_share, :returns: shared key :raises TLSIllegalParameterException - when the paramentrs for point are invalid + when the paramentrs for point are invalid; + when the the valid_point_formats is empty. - :raises TLSDecodeError - when the the valid_point_formats is empty """ if self.group in self._x_groups: fun, _, size = self._get_fun_gen_size() @@ -1135,7 +1135,7 @@ def calc_shared_key(self, private, peer_share, except AssertionError: raise TLSIllegalParameterException("Invalid ECC point") except DecodeError: - raise TLSDecodeError("Empty point format extension") + raise TLSIllegalParameterException("Empty point format extension") if isinstance(private, ecdsa.keys.SigningKey): ecdh = ecdsa.ecdh.ECDH(curve=curve, private_key=private) ecdh.load_received_public_key_bytes(peer_share, diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py index ac108da1..8318158b 100644 --- a/tlslite/tlsconnection.py +++ b/tlslite/tlsconnection.py @@ -4409,6 +4409,12 @@ def _serverCertKeyExchange(self, clientHello, serverHello, sigHashAlg, AlertDescription.insufficient_security, str(alert)): yield result + except TLSIllegalParameterException as alert: + alert = Alert().create(AlertDescription.illegal_parameter, + AlertLevel.fatal) + for result in self._sendError(alert): + yield result + raise if serverKeyExchange is not None: msgs.append(serverKeyExchange) if reqCert: