From 1fddbc3b4449cefb03ed2d0d2a335b3846060c62 Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Wed, 17 Oct 2018 09:56:54 -0400
Subject: [PATCH] Use get_common_prime()

This commit changes the code in run_pfs() to use the get_common_prime() helper function.
---
 testssl.sh | 25 ++++++-------------------
 1 file changed, 6 insertions(+), 19 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index f1d2220..64d0def 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -8443,9 +8443,8 @@ run_pfs() {
      local -i nr_supported_ciphers=0 nr_curves=0 nr_ossl_curves=0 i j low high
      local pfs_ciphers curves_offered="" curves_to_test temp
      local len1 len2 curve_found
-     local key_bitstring dh_p quality_str
-     local -i lineno_matched len_dh_p quality
-     local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt"
+     local key_bitstring quality_str
+     local -i len_dh_p quality
      local has_dh_bits="$HAS_DH_BITS"
      local using_sockets=true
      local jsonID="PFS"
@@ -8851,23 +8850,11 @@ run_pfs() {
                     curve_found="${curve_found%%,*}"
                fi
           fi
-          if [[ -z "$curves_offered" ]] && [[ -n "$curve_found" ]] && [[ -s "$common_primes_file" ]]; then
+          if [[ -z "$curves_offered" ]] && [[ -n "$curve_found" ]]; then
                # The server is not using one of the groups from RFC 7919.
                key_bitstring="$(awk '/-----BEGIN PUBLIC KEY/,/-----END PUBLIC KEY/ { print $0 }' $TEMPDIR/$NODEIP.parse_tls_serverhello.txt)"
-               dh_p="$($OPENSSL pkey -pubin -text -noout 2>>$ERRFILE <<< "$key_bitstring" | awk '/prime:/,/generator:/' | egrep -v "prime|generator")"
-               dh_p="$(strip_spaces "$(colon_to_spaces "$(newline_to_spaces "$dh_p")")")"
-               [[ "${dh_p:0:2}" == "00" ]] && dh_p="${dh_p:2}"
-               len_dh_p=$((4*${#dh_p}))
-               debugme tmln_out "len(dh_p): $len_dh_p  |  dh_p: $dh_p"
-               dh_p="$(toupper "$dh_p")"
-               # In the previous line of the match is bascially the hint we want to echo
-               # the most elegant thing to get the previous line [ awk '/regex/ { print x }; { x=$0 }' ] doesn't work with gawk
-               lineno_matched=$(grep -n "$dh_p" "$common_primes_file" 2>/dev/null | awk -F':' '{ print $1 }')
-               if [[ "$lineno_matched" -ne 0 ]]; then
-                    curves_offered="$(awk "NR == $lineno_matched-1" "$common_primes_file" | awk -F'"' '{ print $2 }')"
-               else
-                    curves_offered="unrecognized group"
-               fi
+               get_common_prime "$jsonID" "$key_bitstring" ""
+               [[ $? -eq 0 ]] && curves_offered="$DH_GROUP_OFFERED" && len_dh_p=$DH_GROUP_LEN_P
           fi
           if [[ -n "$curves_offered" ]]; then
                if [[ ! "$curves_offered" =~ ffdhe ]] || [[ ! "$curves_offered" =~ \  ]]; then
@@ -8892,7 +8879,7 @@ run_pfs() {
                     5) quality_str="INFO" ;;
                     6|7) quality_str="OK" ;;
                esac
-               if [[ "$curves_offered" == "unrecognized group" ]]; then
+               if [[ "$curves_offered" =~ Unknown ]]; then
                     fileout "DHE_groups" "$quality_str" "$curves_offered ($len_dh_p bits)"
                else
                     fileout "DHE_groups" "$quality_str" "$curves_offered"