mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
Use $HAS_X25519 and $HAS_X448
generate_key_share_extension() and prepare_tls_clienthello() currently check the $OPENSSL version number to determine whether X25519 and X448 are supported. The commit changes these functions to use $HAS_X25519 and $HAS_X448.
This commit is contained in:
parent
a1f6fe49ba
commit
541d960924
25
testssl.sh
25
testssl.sh
@ -13835,26 +13835,13 @@ generate_key_share_extension() {
|
|||||||
# with X25519 keys, so don't include the X25519 key share
|
# with X25519 keys, so don't include the X25519 key share
|
||||||
# if the server's response needs to be decrypted and an
|
# if the server's response needs to be decrypted and an
|
||||||
# older version of OpenSSL is being used.
|
# older version of OpenSSL is being used.
|
||||||
if [[ $i -gt 12 ]] && [[ $group -eq 29 ]] && [[ "$2" == all ]]; then
|
[[ $i -gt 12 ]] && [[ $group -eq 29 ]] && [[ "$2" == all ]] && ! "$HAS_X25519" && continue
|
||||||
[[ "$OSSL_NAME" =~ LibreSSL ]] && continue
|
|
||||||
if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != 1.1.0* ]] && \
|
|
||||||
[[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != 1.1.1* ]] && \
|
|
||||||
[[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != 3.0.0* ]]; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Versions of OpenSSL prior to 1.1.1 cannot perform operations
|
# Versions of OpenSSL prior to 1.1.1 cannot perform operations
|
||||||
# with X448 keys, so don't include the X448 key share
|
# with X448 keys, so don't include the X448 key share
|
||||||
# if the server's response needs to be decrypted and an
|
# if the server's response needs to be decrypted and an
|
||||||
# older version of OpenSSL is being used.
|
# older version of OpenSSL is being used.
|
||||||
if [[ $i -gt 12 ]] && [[ $group -eq 30 ]] && [[ "$2" == all ]]; then
|
[[ $i -gt 12 ]] && [[ $group -eq 30 ]] && [[ "$2" == all ]] && ! "$HAS_X448" && continue
|
||||||
[[ "$OSSL_NAME" =~ LibreSSL ]] && continue
|
|
||||||
if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != 1.1.1* ]] && \
|
|
||||||
[[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != 3.0.0* ]]; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# NOTE: The public keys could be extracted from the private keys
|
# NOTE: The public keys could be extracted from the private keys
|
||||||
# (TLS13_KEY_SHARES) using $OPENSSL, but only OpenSSL 1.1.0 and newer can
|
# (TLS13_KEY_SHARES) using $OPENSSL, but only OpenSSL 1.1.0 and newer can
|
||||||
@ -14016,9 +14003,7 @@ prepare_tls_clienthello() {
|
|||||||
00, 01, 00, 02, 00, 03, 00, 0f, 00, 10, 00, 11"
|
00, 01, 00, 02, 00, 03, 00, 0f, 00, 10, 00, 11"
|
||||||
elif [[ 0x$tls_low_byte -gt 0x03 ]]; then
|
elif [[ 0x$tls_low_byte -gt 0x03 ]]; then
|
||||||
# Supported Groups Extension
|
# Supported Groups Extension
|
||||||
if [[ ! "$process_full" =~ all ]] || ( [[ ! "$OSSL_NAME" =~ LibreSSL ]] && \
|
if [[ ! "$process_full" =~ all ]] || ( "$HAS_X25519" && "$HAS_X448" ); then
|
||||||
( [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || \
|
|
||||||
[[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]] ) ); then
|
|
||||||
extension_supported_groups="
|
extension_supported_groups="
|
||||||
00,0a, # Type: Supported Groups, see RFC 8446
|
00,0a, # Type: Supported Groups, see RFC 8446
|
||||||
00,10, 00,0e, # lengths
|
00,10, 00,0e, # lengths
|
||||||
@ -14027,13 +14012,13 @@ prepare_tls_clienthello() {
|
|||||||
# OpenSSL prior to 1.1.1 does not support X448, so list it as the least
|
# OpenSSL prior to 1.1.1 does not support X448, so list it as the least
|
||||||
# preferred option if the response needs to be decrypted, and do not
|
# preferred option if the response needs to be decrypted, and do not
|
||||||
# list it at all if the response MUST be decrypted.
|
# list it at all if the response MUST be decrypted.
|
||||||
elif [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.0* ]] && [[ "$process_full" == all+ ]]; then
|
elif "$HAS_X25519" && [[ "$process_full" == all+ ]]; then
|
||||||
extension_supported_groups="
|
extension_supported_groups="
|
||||||
00,0a, # Type: Supported Groups, see RFC 8446
|
00,0a, # Type: Supported Groups, see RFC 8446
|
||||||
00,0e, 00,0c, # lengths
|
00,0e, 00,0c, # lengths
|
||||||
00,1d, 00,17, 00,18, 00,19,
|
00,1d, 00,17, 00,18, 00,19,
|
||||||
01,00, 01,01"
|
01,00, 01,01"
|
||||||
elif [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == "1.1.0"* ]]; then
|
elif "$HAS_X25519"; then
|
||||||
extension_supported_groups="
|
extension_supported_groups="
|
||||||
00,0a, # Type: Supported Groups, see RFC 8446
|
00,0a, # Type: Supported Groups, see RFC 8446
|
||||||
00,10, 00,0e, # lengths
|
00,10, 00,0e, # lengths
|
||||||
|
Loading…
Reference in New Issue
Block a user