mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-23 08:59:31 +01:00
Minor code simplification / readability
This commit is contained in:
parent
818c96ddbe
commit
c252541bcf
46
testssl.sh
46
testssl.sh
@ -3707,7 +3707,7 @@ run_allciphers() {
|
|||||||
ciphers_found[i]=false
|
ciphers_found[i]=false
|
||||||
sigalg[i]=""
|
sigalg[i]=""
|
||||||
ossl_supported[i]=${TLS_CIPHER_OSSL_SUPPORTED[i]}
|
ossl_supported[i]=${TLS_CIPHER_OSSL_SUPPORTED[i]}
|
||||||
if "$using_sockets" && ! "$HAS_DH_BITS" && ( [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]] ); then
|
if "$using_sockets" && ! "$HAS_DH_BITS" && ( [[ ${kx[i]} == Kx=ECDH ]] || [[ ${kx[i]} == Kx=DH ]] || [[ ${kx[i]} == Kx=EDH ]] ); then
|
||||||
ossl_supported[i]=false
|
ossl_supported[i]=false
|
||||||
fi
|
fi
|
||||||
if [[ ${#hexc} -eq 9 ]]; then
|
if [[ ${#hexc} -eq 9 ]]; then
|
||||||
@ -3752,7 +3752,7 @@ run_allciphers() {
|
|||||||
supported_sslv2_ciphers="$(grep "Supported cipher: " "$TEMPDIR/$NODEIP.parse_sslv2_serverhello.txt")"
|
supported_sslv2_ciphers="$(grep "Supported cipher: " "$TEMPDIR/$NODEIP.parse_sslv2_serverhello.txt")"
|
||||||
"$SHOW_SIGALGO" && s="$(read_sigalg_from_file "$HOSTCERT")"
|
"$SHOW_SIGALGO" && s="$(read_sigalg_from_file "$HOSTCERT")"
|
||||||
for (( i=0 ; i<nr_ciphers; i++ )); do
|
for (( i=0 ; i<nr_ciphers; i++ )); do
|
||||||
if [[ "${sslvers[i]}" == "SSLv2" ]] && [[ "$supported_sslv2_ciphers" =~ ${normalized_hexcode[i]} ]]; then
|
if [[ "${sslvers[i]}" == SSLv2 ]] && [[ "$supported_sslv2_ciphers" =~ ${normalized_hexcode[i]} ]]; then
|
||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
"$SHOW_SIGALGO" && sigalg[i]="$s"
|
"$SHOW_SIGALGO" && sigalg[i]="$s"
|
||||||
fi
|
fi
|
||||||
@ -3790,7 +3790,7 @@ run_allciphers() {
|
|||||||
|
|
||||||
for (( i=0; i < nr_ciphers; i++ )); do
|
for (( i=0; i < nr_ciphers; i++ )); do
|
||||||
if "${ossl_supported[i]}"; then
|
if "${ossl_supported[i]}"; then
|
||||||
[[ "${sslvers[i]}" == "SSLv2" ]] && continue
|
[[ "${sslvers[i]}" == SSLv2 ]] && continue
|
||||||
ciphers_found2[nr_ossl_ciphers]=false
|
ciphers_found2[nr_ossl_ciphers]=false
|
||||||
ciph2[nr_ossl_ciphers]="${ciph[i]}"
|
ciph2[nr_ossl_ciphers]="${ciph[i]}"
|
||||||
index[nr_ossl_ciphers]=$i
|
index[nr_ossl_ciphers]=$i
|
||||||
@ -3855,7 +3855,7 @@ run_allciphers() {
|
|||||||
if [[ "$cipher" == TLS13* ]] || [[ "$cipher" == TLS_* ]]; then
|
if [[ "$cipher" == TLS13* ]] || [[ "$cipher" == TLS_* ]]; then
|
||||||
kx[i]="$(read_dhtype_from_file $TMPFILE)"
|
kx[i]="$(read_dhtype_from_file $TMPFILE)"
|
||||||
fi
|
fi
|
||||||
