diff options
| -rw-r--r-- | crypto/BouncyCastle.Android.csproj | 1 | ||||
| -rw-r--r-- | crypto/BouncyCastle.csproj | 1 | ||||
| -rw-r--r-- | crypto/BouncyCastle.iOS.csproj | 1 | ||||
| -rw-r--r-- | crypto/crypto.csproj | 5 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/TlsNoCloseNotifyException.cs | 19 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/TlsProtocol.cs | 4 |
6 files changed, 28 insertions, 3 deletions
diff --git a/crypto/BouncyCastle.Android.csproj b/crypto/BouncyCastle.Android.csproj index 13ca4f05c..541b534cd 100644 --- a/crypto/BouncyCastle.Android.csproj +++ b/crypto/BouncyCastle.Android.csproj @@ -1067,6 +1067,7 @@ <Compile Include="src\crypto\tls\TlsHandshakeHash.cs" /> <Compile Include="src\crypto\tls\TlsKeyExchange.cs" /> <Compile Include="src\crypto\tls\TlsMac.cs" /> + <Compile Include="src\crypto\tls\TlsNoCloseNotifyException.cs" /> <Compile Include="src\crypto\tls\TlsNullCipher.cs" /> <Compile Include="src\crypto\tls\TlsNullCompression.cs" /> <Compile Include="src\crypto\tls\TlsPeer.cs" /> diff --git a/crypto/BouncyCastle.csproj b/crypto/BouncyCastle.csproj index f72c9c527..31910f963 100644 --- a/crypto/BouncyCastle.csproj +++ b/crypto/BouncyCastle.csproj @@ -1061,6 +1061,7 @@ <Compile Include="src\crypto\tls\TlsHandshakeHash.cs" /> <Compile Include="src\crypto\tls\TlsKeyExchange.cs" /> <Compile Include="src\crypto\tls\TlsMac.cs" /> + <Compile Include="src\crypto\tls\TlsNoCloseNotifyException.cs" /> <Compile Include="src\crypto\tls\TlsNullCipher.cs" /> <Compile Include="src\crypto\tls\TlsNullCompression.cs" /> <Compile Include="src\crypto\tls\TlsPeer.cs" /> diff --git a/crypto/BouncyCastle.iOS.csproj b/crypto/BouncyCastle.iOS.csproj index b3bf7b4fa..f9269337a 100644 --- a/crypto/BouncyCastle.iOS.csproj +++ b/crypto/BouncyCastle.iOS.csproj @@ -1062,6 +1062,7 @@ <Compile Include="src\crypto\tls\TlsHandshakeHash.cs" /> <Compile Include="src\crypto\tls\TlsKeyExchange.cs" /> <Compile Include="src\crypto\tls\TlsMac.cs" /> + <Compile Include="src\crypto\tls\TlsNoCloseNotifyException.cs" /> <Compile Include="src\crypto\tls\TlsNullCipher.cs" /> <Compile Include="src\crypto\tls\TlsNullCompression.cs" /> <Compile Include="src\crypto\tls\TlsPeer.cs" /> diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj index 6f1fdcf61..fe6b5fa1c 100644 --- a/crypto/crypto.csproj +++ b/crypto/crypto.csproj @@ -5194,6 +5194,11 @@ BuildAction = "Compile" /> <File + RelPath = "src\crypto\tls\TlsNoCloseNotifyException.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\crypto\tls\TlsNullCipher.cs" SubType = "Code" BuildAction = "Compile" diff --git a/crypto/src/crypto/tls/TlsNoCloseNotifyException.cs b/crypto/src/crypto/tls/TlsNoCloseNotifyException.cs new file mode 100644 index 000000000..72159ba47 --- /dev/null +++ b/crypto/src/crypto/tls/TlsNoCloseNotifyException.cs @@ -0,0 +1,19 @@ +using System; +using System.IO; + +namespace Org.BouncyCastle.Crypto.Tls +{ + /// <summary> + /// This exception will be thrown(only) when the connection is closed by the peer without sending a + /// <code cref="AlertDescription.close_notify">close_notify</code> warning alert. + /// </summary> + /// <remarks> + /// If this happens, the TLS protocol cannot rule out truncation of the connection data (potentially + /// malicious). It may be possible to check for truncation via some property of a higher level protocol + /// built upon TLS, e.g.the Content-Length header for HTTPS. + /// </remarks> + public class TlsNoCloseNotifyException + : EndOfStreamException + { + } +} diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs index 6d5c93f40..98c6399d3 100644 --- a/crypto/src/crypto/tls/TlsProtocol.cs +++ b/crypto/src/crypto/tls/TlsProtocol.cs @@ -488,9 +488,7 @@ namespace Org.BouncyCastle.Crypto.Tls { if (!mRecordStream.ReadRecord()) { - // TODO It would be nicer to allow graceful connection close if between records - // this.FailWithError(AlertLevel.warning, AlertDescription.close_notify); - throw new EndOfStreamException(); + throw new TlsNoCloseNotifyException(); } } catch (TlsFatalAlert e) |