v1.7.1
FIX: * cryptparse/ParseCipher* funcs were not properly building cipher name comparison map
This commit is contained in:
parent
0318a9759b
commit
4cb0403e08
@ -128,7 +128,7 @@ func ParseTlsCipher(s string) (cipherSuite uint16, err error) {
|
|||||||
if tlsCipherNmToUint == nil {
|
if tlsCipherNmToUint == nil {
|
||||||
tlsCipherNmToUint = make(map[string]uint16)
|
tlsCipherNmToUint = make(map[string]uint16)
|
||||||
for i = 0; i <= MaxTlsCipher; i++ {
|
for i = 0; i <= MaxTlsCipher; i++ {
|
||||||
if nm = tls.VersionName(i); !strings.HasPrefix(nm, "0x") {
|
if nm = tls.CipherSuiteName(i); !strings.HasPrefix(nm, "0x") {
|
||||||
tlsCipherNmToUint[nm] = i
|
tlsCipherNmToUint[nm] = i
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -142,7 +142,7 @@ func ParseTlsCipher(s string) (cipherSuite uint16, err error) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// ParseTlsCipherStrict is like ParseTlsCipher, but an ErrUnknownCipher error will be raised if no matching cipher is found.
|
// ParseTlsCipherStrict is like ParseTlsCipher, but an ErrBadTlsCipher or ErrUnknownCipher error will be raised if no matching cipher is found.
|
||||||
func ParseTlsCipherStrict(s string) (cipherSuite uint16, err error) {
|
func ParseTlsCipherStrict(s string) (cipherSuite uint16, err error) {
|
||||||
|
|
||||||
var nm string
|
var nm string
|
||||||
@ -177,7 +177,7 @@ func ParseTlsCipherStrict(s string) (cipherSuite uint16, err error) {
|
|||||||
if tlsCipherNmToUint == nil {
|
if tlsCipherNmToUint == nil {
|
||||||
tlsCipherNmToUint = make(map[string]uint16)
|
tlsCipherNmToUint = make(map[string]uint16)
|
||||||
for i = 0; i <= MaxTlsCipher; i++ {
|
for i = 0; i <= MaxTlsCipher; i++ {
|
||||||
if nm = tls.VersionName(i); !strings.HasPrefix(nm, "0x") {
|
if nm = tls.CipherSuiteName(i); !strings.HasPrefix(nm, "0x") {
|
||||||
tlsCipherNmToUint[nm] = i
|
tlsCipherNmToUint[nm] = i
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -248,7 +248,7 @@ func ParseTlsCipherSuite(s string) (cipherSuite *tls.CipherSuite, err error) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// ParseTlsCipherSuiteStrict is like ParseTlsCipherSuite, but an ErrUnknownCipher error will be raised if no matching cipher is found.
|
// ParseTlsCipherSuiteStrict is like ParseTlsCipherSuite, but an ErrBadTlsCipher or ErrUnknownCipher error will be raised if no matching cipher is found.
|
||||||
func ParseTlsCipherSuiteStrict(s string) (cipherSuite *tls.CipherSuite, err error) {
|
func ParseTlsCipherSuiteStrict(s string) (cipherSuite *tls.CipherSuite, err error) {
|
||||||
|
|
||||||
var cipherId uint16
|
var cipherId uint16
|
||||||
|
37
cryptparse/funcs_test.go
Normal file
37
cryptparse/funcs_test.go
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
package cryptparse
|
||||||
|
|
||||||
|
import (
|
||||||
|
`crypto/tls`
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestCiphers(t *testing.T) {
|
||||||
|
|
||||||
|
var err error
|
||||||
|
var cs *tls.CipherSuite
|
||||||
|
|
||||||
|
// Good ciphers
|
||||||
|
for _, cn := range []string{
|
||||||
|
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
|
||||||
|
"tls ecdhe ecdsa with chacha20 poly1305 sha256",
|
||||||
|
} {
|
||||||
|
if cs, err = ParseTlsCipherSuiteStrict(cn); err != nil {
|
||||||
|
t.Fatalf("ERROR parsing good cipher '%s': %v", cn, err)
|
||||||
|
}
|
||||||
|
if cs.Name != cn {
|
||||||
|
t.Logf("Cipher name change: '%s' => '%s'", cn, cs.Name)
|
||||||
|
}
|
||||||
|
t.Logf("Cipher for '%s':\n%#v", cn, cs)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Bad ciphers
|
||||||
|
for _, cn := range []string{
|
||||||
|
"TLS_BAD_CIPHER",
|
||||||
|
} {
|
||||||
|
if cs, err = ParseTlsCipherSuiteStrict(cn); err == nil {
|
||||||
|
t.Fatalf("ERROR parsing bad cipher '%s'; err is nil", cn)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
_ = cs
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user