From cde2ecdc5d35961bffd11fb12ef4c59688efa119 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Fri, 8 May 2020 08:23:14 -0400 Subject: [PATCH] Rate RSA e=1 as CRITICAL PR #1619 set the grade cap to 'F' is the server has a certificate with an RSA with e=1, however, it did not change the rating in the JSON/CSV output. This commit changes the cert_keySize rating to CRITICAL for an RSA key with e=1, regardless of the size of the modulus. It also uses pr_svrty_critical() to print the exponent in this case. --- testssl.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/testssl.sh b/testssl.sh index 7f3bfb9..91e1f3e 100755 --- a/testssl.sh +++ b/testssl.sh @@ -8535,9 +8535,14 @@ certificate_info() { cert_spki_info="$(strip_leading_space "$cert_spki_info")" cert_spki_info="${cert_spki_info%%[[:space:]]*}" if [[ -n "$cert_spki_info" ]]; then - out " (exponent is $cert_spki_info)" + if [[ $cert_spki_info -eq 1 ]]; then + out " (exponent is "; pr_svrty_critical "$cert_spki_info"; out ")" + json_rating="CRITICAL" + set_grade_cap "F" "RSA certificate uses exponent of 1" + else + out " (exponent is $cert_spki_info)" + fi json_msg+=" (exponent is $cert_spki_info)" - [[ $cert_spki_info -eq 1 ]] && set_grade_cap "F" "RSA certificate uses exponent of 1" fi ;; "EC") cert_spki_info="${cert_txt##*Subject Public Key Info:}"