mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
Fix bits errors in OpenBSDs
The expression 'grep -aw "Public-Key:"' hiccuped on the colon under OpenBSD, so that any bitsize on a certificate had wrong values, see #1425. (FreeBSD was fine) This PR fixes that. It updates the expression by using awk and bash internal functions. The same problem occured in run_robot(). The strong typing of pubkeybits had to be relaxed to a dynamic typing, unless we choose to define a second string variable.
This commit is contained in:
parent
1fa0094b3b
commit
35e6adccc4
11
testssl.sh
11
testssl.sh
@ -10434,8 +10434,10 @@ get_pub_key_size() {
|
|||||||
"$HAS_PKEY" || return 1
|
"$HAS_PKEY" || return 1
|
||||||
|
|
||||||
# OpenSSL displays the number of bits for RSA and ECC
|
# OpenSSL displays the number of bits for RSA and ECC
|
||||||
pubkeybits=$($OPENSSL x509 -noout -pubkey -in $HOSTCERT 2>>$ERRFILE | $OPENSSL pkey -pubin -text 2>>$ERRFILE | grep -aw "Public-Key:" | sed -e 's/.*(//' -e 's/)//')
|
pubkeybits=$($OPENSSL x509 -noout -pubkey -in $HOSTCERT 2>>$ERRFILE | $OPENSSL pkey -pubin -text 2>>$ERRFILE | awk -F'(' '/Public-Key/ { print $2 }')
|
||||||
if [[ -n $pubkeybits ]]; then
|
if [[ -n $pubkeybits ]]; then
|
||||||
|
# remainder e.g. "256 bit)"
|
||||||
|
pubkeybits="${pubkeybits//\)/}"
|
||||||
echo "Server public key is $pubkeybits" >> $TMPFILE
|
echo "Server public key is $pubkeybits" >> $TMPFILE
|
||||||
else
|
else
|
||||||
# This extracts the public key for DSA, DH, and GOST
|
# This extracts the public key for DSA, DH, and GOST
|
||||||
@ -16381,7 +16383,8 @@ run_robot() {
|
|||||||
local rnd_pms="aa112233445566778899112233445566778899112233445566778899112233445566778899112233445566778899"
|
local rnd_pms="aa112233445566778899112233445566778899112233445566778899112233445566778899112233445566778899"
|
||||||
local change_cipher_spec finished resp
|
local change_cipher_spec finished resp
|
||||||
local -a response
|
local -a response
|
||||||
local -i i subret len iteration testnum pubkeybits pubkeybytes
|
local -i i subret len iteration testnum pubkeybytes
|
||||||
|
local pubkeybits
|
||||||
local vulnerable=false send_ccs_finished=true
|
local vulnerable=false send_ccs_finished=true
|
||||||
local -i start_time end_time robottimeout=$MAX_WAITSOCK
|
local -i start_time end_time robottimeout=$MAX_WAITSOCK
|
||||||
local cve="CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168"
|
local cve="CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168"
|
||||||
@ -16479,8 +16482,8 @@ run_robot() {
|
|||||||
# <random> should be a length that makes total length of $padded_pms
|
# <random> should be a length that makes total length of $padded_pms
|
||||||
# the same as the length of the public key. <random> should contain no 00 bytes.
|
# the same as the length of the public key. <random> should contain no 00 bytes.
|
||||||
pubkeybits="$($OPENSSL x509 -noout -pubkey -in $HOSTCERT 2>>$ERRFILE | \
|
pubkeybits="$($OPENSSL x509 -noout -pubkey -in $HOSTCERT 2>>$ERRFILE | \
|
||||||
$OPENSSL pkey -pubin -text 2>>$ERRFILE | grep -aw "Public-Key:" | \
|
$OPENSSL pkey -pubin -text 2>>$ERRFILE | awk -F'(' '/Public-Key/ { print $2 }')"
|
||||||
sed -e 's/.*(//' -e 's/ bit)//')"
|
pubkeybits="${pubkeybits%%bit*}"
|
||||||
pubkeybytes=$pubkeybits/8
|
pubkeybytes=$pubkeybits/8
|
||||||
[[ $((pubkeybits%8)) -ne 0 ]] && pubkeybytes+=1
|
[[ $((pubkeybits%8)) -ne 0 ]] && pubkeybytes+=1
|
||||||
rnd_pad=""
|
rnd_pad=""
|
||||||
|
Loading…
Reference in New Issue
Block a user