Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1426 from drwetter/fix_1425

Browse Source 
Fix bits errors in OpenBSDs
This commit is contained in:
Dirk Wetter 2020-01-08 11:43:07 +01:00 committed by GitHub
commit 25913cfa4f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
testssl.sh
View File

@ -10434,8 +10434,10 @@ get_pub_key_size() {
"$HAS_PKEY" || return 1 "$HAS_PKEY" || return 1
# OpenSSL displays the number of bits for RSA and ECC # OpenSSL displays the number of bits for RSA and ECC
pubkeybits=$($OPENSSL x509 -noout -pubkey -in $HOSTCERT 2>>$ERRFILE | $OPENSSL pkey -pubin -text 2>>$ERRFILE | grep -aw "Public-Key:" | sed -e 's/.*(//' -e 's/)//') pubkeybits=$($OPENSSL x509 -noout -pubkey -in $HOSTCERT 2>>$ERRFILE | $OPENSSL pkey -pubin -text 2>>$ERRFILE | awk -F'(' '/Public-Key/ { print $2 }')
if [[ -n $pubkeybits ]]; then if [[ -n $pubkeybits ]]; then
# remainder e.g. "256 bit)"
pubkeybits="${pubkeybits//\)/}"
echo "Server public key is $pubkeybits" >> $TMPFILE echo "Server public key is $pubkeybits" >> $TMPFILE
else else
# This extracts the public key for DSA, DH, and GOST # This extracts the public key for DSA, DH, and GOST
@ -16381,7 +16383,8 @@ run_robot() {
local rnd_pms="aa112233445566778899112233445566778899112233445566778899112233445566778899112233445566778899" local rnd_pms="aa112233445566778899112233445566778899112233445566778899112233445566778899112233445566778899"
local change_cipher_spec finished resp local change_cipher_spec finished resp
local -a response local -a response
local -i i subret len iteration testnum pubkeybits pubkeybytes local -i i subret len iteration testnum pubkeybytes
local pubkeybits
local vulnerable=false send_ccs_finished=true local vulnerable=false send_ccs_finished=true
local -i start_time end_time robottimeout=$MAX_WAITSOCK local -i start_time end_time robottimeout=$MAX_WAITSOCK
local cve="CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168" local cve="CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168"
@ -16479,8 +16482,8 @@ run_robot() {
# <random> should be a length that makes total length of $padded_pms # <random> should be a length that makes total length of $padded_pms
# the same as the length of the public key. <random> should contain no 00 bytes. # the same as the length of the public key. <random> should contain no 00 bytes.
pubkeybits="$($OPENSSL x509 -noout -pubkey -in $HOSTCERT 2>>$ERRFILE | \ pubkeybits="$($OPENSSL x509 -noout -pubkey -in $HOSTCERT 2>>$ERRFILE | \
$OPENSSL pkey -pubin -text 2>>$ERRFILE | grep -aw "Public-Key:" | \ $OPENSSL pkey -pubin -text 2>>$ERRFILE | awk -F'(' '/Public-Key/ { print $2 }')"
sed -e 's/.*(//' -e 's/ bit)//')" pubkeybits="${pubkeybits%%bit*}"
pubkeybytes=$pubkeybits/8 pubkeybytes=$pubkeybits/8
[[ $((pubkeybits%8)) -ne 0 ]] && pubkeybytes+=1 [[ $((pubkeybits%8)) -ne 0 ]] && pubkeybytes+=1
rnd_pad="" rnd_pad=""