From 7814a60b05846604a93c7b284883298c420abe90 Mon Sep 17 00:00:00 2001
From: gstarovo <gstarovo@redhat.com>
Date: Wed, 30 Oct 2024 14:18:33 +0100
Subject: [PATCH] fix: alert illegal_extension is added due to rfc, when
 uncompressed format is not found; alert decode_error is added when the list
 of ecc extenison is empty

fix: message alert description
---
 tlslite/keyexchange.py   | 10 +++++-----
 tlslite/tlsconnection.py |  6 ++++++
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/tlslite/keyexchange.py b/tlslite/keyexchange.py
index 7dd60a39..88789e06 100644
--- a/tlslite/keyexchange.py
+++ b/tlslite/keyexchange.py
@@ -714,7 +714,8 @@ def makeServerKeyExchange(self, sigHash=None):
         ext_s = self.serverHello.getExtension(ExtensionType.ec_point_formats)
         if ext_c:
             if ext_c.formats == []:
-                raise TLSDecodeError("The compression list is empty.")
+                raise TLSIllegalParameterException("Point formats \
+                                                   extension is empty.")
             elif ECPointFormat.uncompressed not in ext_c.formats:
                 raise TLSIllegalParameterException(
                     "The client does not advertise "
@@ -1109,10 +1110,9 @@ def calc_shared_key(self, private, peer_share,
         :returns: shared key
 
         :raises TLSIllegalParameterException
-            when the paramentrs for point are invalid
+            when the paramentrs for point are invalid;
+            when the the valid_point_formats is empty.
 
-        :raises TLSDecodeError
-            when the the valid_point_formats is empty
         """
         if self.group in self._x_groups:
             fun, _, size = self._get_fun_gen_size()
@@ -1135,7 +1135,7 @@ def calc_shared_key(self, private, peer_share,
         except AssertionError:
             raise TLSIllegalParameterException("Invalid ECC point")
         except DecodeError:
-            raise TLSDecodeError("Empty point format extension")
+            raise TLSIllegalParameterException("Empty point format extension")
         if isinstance(private, ecdsa.keys.SigningKey):
             ecdh = ecdsa.ecdh.ECDH(curve=curve, private_key=private)
             ecdh.load_received_public_key_bytes(peer_share,
diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
index ac108da1..8318158b 100644
--- a/tlslite/tlsconnection.py
+++ b/tlslite/tlsconnection.py
@@ -4409,6 +4409,12 @@ def _serverCertKeyExchange(self, clientHello, serverHello, sigHashAlg,
                     AlertDescription.insufficient_security,
                     str(alert)):
                 yield result
+        except TLSIllegalParameterException as alert:
+            alert = Alert().create(AlertDescription.illegal_parameter,
+                                           AlertLevel.fatal)
+            for result in self._sendError(alert):
+                yield result
+            raise
         if serverKeyExchange is not None:
             msgs.append(serverKeyExchange)
         if reqCert: