Commit Graph

3980 Commits

Author SHA1 Message Date
Dirk Wetter b8d1a3506a
Merge pull request #1525 from drwetter/update_template
Update ISSUE_TEMPLATE.md
2020-03-06 13:01:03 +01:00
Dirk Wetter 9f1fa04e07
Update ISSUE_TEMPLATE.md 2020-03-03 21:18:09 +01:00
Dirk Wetter 1fb96df369 Avoid external "/bin/pwd"
.. as it may not be everywhere available, see #1521 (NixOS).

This commit replaces all instances from pwd or /bin/pwd by `pwd -P`
(-P -> no symbolic link)
2020-03-03 12:36:22 +01:00
David Cooper 83e76a442b Fix handling of \n in strings 2020-02-27 13:59:05 -05:00
David Cooper b92f0de2c9 Fix HTML generation
This PR fixes two issues related to the generation of HTML files.

First, text that is to appear in the HTML file is first passed through html_reserved() to replace reserved characters with their corresponding entity names (e.g., '>' becomes '>'). html_reserved() seems to work correctly on Ubuntu Linux, but it does not work as expected on MacOS. On MacOS, rather than converting '>' to '>', it gets converted to '\>', and the backslash is rendered by browsers.

This PR appears to fix the problem. However, given that the original version of html_reserved() was not portable, this revised version should be tested on multiple platforms.

I also noticed that in almost every case in which a string is passed to html_out(), it is first run through html_reserved(), but for some reason that is not the case in out() and outln(). I can't see any reason why html_reserved() is not called first in these two cases, so this PR adds in the calls.
2020-02-27 13:59:05 -05:00
Dirk Wetter e0c83b2a38
add more filters 2020-02-24 14:21:28 +01:00
Dirk Wetter 02b83cc092
Merge pull request #1516 from dcooper16/min_hsts
Fix use of HSTS_MIN
2020-02-21 09:59:32 +01:00
David Cooper f342031844 Fix use of HSTS_MIN
This commit fixes two minor issues related to HSTS_MIN:

* If there is a misconfiguration the recommended max-age should be based on $HSTS_MIN rather than being hardcoded to 15552000 seconds = 180 days.

* If max-age is exactly $HSTS_MIN, testssl.sh shouldn't say that max-age is too short while also say that >= $HSTS_MIN seconds is recommended.
2020-02-20 14:17:49 -05:00
Dirk Wetter 64fea03f66
Merge pull request #1510 from drwetter/rDNS_fixes
Fix for non compliant DNS PTR records
2020-02-15 15:22:22 +01:00
Dirk Wetter 95b6189076
Merge pull request #1509 from drwetter/container1
remove jq and beautify last line
2020-02-15 14:08:43 +01:00
Dirk Wetter b81c409135 Fix for non compliant DNS PTR records
This commit addresses two bugs: #1506 and #1508.

First, the variable rDNS can contain multiple lines due to multiple PTR DNS
records, though this is not recommended.  In those cases the multiple PTR DNS
were concatenated on the screen, without any blank.

Secondly - depending on the name server entries and on the output of the DNS
binaries used it can contain non-printable characters or characters which are
printable but later on interpreted on the output device (\032 was mentioned
in #1506) which on the screen was interpreted as octal 32 (decimal 26 = ▒,
try echo "\032"), so basically a terminal escape sequence was smuggled
from the DNS server to the screen of the users. In JSON pretty output we
had also this escape sequence which was fine for jsonlint but caused jq
to hiccup.

Fix: we use a loop to check for each FQDN returned. There we remove chars which
under those circumstances can show up. The blacklist is taken from RFC 1912
("Allowable characters in a label for a host name are only ASCII, letters, digits,
and the `-' character").
2020-02-15 13:43:37 +01:00
Dirk Wetter 75be8d9f38 remove jq and beautify last line 2020-02-15 12:09:33 +01:00
Dirk Wetter f01c1196c0
Merge pull request #1505 from dcooper16/fix_1504
Fix #1504
2020-02-13 17:52:06 +01:00
David Cooper 8d3640ca20 Fix #1504 by moving the description of the test out of the section that describes vulnerability tests. 2020-02-13 10:57:48 -05:00
Dirk Wetter d549c833c8
Merge pull request #1501 from dcooper16/cipher_order_wide
Wide output for cipher order
2020-02-13 09:34:40 +01:00
David Cooper 6c88a26861
Wide output for cipher order
Since, in cases in which the server enforces a cipher order, both run_cipher_per_proto() and run_server_preference() list every cipher supported by the server for each protocol, there was a discussion at one point about eliminating run_cipher_per_proto() and extending run_server_preference().

