From 4f386465236715982473870f1a20f25bf3284794 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Tue, 2 Aug 2022 10:44:41 +0200 Subject: [PATCH] Address grading bug when --show-each is used This fixes #2203. When used -E with -9 and --show-each the grading wasn't correct as all ciphers printed were included in the grading verdict instead of just the ones available. --- testssl.sh | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/testssl.sh b/testssl.sh index c7cb54e..eb41d0f 100755 --- a/testssl.sh +++ b/testssl.sh @@ -3551,14 +3551,18 @@ neat_header(){ # arg3: keyexchange # arg4: encryption (maybe included "export") # arg5: "export" if the cipher is an export-quality cipher, empty otherwise. -# arg6: "true" if the cipher's "quality" should be highlighted -# "false" if the line should be printed in light grey -# empty if line should be returned as a string +# arg6: not a boolean! +# "true" : if the cipher's "quality" should be highlighted +# "false": if the line should be printed in light grey +# "" : if line should be returned as a string +# "available" / "not a/v" when SHOW_EACH_C is set + neat_list(){ local hexcode="$1" local ossl_cipher="$2" export="$5" tls_cipher="" local kx enc strength line what_dh bits local -i i len + local how2show="$6" kx="${3//Kx=/}" enc="${4//Enc=/}" @@ -3574,14 +3578,19 @@ neat_list(){ enc="${enc//POLY1305/}" # remove POLY1305 enc="${enc//\//}" # remove "/" - # For rating set bit size - set_ciph_str_score $strength + # For rating set bit size but only when we're not on all display mode (global var SHOW_EACH_C) + if [[ $how2show != "not a/v" ]] && "$SHOW_EACH_C" ]]; then + : + else + set_ciph_str_score $strength + fi [[ "$export" =~ export ]] && strength="$strength,exp" [[ "$DISPLAY_CIPHERNAMES" != openssl-only ]] && tls_cipher="$(show_rfc_style "$hexcode")" - if [[ "$6" != true ]]; then + # global var SHOW_EACH_C determines whether we display all tested ciphers + if [[ "$how2show" != true ]]; then if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then line="$(printf -- " %-7s %-49s %-10s %-12s%-8s" "$hexcode" "$tls_cipher" "$kx" "$enc" "$strength")" [[ "$DISPLAY_CIPHERNAMES" != rfc-only ]] && line+="$(printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher")" @@ -3589,7 +3598,7 @@ neat_list(){ line="$(printf -- " %-7s %-33s %-10s %-12s%-8s" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength")" [[ "$DISPLAY_CIPHERNAMES" != openssl-only ]] && line+="$(printf -- " %-49s${SHOW_EACH_C:+ %-0s}" "$tls_cipher")" fi - if [[ -z "$6" ]]; then + if [[ -z "$how2show" ]]; then tm_out "$line" else pr_deemphasize "$line" @@ -4504,7 +4513,7 @@ ciphers_by_strength() { elif "$wide" && "$proto_supported" || [[ $proto != -ssl2 ]]; then outln fi - + cipher="" for (( i=0 ; i