Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 05:45:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2.9dev' into full_parse_sslv2

Browse Source
This commit is contained in:
David Cooper
2016-09-30 11:30:14 -04:00
parent 0676866e91 c785087d15
commit 76a79a1f42
1 changed files with 40 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
testssl.sh
View File

@@ -92,7 +92,6 @@ egrep -q "dev|rc" <<< "$VERSION" && \
readonly PROG_NAME=$(basename "$0") readonly PROG_NAME=$(basename "$0")
readonly RUN_DIR=$(dirname "$0") readonly RUN_DIR=$(dirname "$0")
INSTALL_DIR="" INSTALL_DIR=""
MAPPING_FILE_RFC=""
OPENSSL_LOCATION="" OPENSSL_LOCATION=""
HNAME="$(hostname)" HNAME="$(hostname)"
HNAME="${HNAME%%.*}" HNAME="${HNAME%%.*}"
@@ -508,10 +507,15 @@ hex2dec() {
# trim spaces for BSD and old sed # trim spaces for BSD and old sed
count_lines() { count_lines() {
wc -l <<<"$1" | sed 's/ //g' #echo "${$(wc -l <<< "$1")// /}"
# ^^ bad substitution under bash, zsh ok. For some reason this does the trick:
echo $(wc -l <<< "$1")
} }
count_words() { count_words() {
wc -w <<<"$1" | sed 's/ //g' #echo "${$(wc -w <<< "$1")// /}"
# ^^ bad substitution under bash, zsh ok. For some reason this does the trick:
echo $(wc -w <<< "$1")
} }
count_ciphers() { count_ciphers() {
@@ -1551,8 +1555,19 @@ show_rfc_style(){
[[ -z "$ADD_RFC_STR" ]] && return 1 [[ -z "$ADD_RFC_STR" ]] && return 1
#[[ -z "$1" ]] && return 0 #[[ -z "$1" ]] && return 0
local rfcname local rfcname="" hexcode
rfcname="$(grep -iw "$1" "$MAPPING_FILE_RFC" | awk '{ print $2 }')" local -i i
hexcode="$(toupper "$1")"
case ${#hexcode} in
3) hexcode="0x00,0x${hexcode:1:2}" ;;
5) hexcode="0x${hexcode:1:2},0x${hexcode:3:2}" ;;
7) hexcode="0x${hexcode:1:2},0x${hexcode:3:2},0x${hexcode:5:2}" ;;
*) return 1 ;;
esac
for (( i=0; i < TLS_NR_CIPHERS; i++ )); do
[[ "$hexcode" == "${TLS_CIPHER_HEXCODE[i]}" ]] && rfcname="${TLS_CIPHER_RFC_NAME[i]}" && break
done
[[ "$rfcname" == "-" ]] && rfcname=""
[[ -n "$rfcname" ]] && out "$rfcname" [[ -n "$rfcname" ]] && out "$rfcname"
return 0 return 0
} }
@@ -2876,7 +2891,7 @@ run_client_simulation() {
fi fi
#FiXME: awk #FiXME: awk
cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://') cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && [[ -n "$MAPPING_FILE_RFC" ]] && cipher="$(rfc2openssl "$cipher")" "$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && cipher="$(rfc2openssl "$cipher")"
outln "$proto $cipher" outln "$proto $cipher"
if [[ -n "${warning[i]}" ]]; then if [[ -n "${warning[i]}" ]]; then
out " " out " "
@@ -5873,15 +5888,11 @@ parse_tls_serverhello() {
echo "Protocol : TLSv1.$((0x$tls_protocol2-0x0301))" >> $TMPFILE echo "Protocol : TLSv1.$((0x$tls_protocol2-0x0301))" >> $TMPFILE
fi fi
echo "===============================================================================" >> $TMPFILE echo "===============================================================================" >> $TMPFILE
if [[ -n "$MAPPING_FILE_RFC" ]]; then
if [[ "${tls_cipher_suite:0:2}" == "00" ]]; then if [[ "${tls_cipher_suite:0:2}" == "00" ]]; then
echo "Cipher : $(strip_spaces $(show_rfc_style "x${tls_cipher_suite:2:2}"))" >> $TMPFILE echo "Cipher : $(strip_spaces $(show_rfc_style "x${tls_cipher_suite:2:2}"))" >> $TMPFILE
else else
echo "Cipher : $(strip_spaces $(show_rfc_style "x${tls_cipher_suite:0:4}"))" >> $TMPFILE echo "Cipher : $(strip_spaces $(show_rfc_style "x${tls_cipher_suite:0:4}"))" >> $TMPFILE
fi fi
else
echo "Cipher : $($OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL' | grep -i " 0x${tls_cipher_suite:0:2},0x${tls_cipher_suite:2:2} " | awk '{ print $3 }')" >> $TMPFILE
fi
echo "===============================================================================" >> $TMPFILE echo "===============================================================================" >> $TMPFILE
if [[ $DEBUG -ge 2 ]]; then if [[ $DEBUG -ge 2 ]]; then
@@ -7342,42 +7353,43 @@ old_fart() {
