Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 22:05:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Missed todo comment fix; cleanup output

Browse Source
This commit is contained in:
Magnus Larsen
2020-05-28 20:33:17 +02:00
parent 985e647cdf
commit e6150a2348
1 changed files with 9 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
testssl.sh
View File

@@ -1035,36 +1035,29 @@ set_grade_warning() {
set_key_str_score() { set_key_str_score() {
local type=$1 local type=$1
local size=$2 local size=$2
local type_output
"$do_rating" || return 0 "$do_rating" || return 0
<<<<<<< HEAD [[ $type == DHE ]] && type_output="DH key exchange parameters" || type_output="key"
if [[ $type == EC ]]; then
if [[ $size -lt 123 ]] && [[ $KEY_EXCH_SCORE -gt 40 ]]; then
=======
# TODO: We need to get the size of DH params (follows the same table as the "else" clause)
# For now, verifying the key size will do...
if [[ $type == EC || $type == EdDSA ]]; then if [[ $type == EC || $type == EdDSA ]]; then
if [[ $size -lt 110 ]] && [[ $KEY_EXCH_SCORE -gt 20 ]]; then if [[ $size -lt 123 ]] && [[ $KEY_EXCH_SCORE -gt 40 ]]; then
let KEY_EXCH_SCORE=20
set_grade_cap "F" "Using an insecure key"
elif [[ $size -lt 123 ]] && [[ $KEY_EXCH_SCORE -gt 40 ]]; then
>>>>>>> upstream/3.1dev
let KEY_EXCH_SCORE=40 let KEY_EXCH_SCORE=40
set_grade_cap "F" "Using an insecure key" set_grade_cap "F" "Using an insecure $type_output"
elif [[ $size -lt 163 ]] && [[ $KEY_EXCH_SCORE -gt 80 ]]; then elif [[ $size -lt 163 ]] && [[ $KEY_EXCH_SCORE -gt 80 ]]; then
let KEY_EXCH_SCORE=80 let KEY_EXCH_SCORE=80
set_grade_cap "B" "Using a weak key" set_grade_cap "B" "Using a weak $type_output"
elif [[ $size -lt 225 ]] && [[ $KEY_EXCH_SCORE -gt 90 ]]; then elif [[ $size -lt 225 ]] && [[ $KEY_EXCH_SCORE -gt 90 ]]; then
let KEY_EXCH_SCORE=90 let KEY_EXCH_SCORE=90
fi fi
else else
if [[ $size -lt 1024 ]] && [[ $KEY_EXCH_SCORE -gt 40 ]]; then if [[ $size -lt 1024 ]] && [[ $KEY_EXCH_SCORE -gt 40 ]]; then
let KEY_EXCH_SCORE=40 let KEY_EXCH_SCORE=40
set_grade_cap "F" "Using an insecure key / DH key exchange parameters" set_grade_cap "F" "Using an insecure $type_output"
elif [[ $size -lt 2048 ]] && [[ $KEY_EXCH_SCORE -gt 80 ]]; then elif [[ $size -lt 2048 ]] && [[ $KEY_EXCH_SCORE -gt 80 ]]; then
let KEY_EXCH_SCORE=80 let KEY_EXCH_SCORE=80
set_grade_cap "B" "Using a weak key / DH key exchange parameters" set_grade_cap "B" "Using a weak $type_output"
elif [[ $size -lt 4096 ]] && [[ $KEY_EXCH_SCORE -gt 90 ]]; then elif [[ $size -lt 4096 ]] && [[ $KEY_EXCH_SCORE -gt 90 ]]; then
let KEY_EXCH_SCORE=90 let KEY_EXCH_SCORE=90
fi fi
@@ -8520,7 +8513,7 @@ certificate_info() {
fi fi
out " bits" out " bits"
set_key_str_score "$short_keyAlgo" "$cert_keysize" # TODO: should be $dh_param_size set_key_str_score "$short_keyAlgo" "$cert_keysize"
elif [[ $cert_key_algo =~ RSA ]] || [[ $cert_key_algo =~ rsa ]] || [[ $cert_key_algo =~ dsa ]] || \ elif [[ $cert_key_algo =~ RSA ]] || [[ $cert_key_algo =~ rsa ]] || [[ $cert_key_algo =~ dsa ]] || \
[[ $cert_key_algo =~ dhKeyAgreement ]] || [[ $cert_key_algo == X9.42\ DH ]]; then [[ $cert_key_algo =~ dhKeyAgreement ]] || [[ $cert_key_algo == X9.42\ DH ]]; then
if [[ "$cert_keysize" -le 512 ]]; then if [[ "$cert_keysize" -le 512 ]]; then