This PR takes a step in that direction by providing the option to present the "Cipher order" in wide mode.
2020-02-12 11:05:20 -05:00
Dirk Wetter b0cce84a7f
Merge pull request #1500 from dcooper16/shellcheck_SC2197
Fix Shellcheck SC2197
2020-02-10 20:45:16 +01:00
David Cooper 28d65247b0
Fix Shellcheck SC2197
This PR fixes one Shellcheck issue:

      In testssl_3.1dev_20200208.sh line 2395:
                HEADERVALUE="$(fgrep -Fai "$key:" $HEADERFILE | head -1)"
                               ^-- SC2197: fgrep is non-standard and deprecated. Use grep -F instead.

The man page for grep states that fgrep is the same a grep -F and that grep is deprecated. So, fgrep -F is just redundant.
2020-02-10 13:51:08 -05:00
Dirk Wetter 6da6335e5b
Merge pull request #1498 from dcooper16/minor_code_cleanup
Minor code cleanup
2020-02-08 10:32:46 +01:00
David Cooper 2af5fa72d1
Minor code cleanup
This PR makes some minor changes to the code in order to clean it up a little.
2020-02-07 17:21:22 -05:00
Dirk Wetter 8bdad385d5
Merge pull request #1497 from dcooper16/neat_list_export
neat_list() and export
2020-02-07 18:14:11 +01:00
David Cooper d916f048be
neat_list() and export
Currently, the function neat_list() uses the variable "export", but does not define it. The result is that "export" variable in the calling function is used.

This PR fixes that by defining "export" as a local variable in neat_list() and by setting its value via a new parameter to the function.

This PR also removes a "FIXME" from run_rc4() since the problem has already been fixed.
2020-02-06 14:33:13 -05:00
Dirk Wetter 9a0325875e
Merge pull request #1495 from dcooper16/fix_pub_key_length_calculation
Fix public key length calculation
2020-02-04 21:45:52 +01:00
David Cooper 3025d92ebf
Fix public key length calculation
This PR fixes a minor bug in get_pub_key_size(). If the key size is being determined manually and length encoding requires 4 bytes, then the current code computes the length incorrectly. This is a very insignificant bug, since does not apply to RSA or ECC keys, and the key would have to be at least 16 megabytes long for it to require 4 bytes to encode.

This PR also cleans up get_pub_key_size() a bit by replacing `i=$i+...` with `i+=...` and by enclosing math in `$(( ... ))`.
2020-02-04 14:55:53 -05:00
Dirk Wetter e9430bdd23
Merge pull request #1490 from drwetter/dotasurl_fix
Fix URL when hostname with trailing dot supplied
2020-02-04 16:20:23 +01:00
Dirk Wetter 77398af399
Merge pull request #1492 from dcooper16/fix_typos
Fix typos
2020-02-04 16:18:46 +01:00
David Cooper f756080a01
Fix typos
I noticed two places that had a single "&" rather than "&&". I didn't try to do any testing, but these certainly seem like typos.
2020-02-04 09:52:44 -05:00
Dirk c2df2f1fc0 Fix URL when hostname with trailing dot supplied
Hostnames can contain a trailing dot (and sometimes they should).
If they are supplied to testssl.sh however they will be also interpreted
as a URL PATH when the servive is HTTP.

This commit fixes that.
2020-02-03 22:26:01 +01:00
Dirk Wetter ccafd9125b
Merge pull request #1488 from dcooper16/fix_client_simulation
Fix client simulation
2020-01-31 20:23:58 +01:00
David Cooper 46c05c6732 Fix client simulation
replace ciphers with ch_ciphers and sni with ch_sni in client simulation data file.
2020-01-31 10:52:50 -05:00
Dirk Wetter 7c85b44a9f
Merge pull request #1482 from dcooper16/shellcheck_SC2178
Suppress shellcheck issue SC2178
2020-01-31 09:23:06 +01:00
Dirk Wetter e8b7a04e53
Merge pull request #1487 from simondeziel/dup-cipher
Remove (harmless) AESGCM dup in the strong ciphers list
2020-01-31 09:22:03 +01:00
Dirk Wetter 2f54613d6d
Merge pull request #1484 from dcooper16/tls13_post_handshake
TLS 1.3 post-handshake messages
2020-01-31 08:55:08 +01:00
Dirk Wetter 7443a532cf
Merge pull request #1486 from drwetter/fix_ids_friendly
Fix --ids-friendly
2020-01-31 08:48:01 +01:00
Dirk Wetter 89fd902b18
Merge pull request #1483 from dcooper16/minor_code_cleanup
Minor code cleanup
2020-01-31 08:41:43 +01:00
Simon Deziel 772713f497 Remove (harmless) AESGCM dup in the strong ciphers list
Signed-off-by: Simon Deziel <simon@sdeziel.info>
2020-01-30 17:29:44 -05:00
Dirk Wetter c4920f61e4 rename query_globals() --> count_do_variables()
.. and fix one problem instroduced with last patch (testssl.sh
din't work correclty if only an URI was supplied)
2020-01-30 22:25:10 +01:00
Dirk Wetter 073d383f76 Fix switch --ids-friendly
This switch had no effect. There was probably a regression
problem as it worked before.

