From 62aee8f8467658c5d60f5804cc7a7ff9f4cdb2ca Mon Sep 17 00:00:00 2001 From: David Cooper Date: Fri, 30 Dec 2016 11:32:41 -0500 Subject: [PATCH] Remove leading "00" byte from prime, if present The primes in https://svn.nmap.org/nmap/scripts/ssl-dh-params.nse do not include a leading "00" byte, so don't include it in `$dh_p`. --- testssl.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/testssl.sh b/testssl.sh index 4a71070..93f99ac 100755 --- a/testssl.sh +++ b/testssl.sh @@ -9392,7 +9392,9 @@ run_logjam() { if [[ -n "$key_bitstring" ]]; then dh_p="$($OPENSSL pkey -pubin -text -noout <<< "$key_bitstring" | awk '/prime:/,/generator:/' | tail -n +2 | head -n -1)" dh_p="$(strip_spaces "$(colon_to_spaces "$(newline_to_spaces "$dh_p")")")" + [[ "${dh_p:0:2}" == "00" ]] && dh_p="${dh_p:2}" # At this point the DH key's prime has been extracted into $dh_p. Compare is against known weak primes. + echo "dh_p = $dh_p" fi tmpfile_handle $FUNCNAME.txt