diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2017-03-22 22:47:04 +1030 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2017-03-22 22:47:04 +1030 |
| commit | f3d758b0f79743e17123560508cd59a63b8607c1 (patch) | |
| tree | 83d1726b8e5d0e0399ba84bba6e1d3afcee7a3d8 | |
| parent | Simple refactoring to follow bc-java code (diff) | |
| download | BouncyCastle.NET-ed25519-f3d758b0f79743e17123560508cd59a63b8607c1.tar.xz | |
Use new TlsNoCloseNotifyException instead of generic EndOfStreamException
- New exception only used for this specific case, which should simplify the handling of possible truncations in application code.
| -rw-r--r-- | crypto/BouncyCastle.Android.csproj | 1 | ||||
| -rw-r--r-- | crypto/BouncyCastle.csproj | 1 | ||||
| -rw-r--r-- | crypto/BouncyCastle.iOS.csproj | 1 | ||||
| -rw-r--r-- | crypto/crypto.csproj | 5 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/TlsNoCloseNotifyException.cs | 19 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/TlsProtocol.cs | 4 |
6 files changed, 28 insertions, 3 deletions
diff --git a/crypto/BouncyCastle.Android.csproj b/crypto/BouncyCastle.Android.csproj index 13ca4f05c..541b534cd 100644 --- a/crypto/BouncyCastle.Android.csproj +++ b/crypto/BouncyCastle.Android.csproj @@ -1067,6 +1067,7 @@ <Compile Include="src\crypto\tls\TlsHandshakeHash.cs" /> <Compile Include="src\crypto\tls\TlsKeyExchange.cs" /> <Compile Include="src\crypto\tls\TlsMac.cs" /> + <Compile Include="src\crypto\tls\TlsNoCloseNotifyException.cs" /> <Compile Include="src\crypto\tls\TlsNullCipher.cs" /> <Compile Include="src\crypto\tls\TlsNullCompression.cs" /> <Compile Include="src\crypto\tls\TlsPeer.cs" /> diff --git a/crypto/BouncyCastle.csproj b/crypto/BouncyCastle.csproj index f72c9c527..31910f963 100644 --- a/crypto/BouncyCastle.csproj +++ b/crypto/BouncyCastle.csproj @@ -1061,6 +1061,7 @@ <Compile Include="src\crypto\tls\TlsHandshakeHash.cs" /> <Compile Include="src\crypto\tls\TlsKeyExchange.cs" /> <Compile Include="src\crypto\tls\TlsMac.cs" /> + <Compile Include="src\crypto\tls\TlsNoCloseNotifyException.cs" /> <Compile Include="src\crypto\tls\TlsNullCipher.cs" /> <Compile Include="src\crypto\tls\TlsNullCompression.cs" /> <Compile Include="src\crypto\tls\TlsPeer.cs" /> diff --git a/crypto/BouncyCastle.iOS.csproj b/crypto/BouncyCastle.iOS.csproj index b3bf7b4fa..f9269337a 100644 --- a/crypto/BouncyCastle.iOS.csproj +++ b/crypto/BouncyCastle.iOS.csproj @@ -1062,6 +1062,7 @@ <Compile Include="src\crypto\tls\TlsHandshakeHash.cs" /> <Compile Include="src\crypto\tls\TlsKeyExchange.cs" /> <Compile Include="src\crypto\tls\TlsMac.cs" /> + <Compile Include="src\crypto\tls\TlsNoCloseNotifyException.cs" /> <Compile Include="src\crypto\tls\TlsNullCipher.cs" /> <Compile Include="src\crypto\tls\TlsNullCompression.cs" /> <Compile Include="src\crypto\tls\TlsPeer.cs" /> diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj index 6f1fdcf61..fe6b5fa1c 100644 --- a/crypto/crypto.csproj +++ b/crypto/crypto.csproj @@ -5194,6 +5194,11 @@ BuildAction = "Compile" /> <File + RelPath = "src\crypto\tls\TlsNoCloseNotifyException.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\crypto\tls\TlsNullCipher.cs" SubType = "Code" BuildAction = "Compile" diff --git a/crypto/src/crypto/tls/TlsNoCloseNotifyException.cs b/crypto/src/crypto/tls/TlsNoCloseNotifyException.cs new file mode 100644 index 000000000..72159ba47 --- /dev/null +++ b/crypto/src/crypto/tls/TlsNoCloseNotifyException.cs @@ -0,0 +1,19 @@ +using System; +using System.IO; + +namespace Org.BouncyCastle.Crypto.Tls +{ + /// <summary> + /// This exception will be thrown(only) when the connection is closed by the peer without sending a + /// <code cref="AlertDescription.close_notify">close_notify</code> warning alert. + /// </summary> + /// <remarks> + /// If this happens, the TLS protocol cannot rule out truncation of the connection data (potentially + /// malicious). It may be possible to check for truncation via some property of a higher level protocol + /// built upon TLS, e.g.the Content-Length header for HTTPS. + /// </remarks> + public class TlsNoCloseNotifyException + : EndOfStreamException + { + } +} diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs index 6d5c93f40..98c6399d3 100644 --- a/crypto/src/crypto/tls/TlsProtocol.cs +++ b/crypto/src/crypto/tls/TlsProtocol.cs @@ -488,9 +488,7 @@ namespace Org.BouncyCastle.Crypto.Tls { if (!mRecordStream.ReadRecord()) { - // TODO It would be nicer to allow graceful connection close if between records - // this.FailWithError(AlertLevel.warning, AlertDescription.close_notify); - throw new EndOfStreamException(); + throw new TlsNoCloseNotifyException(); } } catch (TlsFatalAlert e) |