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
if [[ ${kx[i]} == Kx=ECDH ]] || [[ ${kx[i]} == Kx=DH ]] || [[ ${kx[i]} == Kx=EDH ]]; then
|
||||||
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]} $dhlen"
|
||||||
fi
|
fi
|
||||||
@ -3972,7 +3972,7 @@ ciphers_by_strength() {
|
|||||||
local id
|
local id
|
||||||
local has_dh_bits="$HAS_DH_BITS"
|
local has_dh_bits="$HAS_DH_BITS"
|
||||||
|
|
||||||
pr_underline "$(printf "%s" "$proto_text")"
|
pr_underline "$(printf -- "%b" "$proto_text")"
|
||||||
# for local problem if it happens
|
# for local problem if it happens
|
||||||
out " "
|
out " "
|
||||||
if ! "$using_sockets" && ! locally_supported "$proto"; then
|
if ! "$using_sockets" && ! locally_supported "$proto"; then
|
||||||
@ -4011,16 +4011,16 @@ ciphers_by_strength() {
|
|||||||
normalized_hexcode[nr_ciphers]="x${hexc:2:2}${hexc:7:2}${hexc:12:2}"
|
normalized_hexcode[nr_ciphers]="x${hexc:2:2}${hexc:7:2}${hexc:12:2}"
|
||||||
fi
|
fi
|
||||||
if ( "$using_sockets" || "${TLS_CIPHER_OSSL_SUPPORTED[i]}" ); then
|
if ( "$using_sockets" || "${TLS_CIPHER_OSSL_SUPPORTED[i]}" ); then
|
||||||
if [[ ${#hexc} -eq 9 ]] && [[ "$proto_text" != "SSLv2" ]]; then
|
if [[ ${#hexc} -eq 9 ]] && [[ "$proto_text" != SSLv2 ]]; then
|
||||||
if [[ "$proto_text" == "TLS 1.3" ]]; then
|
if [[ "$proto_text" == TLS\ 1.3 ]]; then
|
||||||
[[ "${hexc:2:2}" == "13" ]] && nr_ciphers+=1
|
[[ "${hexc:2:2}" == 13 ]] && nr_ciphers+=1
|
||||||
elif [[ "$proto_text" == "TLS 1.2" ]]; then
|
elif [[ "$proto_text" == TLS\ 1.2 ]]; then
|
||||||
[[ "${hexc:2:2}" != "13" ]] && nr_ciphers+=1
|
[[ "${hexc:2:2}" != 13 ]] && nr_ciphers+=1
|
||||||
elif [[ ! "${TLS_CIPHER_RFC_NAME[i]}" =~ SHA256 ]] && [[ ! "${TLS_CIPHER_RFC_NAME[i]}" =~ SHA384 ]] && \
|
elif [[ ! "${TLS_CIPHER_RFC_NAME[i]}" =~ SHA256 ]] && [[ ! "${TLS_CIPHER_RFC_NAME[i]}" =~ SHA384 ]] && \
|
||||||
[[ "${TLS_CIPHER_RFC_NAME[i]}" != *"_CCM" ]] && [[ "${TLS_CIPHER_RFC_NAME[i]}" != *"_CCM_8" ]]; then
|
[[ "${TLS_CIPHER_RFC_NAME[i]}" != *_CCM ]] && [[ "${TLS_CIPHER_RFC_NAME[i]}" != *_CCM_8 ]]; then
|
||||||
nr_ciphers+=1
|
nr_ciphers+=1
|
||||||
fi
|
fi
|
||||||
elif [[ ${#hexc} -eq 14 ]] && [[ "$proto_text" == "SSLv2" ]]; then
|
elif [[ ${#hexc} -eq 14 ]] && [[ "$proto_text" == SSLv2 ]]; then
|
||||||
sslv2_ciphers+=", ${hexcode[nr_ciphers]}"
|
sslv2_ciphers+=", ${hexcode[nr_ciphers]}"
|
||||||
nr_ciphers+=1
|
nr_ciphers+=1
|
||||||
fi
|
fi
|
||||||
@ -4028,21 +4028,21 @@ ciphers_by_strength() {
|
|||||||
done
|
done
|
||||||
else # no sockets, openssl!
|
else # no sockets, openssl!
|
||||||
# The OpenSSL ciphers function, prior to version 1.1.0, could only understand -ssl2, -ssl3, and -tls1.
|
# The OpenSSL ciphers function, prior to version 1.1.0, could only understand -ssl2, -ssl3, and -tls1.
|
||||||
if [[ "$proto" == "-ssl2" ]] || [[ "$proto" == "-ssl3" ]] || \
|
if [[ "$proto" == "-ssl2" ]] || [[ "$proto" == -ssl3 ]] || \
|
||||||
[[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == "1.1.0"* ]] || [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == "1.1.1"* ]]; then
|
[[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.0* ]] || [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]]; then
|
||||||
ossl_ciphers_proto="$proto"
|
ossl_ciphers_proto="$proto"
|
||||||
else
|
else
|
||||||
ossl_ciphers_proto="-tls1"
|
ossl_ciphers_proto="-tls1"
|
||||||
fi
|
fi
|
||||||
while read hexc n ciph[nr_ciphers] sslvers kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do
|
while read hexc n ciph[nr_ciphers] sslvers kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do
|
||||||
if [[ "$proto_text" == "TLS 1.3" ]]; then
|
if [[ "$proto_text" == TLS\ 1.3 ]]; then
|
||||||
[[ "${ciph[nr_ciphers]}" == TLS13* ]] || [[ "${ciph[nr_ciphers]}" == TLS_* ]] || continue
|
[[ "${ciph[nr_ciphers]}" == TLS13* ]] || [[ "${ciph[nr_ciphers]}" == TLS_* ]] || continue
|
||||||
elif [[ "$proto_text" == "TLS 1.2" ]]; then
|
elif [[ "$proto_text" == "TLS 1.2" ]]; then
|
||||||
if [[ "${ciph[nr_ciphers]}" == TLS13* ]] || [[ "${ciph[nr_ciphers]}" == TLS_* ]]; then
|
if [[ "${ciph[nr_ciphers]}" == TLS13* ]] || [[ "${ciph[nr_ciphers]}" == TLS_* ]]; then
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
elif [[ "${ciph[nr_ciphers]}" == *"-SHA256" ]] || [[ "${ciph[nr_ciphers]}" == *"-SHA384" ]] || \
|
elif [[ "${ciph[nr_ciphers]}" == *-SHA256 ]] || [[ "${ciph[nr_ciphers]}" == *-SHA384 ]] || \
|
||||||
[[ "${ciph[nr_ciphers]}" == *"-CCM" ]] || [[ "${ciph[nr_ciphers]}" == *"-CCM8" ]] || \
|
[[ "${ciph[nr_ciphers]}" == *-CCM ]] || [[ "${ciph[nr_ciphers]}" == *-CCM8 ]] || \
|
||||||
[[ "${ciph[nr_ciphers]}" =~ CHACHA20-POLY1305 ]]; then
|
[[ "${ciph[nr_ciphers]}" =~ CHACHA20-POLY1305 ]]; then
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
@ -4113,7 +4113,7 @@ ciphers_by_strength() {
|
|||||||
tls13_ciphers_to_test=""
|
tls13_ciphers_to_test=""
|
||||||
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
for (( i=bundle*bundle_size; i < end_of_bundle; i++ )); do
|
||||||
if ! "${ciphers_found2[i]}"; then
|
if ! "${ciphers_found2[i]}"; then
|
||||||
if [[ "$proto" == "-tls1_3" ]]; then
|
if [[ "$proto" == -tls1_3 ]]; then
|
||||||
tls13_ciphers_to_test+=":${ciph2[i]}"
|
tls13_ciphers_to_test+=":${ciph2[i]}"
|
||||||
else
|
else
|
||||||
ciphers_to_test+=":${ciph2[i]}"
|
ciphers_to_test+=":${ciph2[i]}"
|
||||||
@ -4133,8 +4133,8 @@ ciphers_by_strength() {
|
|||||||
done
|
done
|
||||||
i=${index[i]}
|
i=${index[i]}
|
||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
[[ "$proto_text" == "TLS 1.3" ]] && kx[i]="$(read_dhtype_from_file $TMPFILE)"
|
[[ "$proto_text" == TLS\ 1.3 ]] && kx[i]="$(read_dhtype_from_file $TMPFILE)"
|
||||||
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
if [[ ${kx[i]} == Kx=ECDH ]] || [[ ${kx[i]} == Kx=DH ]] || [[ ${kx[i]} == Kx=EDH ]]; then
|
||||||
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]} $dhlen"
|
||||||
fi
|
fi
|
||||||
@ -4196,8 +4196,8 @@ ciphers_by_strength() {
|
|||||||
done
|
done
|
||||||
i=${index[i]}
|
i=${index[i]}
|
||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
[[ "$proto_text" == "TLS 1.3" ]] && kx[i]="$(read_dhtype_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")"
|
[[ "$proto_text" == TLS\ 1.3 ]] && kx[i]="$(read_dhtype_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")"
|
||||||
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
if [[ ${kx[i]} == Kx=ECDH ]] || [[ ${kx[i]} == Kx=DH ]] || [[ ${kx[i]} == Kx=EDH ]]; then
|
||||||
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]} $dhlen"
|
||||||
fi
|
fi
|
||||||
@ -6361,7 +6361,7 @@ cipher_pref_check() {
|
|||||||
tested_cipher=""
|
tested_cipher=""
|
||||||
while true; do
|
while true; do
|
||||||
if [[ $p != tls1_3 ]]; then
|
if [[ $p != tls1_3 ]]; then
|
||||||
ciphers_to_test="-cipher ALL:COMPLEMENTOFALL$tested_cipher"
|
ciphers_to_test="-cipher ALL:COMPLEMENTOFALL${tested_cipher}"
|
||||||
else
|
else
|
||||||
ciphers_to_test=""
|
ciphers_to_test=""
|
||||||
for cipher in $(colon_to_spaces "$TLS13_OSSL_CIPHERS"); do
|
for cipher in $(colon_to_spaces "$TLS13_OSSL_CIPHERS"); do
|
||||||
|
Loading…
Reference in New Issue
Block a user