From d2f84e5670df96dc2f8e15b7fd5cd7cc32ca7283 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Sun, 26 Nov 2017 20:54:12 -0500
Subject: Fix errors caught with tlsfuzzer

Don't send EC point format extension in server hello unless an EC
suite was negotiated *and* the client sent the extension.

Fix server FFDHE logic, this effectively disabled DHE ciphersuites
for clients without FFDHE extension.

Use unexpected_message alert in case of an unexpected message.
(Previously an internal_error alert was sent.)
---
 src/lib/tls/msg_server_hello.cpp    | 2 +-
 src/lib/tls/tls_handshake_state.cpp | 6 ++++--
 src/lib/tls/tls_server.cpp          | 7 -------
 3 files changed, 5 insertions(+), 10 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp
index d44fb5bc6..67c3d530f 100644
--- a/src/lib/tls/msg_server_hello.cpp
+++ b/src/lib/tls/msg_server_hello.cpp
@@ -47,7 +47,7 @@ Server_Hello::Server_Hello(Handshake_IO& io,
       m_extensions.add(new Encrypt_then_MAC);
       }
 
-   if(c.ecc_ciphersuite())
+   if(c.ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
       {
       m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
       }
diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp
index 5fcfb08c7..442d499d1 100644
--- a/src/lib/tls/tls_handshake_state.cpp
+++ b/src/lib/tls/tls_handshake_state.cpp
@@ -74,7 +74,8 @@ const char* handshake_type_to_string(Handshake_Type type)
          return "invalid";
       }
 
-   throw Internal_Error("Unknown TLS handshake message type " + std::to_string(type));
+   throw TLS_Exception(Alert::UNEXPECTED_MESSAGE,
+                       "Unknown TLS handshake message type " + std::to_string(type));
    }
 
 namespace {
@@ -133,7 +134,8 @@ uint32_t bitmask_for_handshake_type(Handshake_Type type)
          return 0;
       }
 
-   throw Internal_Error("Unknown handshake type " + std::to_string(type));
+   throw TLS_Exception(Alert::UNEXPECTED_MESSAGE,
+                       "Unknown TLS handshake message type " + std::to_string(type));
    }
 
 std::string handshake_mask_to_string(uint32_t mask)
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index 9f1dfe1d1..f20e363cf 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -168,13 +168,9 @@ uint16_t choose_ciphersuite(
    const bool have_shared_ecc_curve =
       (policy.choose_curve(client_hello.supported_ecc_curves()) != "");
 
-   const bool have_shared_dh_group =
-      (policy.choose_dh_group(client_hello.supported_dh_groups()) != "");
-
    /*
    Walk down one list in preference order
    */
-
    std::vector<uint16_t> pref_list = server_suites;
    std::vector<uint16_t> other_list = client_suites;
 
@@ -196,9 +192,6 @@ uint16_t choose_ciphersuite(
       if(suite.ecc_ciphersuite() && have_shared_ecc_curve == false)
          continue;
 
-      if(suite.kex_algo() == "DH" && have_shared_dh_group == false)
-         continue;
-
       // For non-anon ciphersuites
       if(suite.sig_algo() != "")
          {
-- 
cgit v1.2.3