Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #585 from dcooper16/show_selected_curve

Browse Source 
Show selected curve
This commit is contained in:
Dirk Wetter
2017-01-14 12:12:33 +01:00
committed by GitHub
parent 32ef531cd1 42da64d601
commit 354e0ed31a
1 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
testssl.sh
View File

@@ -4498,7 +4498,7 @@ run_std_cipherlists() {
# arg1: file with input for grepping the bit length for ECDH/DHE # arg1: file with input for grepping the bit length for ECDH/DHE
# arg2: whether to print warning "old fart" or not (empty: no) # arg2: whether to print warning "old fart" or not (empty: no)
read_dhbits_from_file() { read_dhbits_from_file() {
local bits what_dh temp local bits what_dh temp curve=""
local add="" local add=""
local old_fart=" (openssl cannot show DH bits)" local old_fart=" (openssl cannot show DH bits)"
@@ -4506,14 +4506,23 @@ read_dhbits_from_file() {
what_dh=$(awk -F',' '{ print $1 }' <<< $temp) what_dh=$(awk -F',' '{ print $1 }' <<< $temp)
bits=$(awk -F',' '{ print $3 }' <<< $temp) bits=$(awk -F',' '{ print $3 }' <<< $temp)
# RH's backport has the DH bits in second arg after comma # RH's backport has the DH bits in second arg after comma
grep -q bits <<< $bits || bits=$(awk -F',' '{ print $2 }' <<< $temp) if grep -q bits <<< $bits; then
curve="$(strip_spaces "$(awk -F',' '{ print $2 }' <<< $temp)")"
else
bits=$(awk -F',' '{ print $2 }' <<< $temp)
fi
bits=$(tr -d ' bits' <<< $bits) bits=$(tr -d ' bits' <<< $bits)
if [[ "$what_dh" == "X25519" ]] || [[ "$what_dh" == "X448" ]]; then if [[ "$what_dh" == "X25519" ]] || [[ "$what_dh" == "X448" ]]; then
curve="$what_dh"
what_dh="ECDH" what_dh="ECDH"
fi fi
if [[ -n "$curve" ]]; then
debugme echo ">$HAS_DH_BITS|$what_dh($curve)|$bits<"
else
debugme echo ">$HAS_DH_BITS|$what_dh|$bits<" debugme echo ">$HAS_DH_BITS|$what_dh|$bits<"
fi
[[ -n "$what_dh" ]] && HAS_DH_BITS=true # FIX 190 [[ -n "$what_dh" ]] && HAS_DH_BITS=true # FIX 190
if [[ -z "$what_dh" ]] && ! "$HAS_DH_BITS"; then if [[ -z "$what_dh" ]] && ! "$HAS_DH_BITS"; then
@@ -4525,7 +4534,10 @@ read_dhbits_from_file() {
[[ -n "$bits" ]] && [[ -z "$2" ]] && out ", " [[ -n "$bits" ]] && [[ -z "$2" ]] && out ", "
if [[ $what_dh == "DH" ]] || [[ $what_dh == "EDH" ]]; then if [[ $what_dh == "DH" ]] || [[ $what_dh == "EDH" ]]; then
[[ -z "$2" ]] && add="bit DH" if [[ -z "$2" ]]; then
add="bit DH"
[[ -n "$curve" ]] && add+=" ($curve)"
fi
if [[ "$bits" -le 600 ]]; then if [[ "$bits" -le 600 ]]; then
pr_svrty_critical "$bits $add" pr_svrty_critical "$bits $add"
elif [[ "$bits" -le 800 ]]; then elif [[ "$bits" -le 800 ]]; then
@@ -4539,7 +4551,10 @@ read_dhbits_from_file() {
fi fi
# https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography, http://www.keylength.com/en/compare/ # https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography, http://www.keylength.com/en/compare/
elif [[ $what_dh == "ECDH" ]]; then elif [[ $what_dh == "ECDH" ]]; then
[[ -z "$2" ]] && add="bit ECDH" if [[ -z "$2" ]]; then
add="bit ECDH"
[[ -n "$curve" ]] && add+=" ($curve)"
fi
if [[ "$bits" -le 80 ]]; then # has that ever existed? if [[ "$bits" -le 80 ]]; then # has that ever existed?
pr_svrty_critical "$bits $add" pr_svrty_critical "$bits $add"
elif [[ "$bits" -le 108 ]]; then # has that ever existed? elif [[ "$bits" -le 108 ]]; then # has that ever existed?