From 6d93bff835bc8971fd25e61d575a311c2e1d029e Mon Sep 17 00:00:00 2001
From: David Cooper <dcooper16@gmail.com>
Date: Thu, 8 Dec 2016 10:19:57 -0500
Subject: [PATCH 1/3] Align elliptic curve lengths with OpenSSL
For several elliptic curves the number of bits, as indicated by OpenSSL, is slightly different than the name implies. For example, for sect239k1 OpenSSL outputs: `Server Temp Key: ECDH, sect239k1, 238 bits`.
This PR aligns the output created by `parse_tls_serverhello()` with OpenSSL.
---
testssl.sh | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/testssl.sh b/testssl.sh
index 883c267..f464958 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -7281,25 +7281,25 @@ parse_tls_serverhello() {
# http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
case $named_curve in
1) dh_bits=163 ; named_curve_str="K-163" ;;
- 2) dh_bits=163 ; named_curve_str="sect163r1" ;;
+ 2) dh_bits=162 ; named_curve_str="sect163r1" ;;
3) dh_bits=163 ; named_curve_str="B-163" ;;
4) dh_bits=193 ; named_curve_str="sect193r1" ;;
5) dh_bits=193 ; named_curve_str="sect193r2" ;;
- 6) dh_bits=233 ; named_curve_str="K-233" ;;
+ 6) dh_bits=232 ; named_curve_str="K-233" ;;
7) dh_bits=233 ; named_curve_str="B-233" ;;
- 8) dh_bits=239 ; named_curve_str="sect239k1" ;;
- 9) dh_bits=283 ; named_curve_str="K-283" ;;
- 10) dh_bits=283 ; named_curve_str="B-283" ;;
- 11) dh_bits=409 ; named_curve_str="K-409" ;;
+ 8) dh_bits=238 ; named_curve_str="sect239k1" ;;
+ 9) dh_bits=281 ; named_curve_str="K-283" ;;
+ 10) dh_bits=282 ; named_curve_str="B-283" ;;
+ 11) dh_bits=407 ; named_curve_str="K-409" ;;
12) dh_bits=409 ; named_curve_str="B-409" ;;
- 13) dh_bits=571 ; named_curve_str="K-571" ;;
- 14) dh_bits=571 ; named_curve_str="B-571" ;;
- 15) dh_bits=160 ; named_curve_str="secp160k1" ;;
- 16) dh_bits=160 ; named_curve_str="secp160r1" ;;
- 17) dh_bits=160 ; named_curve_str="secp160r2" ;;
+ 13) dh_bits=570 ; named_curve_str="K-571" ;;
+ 14) dh_bits=570 ; named_curve_str="B-571" ;;
+ 15) dh_bits=161 ; named_curve_str="secp160k1" ;;
+ 16) dh_bits=161 ; named_curve_str="secp160r1" ;;
+ 17) dh_bits=161 ; named_curve_str="secp160r2" ;;
18) dh_bits=192 ; named_curve_str="secp192k1" ;;
19) dh_bits=192 ; named_curve_str="P-192" ;;
- 20) dh_bits=224 ; named_curve_str="secp224k1" ;;
+ 20) dh_bits=225 ; named_curve_str="secp224k1" ;;
21) dh_bits=224 ; named_curve_str="P-224" ;;
22) dh_bits=256 ; named_curve_str="secp256k1" ;;
23) dh_bits=256 ; named_curve_str="P-256" ;;
From 520966f776858570f1d2b9c5c14c5909b16a5a76 Mon Sep 17 00:00:00 2001
From: AlGreed <thegreedyplanetz@gmail.com>
Date: Wed, 14 Dec 2016 12:09:23 +0100
Subject: [PATCH 2/3] color=0 for json and csv formats to avoid escape
characters in a report
---
testssl.sh | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/testssl.sh b/testssl.sh
index 585e062..89feade 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -10830,18 +10830,22 @@ parse_cmd_line() {
do_logging=true
;;
--json)
+ COLOR=0
do_json=true
;; # DEFINITION of JSONFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally
--jsonfile|--jsonfile=*)
+ COLOR=0
JSONFILE=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift
do_json=true
;;
--json-pretty)
+ COLOR=0
do_pretty_json=true
;;
--jsonfile-pretty|--jsonfile-pretty=*)
+ COLOR=0
JSONFILE=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift
do_pretty_json=true
@@ -10854,10 +10858,12 @@ parse_cmd_line() {
GIVE_HINTS=true
;;
--csv)
+ COLOR=0
do_csv=true
;; # DEFINITION of CSVFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally
--csvfile|--csvfile=*)
+ COLOR=0
CSVFILE=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift
do_csv=true
From 8d285a8696754866b43e3dcebadd6f58775c7e45 Mon Sep 17 00:00:00 2001
From: AlGreed <thegreedyplanetz@gmail.com>
Date: Wed, 14 Dec 2016 20:55:17 +0100
Subject: [PATCH 3/3] reverted color=0 for json and csv formats; rewrote
strip_quote to cross platform variant.
---
testssl.sh | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/testssl.sh b/testssl.sh
index 89feade..28af539 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -695,7 +695,7 @@ set_color_functions() {
strip_quote() {
# remove color codes (see http://www.commandlinefu.com/commands/view/3584/remove-color-codes-special-characters-with-sed)
# \', leading and all trailing spaces
- sed -e "s,\x1B\[[0-9;]*[a-zA-Z],,g" \
+ sed -e "s,$(echo -e "\033")\[[0-9;]*[a-zA-Z],,g" \
-e "s/\"/\\'/g" \
-e 's/^ *//g' \
-e 's/ *$//g' <<< "$1"
@@ -10830,22 +10830,18 @@ parse_cmd_line() {
do_logging=true
;;
--json)
- COLOR=0
do_json=true
;; # DEFINITION of JSONFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally
--jsonfile|--jsonfile=*)
- COLOR=0
JSONFILE=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift
do_json=true
;;
--json-pretty)
- COLOR=0
do_pretty_json=true
;;
--jsonfile-pretty|--jsonfile-pretty=*)
- COLOR=0
JSONFILE=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift
do_pretty_json=true
@@ -10858,12 +10854,10 @@ parse_cmd_line() {
GIVE_HINTS=true
;;
--csv)
- COLOR=0
do_csv=true
;; # DEFINITION of CSVFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally
--csvfile|--csvfile=*)
- COLOR=0
CSVFILE=$(parse_opt_equal_sign "$1" "$2")
[[ $? -eq 0 ]] && shift
do_csv=true