FIX:
* cryptparse/ParseCipher* funcs were not properly building cipher name
  comparison map
This commit is contained in:
brent saner 2024-09-09 13:42:56 -04:00
parent 0318a9759b
commit 4cb0403e08
Signed by: bts
GPG Key ID: 8C004C2F93481F6B
2 changed files with 41 additions and 4 deletions

View File

@ -128,7 +128,7 @@ func ParseTlsCipher(s string) (cipherSuite uint16, err error) {
if tlsCipherNmToUint == nil { if tlsCipherNmToUint == nil {
tlsCipherNmToUint = make(map[string]uint16) tlsCipherNmToUint = make(map[string]uint16)
for i = 0; i <= MaxTlsCipher; i++ { for i = 0; i <= MaxTlsCipher; i++ {
if nm = tls.VersionName(i); !strings.HasPrefix(nm, "0x") { if nm = tls.CipherSuiteName(i); !strings.HasPrefix(nm, "0x") {
tlsCipherNmToUint[nm] = i tlsCipherNmToUint[nm] = i
} }
} }
@ -142,7 +142,7 @@ func ParseTlsCipher(s string) (cipherSuite uint16, err error) {
return return
} }


// ParseTlsCipherStrict is like ParseTlsCipher, but an ErrUnknownCipher error will be raised if no matching cipher is found. // ParseTlsCipherStrict is like ParseTlsCipher, but an ErrBadTlsCipher or ErrUnknownCipher error will be raised if no matching cipher is found.
func ParseTlsCipherStrict(s string) (cipherSuite uint16, err error) { func ParseTlsCipherStrict(s string) (cipherSuite uint16, err error) {


var nm string var nm string
@ -177,7 +177,7 @@ func ParseTlsCipherStrict(s string) (cipherSuite uint16, err error) {
if tlsCipherNmToUint == nil { if tlsCipherNmToUint == nil {
tlsCipherNmToUint = make(map[string]uint16) tlsCipherNmToUint = make(map[string]uint16)
for i = 0; i <= MaxTlsCipher; i++ { for i = 0; i <= MaxTlsCipher; i++ {
if nm = tls.VersionName(i); !strings.HasPrefix(nm, "0x") { if nm = tls.CipherSuiteName(i); !strings.HasPrefix(nm, "0x") {
tlsCipherNmToUint[nm] = i tlsCipherNmToUint[nm] = i
} }
} }
@ -248,7 +248,7 @@ func ParseTlsCipherSuite(s string) (cipherSuite *tls.CipherSuite, err error) {
return return
} }


// ParseTlsCipherSuiteStrict is like ParseTlsCipherSuite, but an ErrUnknownCipher error will be raised if no matching cipher is found. // ParseTlsCipherSuiteStrict is like ParseTlsCipherSuite, but an ErrBadTlsCipher or ErrUnknownCipher error will be raised if no matching cipher is found.
func ParseTlsCipherSuiteStrict(s string) (cipherSuite *tls.CipherSuite, err error) { func ParseTlsCipherSuiteStrict(s string) (cipherSuite *tls.CipherSuite, err error) {


var cipherId uint16 var cipherId uint16

37
cryptparse/funcs_test.go Normal file
View File

@ -0,0 +1,37 @@
package cryptparse

import (
`crypto/tls`
"testing"
)

func TestCiphers(t *testing.T) {

var err error
var cs *tls.CipherSuite

// Good ciphers
for _, cn := range []string{
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"tls ecdhe ecdsa with chacha20 poly1305 sha256",
} {
if cs, err = ParseTlsCipherSuiteStrict(cn); err != nil {
t.Fatalf("ERROR parsing good cipher '%s': %v", cn, err)
}
if cs.Name != cn {
t.Logf("Cipher name change: '%s' => '%s'", cn, cs.Name)
}
t.Logf("Cipher for '%s':\n%#v", cn, cs)
}

// Bad ciphers
for _, cn := range []string{
"TLS_BAD_CIPHER",
} {
if cs, err = ParseTlsCipherSuiteStrict(cn); err == nil {
t.Fatalf("ERROR parsing bad cipher '%s'; err is nil", cn)
}
}

_ = cs
}