From 7e3395f7bdc819fd5542446f8fb45c277fd64676 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Sat, 25 Mar 2023 20:49:35 +0700 Subject: RFC 9146: Update RecordStream for completeness --- crypto/src/tls/RecordStream.cs | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/crypto/src/tls/RecordStream.cs b/crypto/src/tls/RecordStream.cs index ed1c8d871..5b5ceff34 100644 --- a/crypto/src/tls/RecordStream.cs +++ b/crypto/src/tls/RecordStream.cs @@ -4,6 +4,7 @@ using System.IO; using System.Runtime.ExceptionServices; using Org.BouncyCastle.Tls.Crypto; +using Org.BouncyCastle.Tls.Crypto.Impl; using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Tls @@ -149,8 +150,19 @@ namespace Org.BouncyCastle.Tls // NOTE: For TLS 1.3, this only MIGHT be application data if (ContentType.application_data == recordType && m_handler.IsApplicationDataReady) { - applicationDataLimit = System.Math.Max(0, System.Math.Min(m_plaintextLimit, - m_readCipher.GetPlaintextLimit(length))); + var cipher = m_readCipher; + + int plaintextDecodeLimit; + if (cipher is AbstractTlsCipher abstractTlsCipher) + { + plaintextDecodeLimit = abstractTlsCipher.GetPlaintextDecodeLimit(length); + } + else + { + plaintextDecodeLimit = cipher.GetPlaintextLimit(length); + } + + applicationDataLimit = System.Math.Max(0, System.Math.Min(m_plaintextLimit, plaintextDecodeLimit)); } return new RecordPreview(recordSize, applicationDataLimit); -- cgit 1.4.1