fatal "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed." -5 fatal "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed." -5
} }
# try very hard to determine the install path to get ahold of the mapping file # try very hard to determine the install path
# it provides "keycode/ RFC style name", see RFCs, cipher(1), www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm # FIXME: mapping-rfc.txt no longer used. Need another method to determine install path
get_install_dir() { get_install_dir() {
local mapping_file_rfc=""
#INSTALL_DIR=$(cd "$(dirname "$0")" && pwd)/$(basename "$0") #INSTALL_DIR=$(cd "$(dirname "$0")" && pwd)/$(basename "$0")
INSTALL_DIR=$(dirname ${BASH_SOURCE[0]}) INSTALL_DIR=$(dirname ${BASH_SOURCE[0]})
[[ -r "$RUN_DIR/etc/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$RUN_DIR/etc/mapping-rfc.txt" [[ -r "$RUN_DIR/etc/mapping-rfc.txt" ]] && mapping_file_rfc="$RUN_DIR/etc/mapping-rfc.txt"
[[ -r "$INSTALL_DIR/etc/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$INSTALL_DIR/etc/mapping-rfc.txt" [[ -r "$INSTALL_DIR/etc/mapping-rfc.txt" ]] && mapping_file_rfc="$INSTALL_DIR/etc/mapping-rfc.txt"
if [[ ! -r "$MAPPING_FILE_RFC" ]]; then if [[ ! -r "$mapping_file_rfc" ]]; then
# those will disapper: # those will disapper:
[[ -r "$RUN_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$RUN_DIR/mapping-rfc.txt" [[ -r "$RUN_DIR/mapping-rfc.txt" ]] && mapping_file_rfc="$RUN_DIR/mapping-rfc.txt"
[[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$INSTALL_DIR/mapping-rfc.txt" [[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && mapping_file_rfc="$INSTALL_DIR/mapping-rfc.txt"
fi fi
# we haven't found the mapping file yet... # we haven't found the mapping file yet...
if [[ ! -r "$MAPPING_FILE_RFC" ]] && which readlink &>/dev/null ; then if [[ ! -r "$mapping_file_rfc" ]] && which readlink &>/dev/null ; then
readlink -f ls &>/dev/null && \ readlink -f ls &>/dev/null && \
INSTALL_DIR=$(readlink -f $(basename ${BASH_SOURCE[0]})) || \ INSTALL_DIR=$(readlink -f $(basename ${BASH_SOURCE[0]})) || \
INSTALL_DIR=$(readlink $(basename ${BASH_SOURCE[0]})) INSTALL_DIR=$(readlink $(basename ${BASH_SOURCE[0]}))
# not sure whether Darwin has -f # not sure whether Darwin has -f
INSTALL_DIR=$(dirname $INSTALL_DIR 2>/dev/null) INSTALL_DIR=$(dirname $INSTALL_DIR 2>/dev/null)
[[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$INSTALL_DIR/mapping-rfc.txt" [[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && mapping_file_rfc="$INSTALL_DIR/mapping-rfc.txt"
[[ -r "$INSTALL_DIR/etc/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$INSTALL_DIR/etc/mapping-rfc.txt" [[ -r "$INSTALL_DIR/etc/mapping-rfc.txt" ]] && mapping_file_rfc="$INSTALL_DIR/etc/mapping-rfc.txt"
# will disappear: # will disappear:
fi fi
# still no mapping file: # still no mapping file:
if [[ ! -r "$MAPPING_FILE_RFC" ]] && which realpath &>/dev/null ; then if [[ ! -r "$mapping_file_rfc" ]] && which realpath &>/dev/null ; then
INSTALL_DIR=$(dirname $(realpath ${BASH_SOURCE[0]})) INSTALL_DIR=$(dirname $(realpath ${BASH_SOURCE[0]}))
MAPPING_FILE_RFC="$INSTALL_DIR/etc/mapping-rfc.txt" mapping_file_rfc="$INSTALL_DIR/etc/mapping-rfc.txt"
# will disappear # will disappear
[[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$INSTALL_DIR/mapping-rfc.txt" [[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && mapping_file_rfc="$INSTALL_DIR/mapping-rfc.txt"
fi fi
[[ ! -r "$MAPPING_FILE_RFC" ]] && unset MAPPING_FILE_RFC && unset ADD_RFC_STR && pr_warningln "\nNo mapping file found" [[ ! -r "$mapping_file_rfc" ]] && unset mapping_file_rfc && unset ADD_RFC_STR && pr_warningln "\nNo mapping file found"
debugme echo "$MAPPING_FILE_RFC" debugme echo "$mapping_file_rfc"
} }
@@ -7687,7 +7699,6 @@ PATH: $PATH
PROG_NAME: $PROG_NAME PROG_NAME: $PROG_NAME
INSTALL_DIR: $INSTALL_DIR INSTALL_DIR: $INSTALL_DIR
RUN_DIR: $RUN_DIR RUN_DIR: $RUN_DIR
MAPPING_FILE_RFC: $MAPPING_FILE_RFC
CAPATH: $CAPATH CAPATH: $CAPATH
COLOR: $COLOR COLOR: $COLOR