diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2024-04-05 14:11:01 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2024-04-05 14:11:01 +0700 |
commit | 54b33eeed23616a375b1ba83a4cf2a596377bfd9 (patch) | |
tree | d6b38c0a0e9c2fc4b87f063912f732a0a96bdc9b /crypto | |
parent | Ed448 regression tests for infinite loop (diff) | |
download | BouncyCastle.NET-ed25519-54b33eeed23616a375b1ba83a4cf2a596377bfd9.tar.xz |
DTLS: more robust exclusion of stream ciphers
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/src/tls/DtlsProtocol.cs | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/crypto/src/tls/DtlsProtocol.cs b/crypto/src/tls/DtlsProtocol.cs index 566d07cb4..73e9a4070 100644 --- a/crypto/src/tls/DtlsProtocol.cs +++ b/crypto/src/tls/DtlsProtocol.cs @@ -76,15 +76,14 @@ namespace Org.BouncyCastle.Tls /// <exception cref="IOException"/> internal static int ValidateSelectedCipherSuite(int selectedCipherSuite, short alertDescription) { - switch (TlsUtilities.GetEncryptionAlgorithm(selectedCipherSuite)) + int encryptionAlgorithm = TlsUtilities.GetEncryptionAlgorithm(selectedCipherSuite); + if (EncryptionAlgorithm.NULL != encryptionAlgorithm) { - case EncryptionAlgorithm.RC4_40: - case EncryptionAlgorithm.RC4_128: - case -1: - throw new TlsFatalAlert(alertDescription); - default: - return selectedCipherSuite; + int cipherType = TlsUtilities.GetEncryptionAlgorithmType(encryptionAlgorithm); + if (cipherType < 0 || CipherType.stream == cipherType) + throw new TlsFatalAlert(alertDescription); } + return selectedCipherSuite; } } } |