Show selected curve

This PR changes `read_dhbits_from_file()` so that, when the "quiet" parameter is absent, the selected curve is shown in addition to the number of bits. This PR only affects the output of `run_client_simulation()` and the `Negotiated cipher` in `run_server_preference()`.
This commit is contained in:
David Cooper 2017-01-13 10:28:48 -05:00 committed by GitHub
parent 436326a547
commit 42da64d601
1 changed files with 20 additions and 5 deletions

View File

@ -4498,7 +4498,7 @@ run_std_cipherlists() {
# arg1: file with input for grepping the bit length for ECDH/DHE # arg1: file with input for grepping the bit length for ECDH/DHE
# arg2: whether to print warning "old fart" or not (empty: no) # arg2: whether to print warning "old fart" or not (empty: no)
read_dhbits_from_file() { read_dhbits_from_file() {
local bits what_dh temp local bits what_dh temp curve=""
local add="" local add=""
local old_fart=" (openssl cannot show DH bits)" local old_fart=" (openssl cannot show DH bits)"
@ -4506,14 +4506,23 @@ read_dhbits_from_file() {
what_dh=$(awk -F',' '{ print $1 }' <<< $temp) what_dh=$(awk -F',' '{ print $1 }' <<< $temp)
bits=$(awk -F',' '{ print $3 }' <<< $temp) bits=$(awk -F',' '{ print $3 }' <<< $temp)
# RH's backport has the DH bits in second arg after comma # RH's backport has the DH bits in second arg after comma
grep -q bits <<< $bits || bits=$(awk -F',' '{ print $2 }' <<< $temp) if grep -q bits <<< $bits; then
curve="$(strip_spaces "$(awk -F',' '{ print $2 }' <<< $temp)")"
else
bits=$(awk -F',' '{ print $2 }' <<< $temp)
fi
bits=$(tr -d ' bits' <<< $bits) bits=$(tr -d ' bits' <<< $bits)
if [[ "$what_dh" == "X25519" ]] || [[ "$what_dh" == "X448" ]]; then if [[ "$what_dh" == "X25519" ]] || [[ "$what_dh" == "X448" ]]; then
curve="$what_dh"
what_dh="ECDH" what_dh="ECDH"
fi fi
if [[ -n "$curve" ]]; then
debugme echo ">$HAS_DH_BITS|$what_dh($curve)|$bits<"
else
debugme echo ">$HAS_DH_BITS|$what_dh|$bits<" debugme echo ">$HAS_DH_BITS|$what_dh|$bits<"
fi
[[ -n "$what_dh" ]] && HAS_DH_BITS=true # FIX 190 [[ -n "$what_dh" ]] && HAS_DH_BITS=true # FIX 190
if [[ -z "$what_dh" ]] && ! "$HAS_DH_BITS"; then if [[ -z "$what_dh" ]] && ! "$HAS_DH_BITS"; then
@ -4525,7 +4534,10 @@ read_dhbits_from_file() {
[[ -n "$bits" ]] && [[ -z "$2" ]] && out ", " [[ -n "$bits" ]] && [[ -z "$2" ]] && out ", "
if [[ $what_dh == "DH" ]] || [[ $what_dh == "EDH" ]]; then if [[ $what_dh == "DH" ]] || [[ $what_dh == "EDH" ]]; then
[[ -z "$2" ]] && add="bit DH" if [[ -z "$2" ]]; then
add="bit DH"
[[ -n "$curve" ]] && add+=" ($curve)"
fi
if [[ "$bits" -le 600 ]]; then if [[ "$bits" -le 600 ]]; then
pr_svrty_critical "$bits $add" pr_svrty_critical "$bits $add"
elif [[ "$bits" -le 800 ]]; then elif [[ "$bits" -le 800 ]]; then
@ -4539,7 +4551,10 @@ read_dhbits_from_file() {
fi fi
# https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography, http://www.keylength.com/en/compare/ # https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography, http://www.keylength.com/en/compare/
elif [[ $what_dh == "ECDH" ]]; then elif [[ $what_dh == "ECDH" ]]; then
[[ -z "$2" ]] && add="bit ECDH" if [[ -z "$2" ]]; then
add="bit ECDH"
[[ -n "$curve" ]] && add+=" ($curve)"
fi
if [[ "$bits" -le 80 ]]; then # has that ever existed? if [[ "$bits" -le 80 ]]; then # has that ever existed?
pr_svrty_critical "$bits $add" pr_svrty_critical "$bits $add"
elif [[ "$bits" -le 108 ]]; then # has that ever existed? elif [[ "$bits" -le 108 ]]; then # has that ever existed?