Return correct alert type on malformed DH/ECDH messages.

In the client key exchange if the message was malformed (eg an
completely empty ECDH share) a Decoding_Error would be thrown,
then caught and a fake pre master secret generated. Move the
parsing of the message out of the try/catch block, so the correct
error is reported.

1 files changed, 11 insertions, 7 deletions

diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp
index 742fee6b5..51040e479 100644
--- a/src/lib/tls/msg_client_kex.cpp
+++ b/src/lib/tls/msg_client_kex.cpp
@@ -403,17 +403,21 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents,
             throw Internal_Error("Expected key agreement key type but got " +
                                  private_key.algo_name());
 
+         std::vector<uint8_t> client_pubkey;
+
+         if(ka_key->algo_name() == "DH")
+            {
+            client_pubkey = reader.get_range<uint8_t>(2, 0, 65535);
+            }
+         else
+            {
+            client_pubkey = reader.get_range<uint8_t>(1, 1, 255);
+            }
+
          try
             {
             PK_Key_Agreement ka(*ka_key, rng, "Raw");
 
-            std::vector<uint8_t> client_pubkey;
-
-            if(ka_key->algo_name() == "DH")
-               client_pubkey = reader.get_range<uint8_t>(2, 0, 65535);
-            else
-               client_pubkey = reader.get_range<uint8_t>(1, 0, 255);
-
             secure_vector<uint8_t> shared_secret = ka.derive_key(0, client_pubkey).bits_of();
 
             if(ka_key->algo_name() == "DH")