Besides fixing that the large case statement in parse_cmd_line()
was simplified, in a sense that banner and help functions were
moved to a separate case statement.
2020-01-30 21:49:56 +01:00
David Cooper aba544b188
TLS 1.3 post-handshake messages
This PR adds support for post-handshake messages when using sockets with TLS 1.3 connections. If a TLS 1.3 connection is established and the connection is to remain open after tls_sockets() finishes, then after the client's Finished message is sent the master secret and the application traffic keys are computed. This PR also adds two new functions to send and receive application data over a TLS 1.3 connection.

This PR also includes two proofs-of-concept for the use of the new functions. receive_app_data() is called immediately after the client's Finished message is sent. Some server's will send new session tickets immediately after the handshake is complete. If they do, then the code will decrypt and parse the session ticket messages.

This PR also modifies service_detection() to try using sockets if the server only supports TLS 1.3 and $OPENSSL does not support TLS 1.3. After the handshake is complete, this code sends an HTTP GET request and reads the response. The code is fairly slow and it doesn't always work. However, since it is only used in cases in which $OPENSSL cannot work, it can't hurt to try using sockets.
2020-01-30 15:20:25 -05:00
David Cooper 5d2978fdbe
Minor code cleanup
This PR cleans up the code in a few places by using "case" statements in a few places where the value of a variable is checked multiple times.
2020-01-30 14:00:46 -05:00
David Cooper 19db41742f
Suppress shellcheck issue SC2178
Due to a bug, the shellcheck program will complain if a variable is defined as an array but is later used as an ordinary string, even if the two uses are locally defined variables in different contexts. The error message is:

   SC2178: Variable was used as an array but is now assigned a string.

While the warnings are not highlighting any actual problems in testssl.sh, this PR gets rid of the warnings by renaming a few variables.
2020-01-30 13:53:33 -05:00
Dirk Wetter 3a73a97b67
Merge pull request #1480 from drwetter/readme-patch1
Status update / mir rephrasing of key features
2020-01-30 18:14:43 +01:00
Dirk Wetter 16907cf77e
Status update / mir rephrasing of key features 2020-01-30 18:14:20 +01:00
Dirk Wetter ef21f3f9bf
Merge pull request #1476 from dcooper16/tls13_finished_messages
TLS 1.3 Finished messages
2020-01-30 10:26:27 +01:00
Dirk Wetter 5e9767a17c
Merge pull request #1477 from dcooper16/faster_gcm
Speedup AES-GCM
2020-01-30 10:22:02 +01:00
David Cooper 1ea631addd Speedup AES-GCM
The implementation of AES-GCM in #1473 is much slower than the original version, even when the authentication tag is not being computed. This PR modifies the code in gcm() in order to significantly speed up the encryption/decryption time (when authentication tags are not being computed).
2020-01-29 12:12:04 -05:00
David Cooper 7516c01315
TLS 1.3 Finished messages
This PR adds processing of the Finished messages in TLS 1.3 handshakes. It also addresses some shellcheck issues.

If in debug mode, the HMAC of the transcript hash of the handshake context ($msg_transcript) is computed and compared against the Finished message sent by the server.

If the full server response is parsed and the connection with the server is not to be closed when tls_sockets() completes, then the TLS 1.3 handshake is completed by creating the client Finished message and sending it to the server.
2020-01-28 11:15:03 -05:00
Dirk Wetter 3da67437f3
Merge pull request #1475 from dcooper16/reorganize_key_derivation
Reorganize TLS 1.3 key derivation
2020-01-27 21:52:24 +01:00
David Cooper b8d414b432
Reorganize TLS 1.3 key derivation
This PR reorganizes the code for deriving TLS 1.3 symmetric keys in order to facilitate implementing the full key schedule. For example, rather than having a single function to derive the handshake traffic keys, this PR creates one function to derive the handshake secret and a separate function to derive the handshake traffic keys. The second function has been generalized so that it can derive either client or server traffic keys. Separating into two functions also makes the handshake_secret available for later use to derive the master secret and then the application traffic secrets and the application traffic keys.

This PR also changes where there message transcript is created, a message transcript will also be needed to derive the application traffic secrets. This PR includes the code to add the messages to the initial message transcript that will be needed for the input to the application traffic secret derivation function.
2020-01-27 09:52:15 -05:00
Dirk Wetter c3bab98b92
Merge pull request #1474 from drwetter/backport_4b573dd
Suppress displaying an error in maketempf()
2020-01-26 01:30:58 +01:00