Merge pull request #444 from dcooper16/sslv2_sockets

Move printing of results out of sslv2_sockets()
This commit is contained in:
Dirk Wetter 2016-08-28 18:27:29 +02:00 committed by GitHub
commit dbb7d6f4be
1 changed files with 41 additions and 51 deletions

View File

@ -2924,6 +2924,7 @@ run_protocols() {
local supported_no_ciph2="supported but couldn't detect a cipher" local supported_no_ciph2="supported but couldn't detect a cipher"
local latest_supported="" # version.major and version.minor of highest version supported by the server. local latest_supported="" # version.major and version.minor of highest version supported by the server.
local detected_version_string latest_supported_string local detected_version_string latest_supported_string
local lines nr_ciphers_detected
local extra_spaces=" " local extra_spaces=" "
outln; pr_headline " Testing protocols " outln; pr_headline " Testing protocols "
@ -2948,7 +2949,40 @@ run_protocols() {
pr_bold " SSLv2 $extra_spaces"; pr_bold " SSLv2 $extra_spaces";
if ! "$SSL_NATIVE"; then if ! "$SSL_NATIVE"; then
sslv2_sockets #FIXME: messages/output need to be moved to this (higher) level sslv2_sockets
case $? in
7) # strange reply, couldn't convert the cipher spec length to a hex number
pr_cyan "strange v2 reply "
outln " (rerun with DEBUG >=2)"
[[ $DEBUG -ge 3 ]] && hexdump -C "$TEMPDIR/$NODEIP.sslv2_sockets.dd" | head -1
fileout "sslv2" "WARN" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)"
;;
1) # no sslv2 server hello returned, like in openlitespeed which returns HTTP!
pr_done_bestln "not offered (OK)"
fileout "sslv2" "OK" "SSLv2 not offered (OK)"
;;
0) # reset
pr_done_bestln "not offered (OK)"
fileout "sslv2" "OK" "SSLv2 not offered (OK)"
;;
3) # everything else
lines=$(count_lines "$(hexdump -C "$TEMPDIR/$NODEIP.sslv2_sockets.dd" 2>/dev/null)")
[[ "$DEBUG" -ge 2 ]] && out " ($lines lines) "
if [[ "$lines" -gt 1 ]]; then
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
add_tls_offered "ssl2"
if [[ 0 -eq "$nr_ciphers_detected" ]]; then
pr_svrty_highln "supported but couldn't detect a cipher and vulnerable to CVE-2015-3197 ";
fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to CVE-2015-3197"
else
pr_svrty_critical "offered (NOT ok), also VULNERABLE to DROWN attack";
outln " -- $nr_ciphers_detected ciphers"
fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to DROWN attack. Detected ciphers: $nr_ciphers_detected"
fi
fi ;;
esac
pr_off
debugme outln
else else
run_prototest_openssl "-ssl2" run_prototest_openssl "-ssl2"
case $? in case $? in
@ -5611,7 +5645,7 @@ parse_tls_serverhello() {
sslv2_sockets() { sslv2_sockets() {
local nr_ciphers_detected local ret
fd_socket 5 || return 6 fd_socket 5 || return 6
debugme outln "sending client hello... " debugme outln "sending client hello... "
@ -5625,43 +5659,7 @@ sslv2_sockets() {
fi fi
parse_sslv2_serverhello "$SOCK_REPLY_FILE" parse_sslv2_serverhello "$SOCK_REPLY_FILE"
case $? in ret=$?
7) # strange reply, couldn't convert the cipher spec length to a hex number
pr_cyan "strange v2 reply "
outln " (rerun with DEBUG >=2)"
[[ $DEBUG -ge 3 ]] && hexdump -C "$SOCK_REPLY_FILE" | head -1
ret=7
fileout "sslv2" "WARN" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)"
;;
1) # no sslv2 server hello returned, like in openlitespeed which returns HTTP!
pr_done_bestln "not offered (OK)"
ret=0
fileout "sslv2" "OK" "SSLv2 not offered (OK)"
;;
0) # reset
pr_done_bestln "not offered (OK)"
ret=0
fileout "sslv2" "OK" "SSLv2 not offered (OK)"
;;
3) # everything else
lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>/dev/null)")
[[ "$DEBUG" -ge 2 ]] && out " ($lines lines) "
if [[ "$lines" -gt 1 ]]; then
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
add_tls_offered "ssl2"
if [[ 0 -eq "$nr_ciphers_detected" ]]; then
pr_svrty_highln "supported but couldn't detect a cipher and vulnerable to CVE-2015-3197 ";
fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to CVE-2015-3197"
else
pr_svrty_critical "offered (NOT ok), also VULNERABLE to DROWN attack";
outln " -- $nr_ciphers_detected ciphers"
fileout "sslv2" "NOT ok" "SSLv2 offered (NOT ok), vulnerable to DROWN attack. Detected ciphers: $nr_ciphers_detected"
fi
ret=1
fi ;;
esac
pr_off
debugme outln
close_socket close_socket
TMPFILE=$SOCK_REPLY_FILE TMPFILE=$SOCK_REPLY_FILE
@ -6656,26 +6654,18 @@ run_drown() {
fi fi
# if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl # if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl
pr_bold " DROWN"; out " (2016-0800, CVE-2016-0703), exper. " pr_bold " DROWN"; out " (2016-0800, CVE-2016-0703), exper. "
fd_socket 5 || return 6 sslv2_sockets
debugme outln "sending client hello... "
socksend_sslv2_clienthello "$SSLv2_CLIENT_HELLO"
sockread_serverhello 32768
debugme outln "reading server hello... "
if [[ "$DEBUG" -ge 4 ]]; then
hexdump -C "$SOCK_REPLY_FILE" | head -6
outln
fi
parse_sslv2_serverhello "$SOCK_REPLY_FILE"
case $? in case $? in
7) # strange reply, couldn't convert the cipher spec length to a hex number 7) # strange reply, couldn't convert the cipher spec length to a hex number
fixme "strange v2 reply " fixme "strange v2 reply "
outln " (rerun with DEBUG >=2)" outln " (rerun with DEBUG >=2)"
[[ $DEBUG -ge 3 ]] && hexdump -C "$SOCK_REPLY_FILE" | head -1 [[ $DEBUG -ge 3 ]] && hexdump -C "$TEMPDIR/$NODEIP.sslv2_sockets.dd" | head -1
ret=7 ret=7
fileout "drown" "MINOR_ERROR" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)" fileout "drown" "MINOR_ERROR" "SSLv2: received a strange SSLv2 reply (rerun with DEBUG>=2)"
;; ;;
3) # vulnerable 3) # vulnerable
lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>/dev/null)") lines=$(count_lines "$(hexdump -C "$TEMPDIR/$NODEIP.sslv2_sockets.dd" 2>/dev/null)")
debugme out " ($lines lines) " debugme out " ($lines lines) "
if [[ "$lines" -gt 1 ]]; then if [[ "$lines" -gt 1 ]]; then
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3)) nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))