Adding upstream version 1.34.4.

Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-05-24 07:26:29 +02:00 · 2025-05-24 07:26:29 +02:00 · 4978089aab
commit 4978089aab
parent e393c3af3f
4963 changed files with 677545 additions and 0 deletions
--- a/plugins/common/tls/utils.go
+++ b/plugins/common/tls/utils.go
@ -0,0 +1,112 @@
+package tls
+
+import (
+	"errors"
+	"fmt"
+	"sort"
+	"strings"
+)
+
+var ErrCipherUnsupported = errors.New("unsupported cipher")
+
+// InsecureCiphers returns the list of insecure ciphers among the list of given ciphers
+func InsecureCiphers(ciphers []string) []string {
+	var insecure []string
+
+	for _, c := range ciphers {
+		cipher := strings.ToUpper(c)
+		if _, ok := tlsCipherMapInsecure[cipher]; ok {
+			insecure = append(insecure, c)
+		}
+	}
+
+	return insecure
+}
+
+// Ciphers returns the list of supported ciphers
+func Ciphers() (secure, insecure []string) {
+	for c := range tlsCipherMapSecure {
+		secure = append(secure, c)
+	}
+
+	for c := range tlsCipherMapInsecure {
+		insecure = append(insecure, c)
+	}
+
+	return secure, insecure
+}
+
+// ParseCiphers returns a `[]uint16` by received `[]string` key that represents ciphers from crypto/tls.
+// If some of ciphers in received list doesn't exists  ParseCiphers returns nil with error
+func ParseCiphers(ciphers []string) ([]uint16, error) {
+	suites := make([]uint16, 0)
+	added := make(map[uint16]bool, len(ciphers))
+	for _, c := range ciphers {
+		// Handle meta-keywords
+		switch c {
+		case "all":
+			for _, id := range tlsCipherMapInsecure {
+				if added[id] {
+					continue
+				}
+				suites = append(suites, id)
+				added[id] = true
+			}
+			for _, id := range tlsCipherMapSecure {
+				if added[id] {
+					continue
+				}
+				suites = append(suites, id)
+				added[id] = true
+			}
+		case "insecure":
+			for _, id := range tlsCipherMapInsecure {
+				if added[id] {
+					continue
+				}
+				suites = append(suites, id)
+				added[id] = true
+			}
+		case "secure":
+			for _, id := range tlsCipherMapSecure {
+				if added[id] {
+					continue
+				}
+				suites = append(suites, id)
+				added[id] = true
+			}
+		default:
+			cipher := strings.ToUpper(c)
+			id, ok := tlsCipherMapSecure[cipher]
+			if !ok {
+				idInsecure, ok := tlsCipherMapInsecure[cipher]
+				if !ok {
+					return nil, fmt.Errorf("%q %w", cipher, ErrCipherUnsupported)
+				}
+				id = idInsecure
+			}
+			if added[id] {
+				continue
+			}
+			suites = append(suites, id)
+			added[id] = true
+		}
+	}
+
+	return suites, nil
+}
+
+// ParseTLSVersion returns a `uint16` by received version string key that represents tls version from crypto/tls.
+// If version isn't supported ParseTLSVersion returns 0 with error
+func ParseTLSVersion(version string) (uint16, error) {
+	if v, ok := tlsVersionMap[version]; ok {
+		return v, nil
+	}
+
+	available := make([]string, 0, len(tlsVersionMap))
+	for n := range tlsVersionMap {
+		available = append(available, n)
+	}
+	sort.Strings(available)
+	return 0, fmt.Errorf("unsupported version %q (available: %s)", version, strings.Join(available, ","))
+}