From 6d93bff835bc8971fd25e61d575a311c2e1d029e Mon Sep 17 00:00:00 2001 From: David Cooper Date: Thu, 8 Dec 2016 10:19:57 -0500 Subject: [PATCH 1/3] Align elliptic curve lengths with OpenSSL For several elliptic curves the number of bits, as indicated by OpenSSL, is slightly different than the name implies. For example, for sect239k1 OpenSSL outputs: `Server Temp Key: ECDH, sect239k1, 238 bits`. This PR aligns the output created by `parse_tls_serverhello()` with OpenSSL. --- testssl.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/testssl.sh b/testssl.sh index 883c267..f464958 100755 --- a/testssl.sh +++ b/testssl.sh @@ -7281,25 +7281,25 @@ parse_tls_serverhello() { # http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 case $named_curve in 1) dh_bits=163 ; named_curve_str="K-163" ;; - 2) dh_bits=163 ; named_curve_str="sect163r1" ;; + 2) dh_bits=162 ; named_curve_str="sect163r1" ;; 3) dh_bits=163 ; named_curve_str="B-163" ;; 4) dh_bits=193 ; named_curve_str="sect193r1" ;; 5) dh_bits=193 ; named_curve_str="sect193r2" ;; - 6) dh_bits=233 ; named_curve_str="K-233" ;; + 6) dh_bits=232 ; named_curve_str="K-233" ;; 7) dh_bits=233 ; named_curve_str="B-233" ;; - 8) dh_bits=239 ; named_curve_str="sect239k1" ;; - 9) dh_bits=283 ; named_curve_str="K-283" ;; - 10) dh_bits=283 ; named_curve_str="B-283" ;; - 11) dh_bits=409 ; named_curve_str="K-409" ;; + 8) dh_bits=238 ; named_curve_str="sect239k1" ;; + 9) dh_bits=281 ; named_curve_str="K-283" ;; + 10) dh_bits=282 ; named_curve_str="B-283" ;; + 11) dh_bits=407 ; named_curve_str="K-409" ;; 12) dh_bits=409 ; named_curve_str="B-409" ;; - 13) dh_bits=571 ; named_curve_str="K-571" ;; - 14) dh_bits=571 ; named_curve_str="B-571" ;; - 15) dh_bits=160 ; named_curve_str="secp160k1" ;; - 16) dh_bits=160 ; named_curve_str="secp160r1" ;; - 17) dh_bits=160 ; named_curve_str="secp160r2" ;; + 13) dh_bits=570 ; named_curve_str="K-571" ;; + 14) dh_bits=570 ; named_curve_str="B-571" ;; + 15) dh_bits=161 ; named_curve_str="secp160k1" ;; + 16) dh_bits=161 ; named_curve_str="secp160r1" ;; + 17) dh_bits=161 ; named_curve_str="secp160r2" ;; 18) dh_bits=192 ; named_curve_str="secp192k1" ;; 19) dh_bits=192 ; named_curve_str="P-192" ;; - 20) dh_bits=224 ; named_curve_str="secp224k1" ;; + 20) dh_bits=225 ; named_curve_str="secp224k1" ;; 21) dh_bits=224 ; named_curve_str="P-224" ;; 22) dh_bits=256 ; named_curve_str="secp256k1" ;; 23) dh_bits=256 ; named_curve_str="P-256" ;; From 520966f776858570f1d2b9c5c14c5909b16a5a76 Mon Sep 17 00:00:00 2001 From: AlGreed Date: Wed, 14 Dec 2016 12:09:23 +0100 Subject: [PATCH 2/3] color=0 for json and csv formats to avoid escape characters in a report --- testssl.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/testssl.sh b/testssl.sh index 585e062..89feade 100755 --- a/testssl.sh +++ b/testssl.sh @@ -10830,18 +10830,22 @@ parse_cmd_line() { do_logging=true ;; --json) + COLOR=0 do_json=true ;; # DEFINITION of JSONFILE is not arg specified: automagically in parse_hn_port() # following does the same but we can specify a log location additionally --jsonfile|--jsonfile=*) + COLOR=0 JSONFILE=$(parse_opt_equal_sign "$1" "$2") [[ $? -eq 0 ]] && shift do_json=true ;; --json-pretty) + COLOR=0 do_pretty_json=true ;; --jsonfile-pretty|--jsonfile-pretty=*) + COLOR=0 JSONFILE=$(parse_opt_equal_sign "$1" "$2") [[ $? -eq 0 ]] && shift do_pretty_json=true @@ -10854,10 +10858,12 @@ parse_cmd_line() { GIVE_HINTS=true ;; --csv) + COLOR=0 do_csv=true ;; # DEFINITION of CSVFILE is not arg specified: automagically in parse_hn_port() # following does the same but we can specify a log location additionally --csvfile|--csvfile=*) + COLOR=0 CSVFILE=$(parse_opt_equal_sign "$1" "$2") [[ $? -eq 0 ]] && shift do_csv=true From 8d285a8696754866b43e3dcebadd6f58775c7e45 Mon Sep 17 00:00:00 2001 From: AlGreed Date: Wed, 14 Dec 2016 20:55:17 +0100 Subject: [PATCH 3/3] reverted color=0 for json and csv formats; rewrote strip_quote to cross platform variant. --- testssl.sh | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/testssl.sh b/testssl.sh index 89feade..28af539 100755 --- a/testssl.sh +++ b/testssl.sh @@ -695,7 +695,7 @@ set_color_functions() { strip_quote() { # remove color codes (see http://www.commandlinefu.com/commands/view/3584/remove-color-codes-special-characters-with-sed) # \', leading and all trailing spaces - sed -e "s,\x1B\[[0-9;]*[a-zA-Z],,g" \ + sed -e "s,$(echo -e "\033")\[[0-9;]*[a-zA-Z],,g" \ -e "s/\"/\\'/g" \ -e 's/^ *//g' \ -e 's/ *$//g' <<< "$1" @@ -10830,22 +10830,18 @@ parse_cmd_line() { do_logging=true ;; --json) - COLOR=0 do_json=true ;; # DEFINITION of JSONFILE is not arg specified: automagically in parse_hn_port() # following does the same but we can specify a log location additionally --jsonfile|--jsonfile=*) - COLOR=0 JSONFILE=$(parse_opt_equal_sign "$1" "$2") [[ $? -eq 0 ]] && shift do_json=true ;; --json-pretty) - COLOR=0 do_pretty_json=true ;; --jsonfile-pretty|--jsonfile-pretty=*) - COLOR=0 JSONFILE=$(parse_opt_equal_sign "$1" "$2") [[ $? -eq 0 ]] && shift do_pretty_json=true @@ -10858,12 +10854,10 @@ parse_cmd_line() { GIVE_HINTS=true ;; --csv) - COLOR=0 do_csv=true ;; # DEFINITION of CSVFILE is not arg specified: automagically in parse_hn_port() # following does the same but we can specify a log location additionally --csvfile|--csvfile=*) - COLOR=0 CSVFILE=$(parse_opt_equal_sign "$1" "$2") [[ $? -eq 0 ]] && shift do_csv=true