From 4cb0403e0873d8678d37b6e29680492e2d7e118d Mon Sep 17 00:00:00 2001
From: brent saner <brent.saner@gmail.com>
Date: Mon, 9 Sep 2024 13:42:56 -0400
Subject: [PATCH] v1.7.1

FIX:
* cryptparse/ParseCipher* funcs were not properly building cipher name
  comparison map
---
 cryptparse/funcs.go      |  8 ++++----
 cryptparse/funcs_test.go | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 4 deletions(-)
 create mode 100644 cryptparse/funcs_test.go

diff --git a/cryptparse/funcs.go b/cryptparse/funcs.go
index 142778d..61052b8 100644
--- a/cryptparse/funcs.go
+++ b/cryptparse/funcs.go
@@ -128,7 +128,7 @@ func ParseTlsCipher(s string) (cipherSuite uint16, err error) {
 	if tlsCipherNmToUint == nil {
 		tlsCipherNmToUint = make(map[string]uint16)
 		for i = 0; i <= MaxTlsCipher; i++ {
-			if nm = tls.VersionName(i); !strings.HasPrefix(nm, "0x") {
+			if nm = tls.CipherSuiteName(i); !strings.HasPrefix(nm, "0x") {
 				tlsCipherNmToUint[nm] = i
 			}
 		}
@@ -142,7 +142,7 @@ func ParseTlsCipher(s string) (cipherSuite uint16, err error) {
 	return
 }
 
-// ParseTlsCipherStrict is like ParseTlsCipher, but an ErrUnknownCipher error will be raised if no matching cipher is found.
+// ParseTlsCipherStrict is like ParseTlsCipher, but an ErrBadTlsCipher or ErrUnknownCipher error will be raised if no matching cipher is found.
 func ParseTlsCipherStrict(s string) (cipherSuite uint16, err error) {
 
 	var nm string
@@ -177,7 +177,7 @@ func ParseTlsCipherStrict(s string) (cipherSuite uint16, err error) {
 	if tlsCipherNmToUint == nil {
 		tlsCipherNmToUint = make(map[string]uint16)
 		for i = 0; i <= MaxTlsCipher; i++ {
-			if nm = tls.VersionName(i); !strings.HasPrefix(nm, "0x") {
+			if nm = tls.CipherSuiteName(i); !strings.HasPrefix(nm, "0x") {
 				tlsCipherNmToUint[nm] = i
 			}
 		}
@@ -248,7 +248,7 @@ func ParseTlsCipherSuite(s string) (cipherSuite *tls.CipherSuite, err error) {
 	return
 }
 
-// ParseTlsCipherSuiteStrict is like ParseTlsCipherSuite, but an ErrUnknownCipher error will be raised if no matching cipher is found.
+// ParseTlsCipherSuiteStrict is like ParseTlsCipherSuite, but an ErrBadTlsCipher or ErrUnknownCipher error will be raised if no matching cipher is found.
 func ParseTlsCipherSuiteStrict(s string) (cipherSuite *tls.CipherSuite, err error) {
 
 	var cipherId uint16
diff --git a/cryptparse/funcs_test.go b/cryptparse/funcs_test.go
new file mode 100644
index 0000000..b491a5a
--- /dev/null
+++ b/cryptparse/funcs_test.go
@@ -0,0 +1,37 @@
+package cryptparse
+
+import (
+	`crypto/tls`
+	"testing"
+)
+
+func TestCiphers(t *testing.T) {
+
+	var err error
+	var cs *tls.CipherSuite
+
+	// Good ciphers
+	for _, cn := range []string{
+		"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+		"tls ecdhe ecdsa with chacha20 poly1305 sha256",
+	} {
+		if cs, err = ParseTlsCipherSuiteStrict(cn); err != nil {
+			t.Fatalf("ERROR parsing good cipher '%s': %v", cn, err)
+		}
+		if cs.Name != cn {
+			t.Logf("Cipher name change: '%s' => '%s'", cn, cs.Name)
+		}
+		t.Logf("Cipher for '%s':\n%#v", cn, cs)
+	}
+
+	// Bad ciphers
+	for _, cn := range []string{
+		"TLS_BAD_CIPHER",
+	} {
+		if cs, err = ParseTlsCipherSuiteStrict(cn); err == nil {
+			t.Fatalf("ERROR parsing bad cipher '%s'; err is nil", cn)
+		}
+	}
+
+	_ = cs
+}