Paweł Domas
2014-09-08 11:14:19 UTC
Hello,
If DTLS Client Hello does not include curve names nor point format
extensions, then DtlsServerProtocol.accept(..) fails with Alert 47
illegal parameter. After investigation it turned out that
serverECPointFormats field of AbstractTlsServer is not initialized in
this case. Later this produces NPE exception and results in alert 47.
In method AbstractTlsServer.getServerExtensions:259 there is a check
against clientECPointFormats which is null when client does not
include point format extension in hello. However RFC states that this
is optional, so it should be safe to skip this check and just
initialize serverECPointFormats with default values when ECC cipher is
used.
Please find the patch attached and let me know what do you think about it.
Best regards,
Pawel
If DTLS Client Hello does not include curve names nor point format
extensions, then DtlsServerProtocol.accept(..) fails with Alert 47
illegal parameter. After investigation it turned out that
serverECPointFormats field of AbstractTlsServer is not initialized in
this case. Later this produces NPE exception and results in alert 47.
In method AbstractTlsServer.getServerExtensions:259 there is a check
against clientECPointFormats which is null when client does not
include point format extension in hello. However RFC states that this
is optional, so it should be safe to skip this check and just
initialize serverECPointFormats with default values when ECC cipher is
used.
Please find the patch attached and let me know what do you think about it.
Best regards,
Pawel