Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-28 20:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Address grading bug when --show-each is used

Browse Source 
This fixes #2203. When used -E with -9 and --show-each the grading wasn't
correct as all ciphers printed were included in the grading verdict instead
of just the ones available.
This commit is contained in:
Dirk Wetter 2022-08-02 10:44:41 +02:00
parent 88e80d2688
commit 4f38646523
1 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
testssl.sh
View File

@ -3551,14 +3551,18 @@ neat_header(){
# arg3: keyexchange
# arg4: encryption (maybe included "export")
# arg5: "export" if the cipher is an export-quality cipher, empty otherwise.
# arg6: "true" if the cipher's "quality" should be highlighted
# "false" if the line should be printed in light grey
# empty if line should be returned as a string
# arg6: not a boolean!
# "true" : if the cipher's "quality" should be highlighted
# "false": if the line should be printed in light grey
# "" : if line should be returned as a string
# "available" / "not a/v" when SHOW_EACH_C is set
neat_list(){
local hexcode="$1"
local ossl_cipher="$2" export="$5" tls_cipher=""
local kx enc strength line what_dh bits
local -i i len
local how2show="$6"
kx="${3//Kx=/}"
enc="${4//Enc=/}"
@ -3574,14 +3578,19 @@ neat_list(){
enc="${enc//POLY1305/}" # remove POLY1305
enc="${enc//\//}" # remove "/"
# For rating set bit size
set_ciph_str_score $strength
# For rating set bit size but only when we're not on all display mode (global var SHOW_EACH_C)
if [[ $how2show != "not a/v" ]] && "$SHOW_EACH_C" ]]; then
:
else
set_ciph_str_score $strength
fi
[[ "$export" =~ export ]] && strength="$strength,exp"
[[ "$DISPLAY_CIPHERNAMES" != openssl-only ]] && tls_cipher="$(show_rfc_style "$hexcode")"
if [[ "$6" != true ]]; then
# global var SHOW_EACH_C determines whether we display all tested ciphers
if [[ "$how2show" != true ]]; then
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
line="$(printf -- " %-7s %-49s %-10s %-12s%-8s" "$hexcode" "$tls_cipher" "$kx" "$enc" "$strength")"
[[ "$DISPLAY_CIPHERNAMES" != rfc-only ]] && line+="$(printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher")"
@ -3589,7 +3598,7 @@ neat_list(){
line="$(printf -- " %-7s %-33s %-10s %-12s%-8s" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength")"
[[ "$DISPLAY_CIPHERNAMES" != openssl-only ]] && line+="$(printf -- " %-49s${SHOW_EACH_C:+ %-0s}" "$tls_cipher")"
fi
if [[ -z "$6" ]]; then
if [[ -z "$how2show" ]]; then
tm_out "$line"
else
pr_deemphasize "$line"
@ -4504,7 +4513,7 @@ ciphers_by_strength() {
elif "$wide" && "$proto_supported" || [[ $proto != -ssl2 ]]; then
outln
fi
cipher=""
for (( i=0 ; i<nr_ciphers; i++ )); do
if "${ciphers_found[i]}"; then
@ -6805,7 +6814,6 @@ run_server_preference() {
else
ciphers_by_strength "-$proto_ossl" "$proto_hex" "$proto_txt" "$using_sockets" "true" "false"
fi
else
cipher_pref_check "$proto_ossl" "$proto_hex" "$proto_txt" "$using_sockets" "true"
fi