diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-03-28 19:17:21 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-03-28 19:17:21 +0700 |
| commit | 425104bf259c04c971c67ff2fcd6da3df02167f1 (patch) | |
| tree | cce5ddda53678f94a75db1eb9d06f996345e0571 | |
| parent | Fix TLS 1.3 Export Keying Material (diff) | |
| download | BouncyCastle.NET-ed25519-425104bf259c04c971c67ff2fcd6da3df02167f1.tar.xz | |
Improve IsSupportedCipherSuite
| -rw-r--r-- | crypto/src/tls/TlsUtilities.cs | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs index 1d9759bca..05d38c59c 100644 --- a/crypto/src/tls/TlsUtilities.cs +++ b/crypto/src/tls/TlsUtilities.cs @@ -4146,9 +4146,22 @@ namespace Org.BouncyCastle.Tls public static bool IsSupportedCipherSuite(TlsCrypto crypto, int cipherSuite) { - return IsSupportedKeyExchange(crypto, GetKeyExchangeAlgorithm(cipherSuite)) - && crypto.HasEncryptionAlgorithm(GetEncryptionAlgorithm(cipherSuite)) - && crypto.HasMacAlgorithm(GetMacAlgorithm(cipherSuite)); + int keyExchangeAlgorithm = GetKeyExchangeAlgorithm(cipherSuite); + if (!IsSupportedKeyExchange(crypto, keyExchangeAlgorithm)) + return false; + + int encryptionAlgorithm = GetEncryptionAlgorithm(cipherSuite); + if (encryptionAlgorithm < 0 || !crypto.HasEncryptionAlgorithm(encryptionAlgorithm)) + return false; + + int macAlgorithm = GetMacAlgorithm(cipherSuite); + if (macAlgorithm != MacAlgorithm.cls_null) + { + if (macAlgorithm < 0 || !crypto.HasMacAlgorithm(macAlgorithm)) + return false; + } + + return true; } public static bool IsSupportedKeyExchange(TlsCrypto crypto, int keyExchangeAlgorithm) |