Merge pull request #1196 from dcooper16/reorganize_run_cipher_per_proto

Reorganize run_cipher_per_proto()
This commit is contained in:
Dirk Wetter 2019-02-13 14:14:21 +01:00 committed by GitHub
commit 818c96ddbe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -3955,8 +3955,12 @@ run_allciphers() {
}
# test for all ciphers per protocol locally configured (w/o distinguishing whether they are good or bad)
run_cipher_per_proto() {
local proto proto_hex proto_text ossl_ciphers_proto
# for the specified protocol, test for all ciphers locally configured (w/o distinguishing whether they
# are good or bad) and list them in order to encryption strength.
ciphers_by_strength() {
local proto="$1" proto_hex="$2" proto_text="$3"
local using_sockets="$4"
local ossl_ciphers_proto
local -i nr_ciphers nr_ossl_ciphers nr_nonossl_ciphers success
local n sslvers auth mac export hexc sslv2_ciphers="" cipher
local -a hexcode normalized_hexcode ciph rfc_ciph kx enc export2
@ -3967,36 +3971,16 @@ run_cipher_per_proto() {
local available
local id
local has_dh_bits="$HAS_DH_BITS"
local using_sockets=true
"$SSL_NATIVE" && using_sockets=false
"$FAST" && using_sockets=false
[[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
outln
if "$using_sockets"; then
pr_headlineln " Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength "
else
pr_headlineln " Testing all locally available ciphers per protocol against the server, ordered by encryption strength "
[[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl"
outln
if ! "$HAS_DH_BITS"; then
[[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && out "."
prln_warning " (Your $OPENSSL cannot show DH/ECDH bits)"
fi
fi
outln
neat_header
echo -e " -ssl2 22 SSLv2\n -ssl3 00 SSLv3\n -tls1 01 TLS 1\n -tls1_1 02 TLS 1.1\n -tls1_2 03 TLS 1.2\n -tls1_3 04 TLS 1.3" | while read proto proto_hex proto_text; do
pr_underline "$(printf "%s" "$proto_text")"
# for local problem if it happens
out " "
if ! "$using_sockets" && ! locally_supported "$proto"; then
continue
return 0
fi
outln
[[ $(has_server_protocol "${proto:1}") -eq 1 ]] && continue
[[ $(has_server_protocol "${proto:1}") -eq 1 ]] && return 0
# get a list of all the cipher suites to test
nr_ciphers=0
@ -4246,9 +4230,39 @@ run_cipher_per_proto() {
fileout "$id" "INFO" "$proto_text $(neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}") $available"
fi
done
done
"$using_sockets" && HAS_DH_BITS="$has_dh_bits"
tmpfile_handle ${FUNCNAME[0]}.txt
tmpfile_handle ${FUNCNAME[0]}${proto}.txt
return 0
#FIXME: no error condition
}
# test for all ciphers per protocol locally configured (w/o distinguishing whether they are good or bad)
run_cipher_per_proto() {
local proto proto_hex proto_text
local using_sockets=true
"$SSL_NATIVE" && using_sockets=false
"$FAST" && using_sockets=false
[[ $TLS_NR_CIPHERS == 0 ]] && using_sockets=false
outln
if "$using_sockets"; then
pr_headlineln " Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength "
else
pr_headlineln " Testing all locally available ciphers per protocol against the server, ordered by encryption strength "
[[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && pr_warning " Cipher mapping not available, doing a fallback to openssl"
outln
if ! "$HAS_DH_BITS"; then
[[ $TLS_NR_CIPHERS == 0 ]] && ! "$SSL_NATIVE" && ! "$FAST" && out "."
prln_warning " (Your $OPENSSL cannot show DH/ECDH bits)"
fi
fi
outln
neat_header
echo -e " -ssl2 22 SSLv2\n -ssl3 00 SSLv3\n -tls1 01 TLS 1\n -tls1_1 02 TLS 1.1\n -tls1_2 03 TLS 1.2\n -tls1_3 04 TLS 1.3" | while read proto proto_hex proto_text; do
ciphers_by_strength "$proto" "$proto_hex" "$proto_text" "$using_sockets"
done
return 0
#FIXME: no error condition
}