Merge branch '2.9dev' into run_std_cipherlists_sockets

This commit is contained in:
David Cooper 2017-01-09 09:03:18 -05:00
commit d011803ae8

View File

@ -6227,11 +6227,12 @@ run_server_defaults() {
done done
determine_tls_extensions determine_tls_extensions
if [[ $? -eq 0 ]] && [[ "$OPTIMAL_PROTO" != "-ssl2" ]]; then
cp "$TEMPDIR/$NODEIP.determine_tls_extensions.txt" $TMPFILE cp "$TEMPDIR/$NODEIP.determine_tls_extensions.txt" $TMPFILE
>$ERRFILE >$ERRFILE
[[ -z "$sessticket_str" ]] && sessticket_str=$(grep -aw "session ticket" $TMPFILE | grep -a lifetime) [[ -z "$sessticket_str" ]] && sessticket_str=$(grep -aw "session ticket" $TMPFILE | grep -a lifetime)
fi
outln outln
pr_headlineln " Testing server defaults (Server Hello) " pr_headlineln " Testing server defaults (Server Hello) "
@ -7193,6 +7194,7 @@ parse_sslv2_serverhello() {
"$parse_complete" && echo "======================================" > $TMPFILE "$parse_complete" && echo "======================================" > $TMPFILE
v2_hello_ascii=$(hexdump -v -e '16/1 "%02X"' $1) v2_hello_ascii=$(hexdump -v -e '16/1 "%02X"' $1)
v2_hello_ascii="${v2_hello_ascii%%[!0-9A-F]*}"
[[ "$DEBUG" -ge 5 ]] && echo "$v2_hello_ascii" [[ "$DEBUG" -ge 5 ]] && echo "$v2_hello_ascii"
if [[ -z "$v2_hello_ascii" ]]; then if [[ -z "$v2_hello_ascii" ]]; then
ret=0 # 1 line without any blanks: no server hello received ret=0 # 1 line without any blanks: no server hello received
@ -7224,6 +7226,10 @@ parse_sslv2_serverhello() {
echo "SSLv2 certificate length: 0x$v2_hello_cert_length" echo "SSLv2 certificate length: 0x$v2_hello_cert_length"
echo "SSLv2 cipher spec length: 0x$v2_hello_cipherspec_length" echo "SSLv2 cipher spec length: 0x$v2_hello_cipherspec_length"
fi fi
if "$parse_complete" && [[ 2*$(hex2dec "$v2_hello_length") -ne ${#v2_hello_ascii}-4 ]]; then
ret=7
fi
fi fi
"$parse_complete" || return $ret "$parse_complete" || return $ret
@ -7235,7 +7241,11 @@ parse_sslv2_serverhello() {
if [[ "$v2_cert_type" == "01" ]] && [[ "$v2_hello_cert_length" != "00" ]]; then if [[ "$v2_cert_type" == "01" ]] && [[ "$v2_hello_cert_length" != "00" ]]; then
tmp_der_certfile=$(mktemp $TEMPDIR/der_cert.XXXXXX) || return $ret tmp_der_certfile=$(mktemp $TEMPDIR/der_cert.XXXXXX) || return $ret
asciihex_to_binary_file "${v2_hello_ascii:26:certificate_len}" "$tmp_der_certfile" asciihex_to_binary_file "${v2_hello_ascii:26:certificate_len}" "$tmp_der_certfile"
$OPENSSL x509 -inform DER -in $tmp_der_certfile -outform PEM -out $HOSTCERT $OPENSSL x509 -inform DER -in $tmp_der_certfile -outform PEM -out $HOSTCERT 2>$ERRFILE
if [[ $? -ne 0 ]]; then
debugme echo "Malformed certificate in ServerHello."
return 1
fi
rm $tmp_der_certfile rm $tmp_der_certfile
get_pub_key_size get_pub_key_size
echo "======================================" >> $TMPFILE echo "======================================" >> $TMPFILE
@ -8230,6 +8240,13 @@ sslv2_sockets() {
local ret local ret
local client_hello cipher_suites len_client_hello local client_hello cipher_suites len_client_hello
local len_ciph_suites_byte len_ciph_suites local len_ciph_suites_byte len_ciph_suites
local server_hello sock_reply_file2
local -i response_len server_hello_len
local parse_complete=false
if [[ "$2" == "true" ]]; then
parse_complete=true
fi
if [[ -n "$1" ]]; then if [[ -n "$1" ]]; then
cipher_suites="$1" cipher_suites="$1"
@ -8270,13 +8287,31 @@ sslv2_sockets() {
socksend_sslv2_clienthello "$client_hello" socksend_sslv2_clienthello "$client_hello"
sockread_serverhello 32768 sockread_serverhello 32768
if "$parse_complete"; then
server_hello=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
server_hello_len=2+$(hex2dec "${server_hello:1:3}")
response_len=$(wc -c "$SOCK_REPLY_FILE" | awk '{ print $1 }')
for (( 1; response_len < server_hello_len; 1 )); do
sock_reply_file2=$(mktemp $TEMPDIR/ddreply.XXXXXX) || return 7
mv "$SOCK_REPLY_FILE" "$sock_reply_file2"
debugme echo "requesting more server hello data..."
socksend "" $USLEEP_SND
sockread_serverhello 32768
[[ ! -s "$SOCK_REPLY_FILE" ]] && break
cat "$SOCK_REPLY_FILE" >> "$sock_reply_file2"
mv "$sock_reply_file2" "$SOCK_REPLY_FILE"
response_len=$(wc -c "$SOCK_REPLY_FILE" | awk '{ print $1 }')
done
fi
debugme outln "reading server hello... " debugme outln "reading server hello... "
if [[ "$DEBUG" -ge 4 ]]; then if [[ "$DEBUG" -ge 4 ]]; then
hexdump -C "$SOCK_REPLY_FILE" | head -6 hexdump -C "$SOCK_REPLY_FILE" | head -6
outln outln
fi fi
parse_sslv2_serverhello "$SOCK_REPLY_FILE" "$2" parse_sslv2_serverhello "$SOCK_REPLY_FILE" "$parse_complete"
ret=$? ret=$?
close_socket close_socket
@ -10026,6 +10061,16 @@ get_install_dir() {
[[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt" [[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt"
fi fi
# still no cipher mapping file (and realpath is not present):
if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] && which readlink &>/dev/null ; then
readlink -f ls &>/dev/null && \
TESTSSL_INSTALL_DIR=$(dirname $(readlink -f ${BASH_SOURCE[0]})) || \
TESTSSL_INSTALL_DIR=$(dirname $(readlink ${BASH_SOURCE[0]}))
# not sure whether Darwin has -f
CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/etc/cipher-mapping.txt"
[[ -r "$TESTSSL_INSTALL_DIR/cipher-mapping.txt" ]] && CIPHERS_BY_STRENGTH_FILE="$TESTSSL_INSTALL_DIR/cipher-mapping.txt"
fi
if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] ; then if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]] ; then
unset ADD_RFC_STR unset ADD_RFC_STR
debugme echo "$CIPHERS_BY_STRENGTH_FILE" debugme echo "$CIPHERS_BY_STRENGTH_FILE"
@ -11838,4 +11883,3 @@ else
fi fi
exit $? exit $?