From 01997b8b818d4b8b73154d462f368f14737b2a4f Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 29 Nov 2016 11:58:49 -0500 Subject: [PATCH] run_rc4() sockets implementation This PR implements `run_rc4()` in a similar manner to `run_allciphers()` and `run_cipher_per_proto()` (in PR #541). The change doesn't seem to have much of an impact on speed, but when sockets are used it can detect ciphers that aren't locally supported by OpenSSL. --- testssl.sh | 232 ++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 196 insertions(+), 36 deletions(-) diff --git a/testssl.sh b/testssl.sh index 884c143..223ab64 100755 --- a/testssl.sh +++ b/testssl.sh @@ -8822,12 +8822,19 @@ run_lucky13() { # http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html run_rc4() { local -i rc4_offered=0 - local -i sclient_success - local hexcode dash rc4_cipher sslvers kx auth enc mac export - local rc4_ciphers_list="ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:DHE-DSS-RC4-SHA:AECDH-RC4-SHA:ADH-RC4-MD5:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RSA-PSK-RC4-SHA:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP-ADH-RC4-MD5:EXP-RC4-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5" - local rc4_ssl2_ciphers_list="RC4-MD5:RC4-64-MD5:EXP-RC4-MD5" - local rc4_detected="" - local available="" + local -i nr_ciphers=0 nr_ossl_ciphers=0 nr_nonossl_ciphers=0 ret + local n auth mac export hexc sslv2_ciphers_hex="" sslv2_ciphers_ossl="" s + local -a normalized_hexcode hexcode ciph sslvers kx enc export2 sigalg ossl_supported + local -i i + local -a ciphers_found ciphers_found2 hexcode2 ciph2 sslvers2 rfc_ciph2 + local -i -a index + local dhlen available="" ciphers_to_test supported_sslv2_ciphers addcmd="" + local has_dh_bits="$HAS_DH_BITS" rc4_detected="" + local using_sockets=true + + "$SSL_NATIVE" && using_sockets=false + "$FAST" && using_sockets=false + [[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln @@ -8838,62 +8845,215 @@ run_rc4() { fi pr_bold " RC4"; out " (CVE-2013-2566, CVE-2015-2808) " - $OPENSSL s_client -cipher $rc4_ciphers_list $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE >$ERRFILE) fi - if [[ $sclient_success -eq 0 ]]; then + + if "$using_sockets" && [[ -n "$sslv2_ciphers_hex" ]]; then + sslv2_sockets "${sslv2_ciphers_hex:2}" "true" + if [[ $? -eq 3 ]] && [[ "$V2_HELLO_CIPHERSPEC_LENGTH" -ne 0 ]]; then + supported_sslv2_ciphers="$(grep "Supported cipher: " "$TEMPDIR/$NODEIP.parse_sslv2_serverhello.txt")" + "$WIDE" && "$SHOW_SIGALGO" && s="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)" + for (( i=0 ; i$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE - else - $OPENSSL s_client -cipher $rc4_cipher $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $TMPFILE 2>$ERRFILE - fi - sclient_connect_successful $? $TMPFILE - sclient_success=$? # here we may have a fp with openssl < 1.0, TBC - if [[ $sclient_success -ne 0 ]] && ! "$SHOW_EACH_C"; then + for (( i=0 ; i