Add script for running TLS fuzzer

Fix a few minor issues found thereby

3 files changed, 8 insertions, 1 deletions

diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp
index f55568c8e..9cb92447b 100644
--- a/src/lib/tls/msg_client_kex.cpp
+++ b/src/lib/tls/msg_client_kex.cpp
@@ -377,6 +377,10 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents,
             else
                m_pre_master = shared_secret;
             }
+         catch(Invalid_Argument& e)
+            {
+            throw TLS_Exception(Alert::ILLEGAL_PARAMETER, e.what());
+            }
          catch(std::exception &)
             {
             /*
diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp
index 28884c1e2..bcd3aa39b 100644
--- a/src/lib/tls/tls_callbacks.cpp
+++ b/src/lib/tls/tls_callbacks.cpp
@@ -119,7 +119,7 @@ std::pair<secure_vector<uint8_t>, std::vector<uint8_t>> TLS::Callbacks::tls_dh_a
     * advantage to bogus keys anyway.
     */
    if(Y <= 1 || Y >= p - 1)
-      throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
+      throw TLS_Exception(Alert::ILLEGAL_PARAMETER,
                           "Server sent bad DH key for DHE exchange");
 
    DL_Group group(p, g);
diff --git a/src/lib/tls/tls_handshake_io.cpp b/src/lib/tls/tls_handshake_io.cpp
index acc30b102..7ac868612 100644
--- a/src/lib/tls/tls_handshake_io.cpp
+++ b/src/lib/tls/tls_handshake_io.cpp
@@ -78,6 +78,9 @@ Stream_Handshake_IO::get_next_record(bool)
          {
          Handshake_Type type = static_cast<Handshake_Type>(m_queue[0]);
 
+         if(type == HANDSHAKE_NONE)
+            throw Decoding_Error("Invalid handshake message type");
+
          std::vector<uint8_t> contents(m_queue.begin() + 4,
                                        m_queue.begin() + length);