Tweak TLS alerts for some error conditions

randombit · Oct 17, 2024 · 32ccdce · 32ccdce
1 parent 639afdb
commit 32ccdce
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 5 deletions.
diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp
@@ -169,7 +169,7 @@ Certificate_Verify_13::Certificate_Verify_13(const Certificate_13& certificate_m
 Certificate_Verify_13::Certificate_Verify_13(const std::vector<uint8_t>& buf, const Connection_Side side) :
  Certificate_Verify(buf), m_side(side) {
  if(!m_scheme.is_available()) {
- throw TLS_Exception(Alert::HandshakeFailure, "Peer sent unknown signature scheme");
+ throw TLS_Exception(Alert::IllegalParameter, "Peer sent unknown signature scheme");
  }
 
  if(!m_scheme.is_compatible_with(Protocol_Version::TLS_V13)) {

diff --git a/src/lib/tls/tls12/msg_client_kex.cpp b/src/lib/tls/tls12/msg_client_kex.cpp
@@ -106,7 +106,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
  const std::vector<uint8_t> peer_public_value = reader.get_range<uint8_t>(1, 1, 255);
 
  if(!curve_id.is_ecdh_named_curve() && !curve_id.is_x25519() && !curve_id.is_x448()) {
- throw TLS_Exception(Alert::HandshakeFailure,
+ throw TLS_Exception(Alert::IllegalParameter,
  "Server selected a group that is not compatible with the negotiated ciphersuite");
  }
 

diff --git a/src/lib/tls/tls12/tls_handshake_state.cpp b/src/lib/tls/tls12/tls_handshake_state.cpp
@@ -310,7 +310,7 @@ std::pair<std::string, Signature_Format> Handshake_State::parse_sig_format(
  }
 
  if(!scheme.is_available()) {
- throw TLS_Exception(Alert::HandshakeFailure, "Peer sent unknown signature scheme");
+ throw TLS_Exception(Alert::IllegalParameter, "Peer sent unknown signature scheme");
  }
 
  if(key_type != scheme.algorithm_name()) {

diff --git a/src/lib/tls/tls13_pqc/hybrid_public_key.cpp b/src/lib/tls/tls13_pqc/hybrid_public_key.cpp
@@ -152,8 +152,9 @@ std::unique_ptr<Hybrid_KEM_PublicKey> Hybrid_KEM_PublicKey::load_for_group(
 
  const auto expected_public_values_length =
  reduce(public_value_lengths, size_t(0), [](size_t acc, size_t len) { return acc + len; });
- BOTAN_ARG_CHECK(expected_public_values_length == concatenated_public_values.size(),
- "Concatenated public values have an unexpected length");
+ if(expected_public_values_length != concatenated_public_values.size()) {
+ throw Decoding_Error("Concatenated public values have an unexpected length");
+ }
 
  BufferSlicer public_value_slicer(concatenated_public_values);
  std::vector<std::unique_ptr<Public_Key>> pks;

diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp
@@ -306,6 +306,9 @@ secure_vector<uint8_t> TLS::Callbacks::tls_kem_decapsulate(TLS::Group_Params gro
  const Policy& policy) {
  if(group.is_kem()) {
  PK_KEM_Decryptor kemdec(private_key, rng, "Raw");
+ if(encapsulated_bytes.size() != kemdec.encapsulated_key_length()) {
+ throw TLS_Exception(Alert::IllegalParameter, "Invalid encapsulated key length");
+ }
  return kemdec.decrypt(encapsulated_bytes, 0, {});
  }