diff --git a/ech.go b/ech.go index 55d5217..d9795b4 100644 --- a/ech.go +++ b/ech.go @@ -378,7 +378,7 @@ func decodeInnerClientHello(outer *clientHelloMsg, encoded []byte) (*clientHello } if !bytes.Equal(inner.encryptedClientHello, []byte{uint8(innerECHExt)}) { - return nil, errors.New("tls: client sent invalid encrypted_client_hello extension") + return nil, errInvalidECHExt } if len(inner.supportedVersions) != 1 || (len(inner.supportedVersions) >= 1 && inner.supportedVersions[0] != VersionTLS13) { @@ -481,6 +481,7 @@ func (e *ECHRejectionError) Error() string { } var errMalformedECHExt = errors.New("tls: malformed encrypted_client_hello extension") +var errInvalidECHExt = errors.New("tls: client sent invalid encrypted_client_hello extension") type echExtType uint8 @@ -507,7 +508,7 @@ func parseECHExt(ext []byte) (echType echExtType, cs echCipher, configID uint8, return echType, cs, 0, nil, nil, nil } if echType != outerECHExt { - err = errMalformedECHExt + err = errInvalidECHExt return } if !s.ReadUint16(&cs.KDFID) { @@ -549,8 +550,13 @@ func marshalEncryptedClientHelloConfigList(configs []EncryptedClientHelloKey) ([ func (c *Conn) processECHClientHello(outer *clientHelloMsg) (*clientHelloMsg, *echServerContext, error) { echType, echCiphersuite, configID, encap, payload, err := parseECHExt(outer.encryptedClientHello) if err != nil { - c.sendAlert(alertDecodeError) - return nil, nil, errors.New("tls: client sent invalid encrypted_client_hello extension") + if errors.Is(err, errInvalidECHExt) { + c.sendAlert(alertIllegalParameter) + } else { + c.sendAlert(alertDecodeError) + } + + return nil, nil, errInvalidECHExt } if echType == innerECHExt { @@ -597,7 +603,7 @@ func (c *Conn) processECHClientHello(outer *clientHelloMsg) (*clientHelloMsg, *e echInner, err := decodeInnerClientHello(outer, encodedInner) if err != nil { c.sendAlert(alertIllegalParameter) - return nil, nil, errors.New("tls: client sent invalid encrypted_client_hello extension") + return nil, nil, errInvalidECHExt } c.echAccepted = true