summary refs log tree commit diff
path: root/crypto
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2024-04-05 14:11:01 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2024-04-05 14:11:01 +0700
commit54b33eeed23616a375b1ba83a4cf2a596377bfd9 (patch)
treed6b38c0a0e9c2fc4b87f063912f732a0a96bdc9b /crypto
parentEd448 regression tests for infinite loop (diff)
downloadBouncyCastle.NET-ed25519-54b33eeed23616a375b1ba83a4cf2a596377bfd9.tar.xz
DTLS: more robust exclusion of stream ciphers
Diffstat (limited to 'crypto')
-rw-r--r--crypto/src/tls/DtlsProtocol.cs13
1 files changed, 6 insertions, 7 deletions
diff --git a/crypto/src/tls/DtlsProtocol.cs b/crypto/src/tls/DtlsProtocol.cs
index 566d07cb4..73e9a4070 100644
--- a/crypto/src/tls/DtlsProtocol.cs
+++ b/crypto/src/tls/DtlsProtocol.cs
@@ -76,15 +76,14 @@ namespace Org.BouncyCastle.Tls
         /// <exception cref="IOException"/>
         internal static int ValidateSelectedCipherSuite(int selectedCipherSuite, short alertDescription)
         {
-            switch (TlsUtilities.GetEncryptionAlgorithm(selectedCipherSuite))
+            int encryptionAlgorithm = TlsUtilities.GetEncryptionAlgorithm(selectedCipherSuite);
+            if (EncryptionAlgorithm.NULL != encryptionAlgorithm)
             {
-            case EncryptionAlgorithm.RC4_40:
-            case EncryptionAlgorithm.RC4_128:
-            case -1:
-                throw new TlsFatalAlert(alertDescription);
-            default:
-                return selectedCipherSuite;
+                int cipherType = TlsUtilities.GetEncryptionAlgorithmType(encryptionAlgorithm);
+                if (cipherType < 0 || CipherType.stream == cipherType)
+                    throw new TlsFatalAlert(alertDescription);
             }
+            return selectedCipherSuite;
         }
     }
 }