mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 06:13:42 +01:00
commit
19983c0c2b
12
cipherscan
12
cipherscan
@ -42,6 +42,11 @@ if [[ "$TIMEOUTOUTPUT" =~ BusyBox ]]; then
|
||||
TIMEOUTBIN="$TIMEOUTBIN -t"
|
||||
fi
|
||||
|
||||
# use custom config file to enable GOST ciphers
|
||||
if [[ -e $(dirname $0)/openssl.cnf ]]; then
|
||||
export OPENSSL_CONF="$(dirname $0)/openssl.cnf"
|
||||
fi
|
||||
|
||||
# find a list of trusted CAs on the local system, or use the provided list
|
||||
if [ -z "$CACERTS" ]; then
|
||||
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
|
||||
@ -306,7 +311,12 @@ parse_openssl_output() {
|
||||
while read data; do
|
||||
if [[ $data =~ Signature\ Algorithm ]]; then
|
||||
local match=($data)
|
||||
current_sigalg="${match[2]}"
|
||||
unset match[0]
|
||||
unset match[1]
|
||||
local old_IFS="$IFS"
|
||||
IFS="_"
|
||||
current_sigalg="${match[*]}"
|
||||
IFS="$old_IFS"
|
||||
fi
|
||||
done <<<"$ossl_out"
|
||||
fi
|
||||
|
12
openssl.cnf
Normal file
12
openssl.cnf
Normal file
@ -0,0 +1,12 @@
|
||||
openssl_conf = openssl_def
|
||||
|
||||
[openssl_def]
|
||||
engines = engine_section
|
||||
|
||||
[engine_section]
|
||||
gost = gost_section
|
||||
|
||||
[gost_section]
|
||||
engine_id = gost
|
||||
default_algorithms = ALL
|
||||
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
|
@ -87,6 +87,7 @@ for r,d,flist in os.walk(path):
|
||||
tempkeystats = {}
|
||||
tempecckeystats = {}
|
||||
tempdsakeystats = {}
|
||||
tempgostkeystats = {}
|
||||
tempsigstats = {}
|
||||
tempticketstats = {}
|
||||
tempeccfallback = "unknown"
|
||||
@ -101,6 +102,7 @@ for r,d,flist in os.walk(path):
|
||||
DES3 = False
|
||||
CAMELLIA = False
|
||||
RC4 = False
|
||||
GOST89_cipher = False
|
||||
""" variables to support handshake simulation for different clients """
|
||||
client_RC4_Only={}
|
||||
client_compat={}
|
||||
@ -124,6 +126,7 @@ for r,d,flist in os.walk(path):
|
||||
RSA = False
|
||||
ECDH = False
|
||||
DH = False
|
||||
GOST2001_kex = False
|
||||
SSL2 = False
|
||||
SSL3 = False
|
||||
TLS1 = False
|
||||
@ -220,6 +223,11 @@ for r,d,flist in os.walk(path):
|
||||
ciphertypes += 1
|
||||
name = "y:" + entry['cipher']
|
||||
tempcipherstats[name] = 1
|
||||
elif 'GOST89-GOST89' in entry['cipher']:
|
||||
GOST89_cipher = True
|
||||
ciphertypes += 1
|
||||
name = "y:" + entry['cipher']
|
||||
tempcipherstats[name] = 1
|
||||
else:
|
||||
ciphertypes += 1
|
||||
name = "z:" + entry['cipher']
|
||||
@ -241,6 +249,8 @@ for r,d,flist in os.walk(path):
|
||||
ECDH = True
|
||||
elif 'DH' in entry['cipher']:
|
||||
DH = True
|
||||
elif entry['cipher'].startswith('GOST2001'):
|
||||
GOST2001_kex = True
|
||||
else:
|
||||
RSA = True
|
||||
|
||||
@ -252,6 +262,8 @@ for r,d,flist in os.walk(path):
|
||||
tempdsakeystats[entry['pubkey'][0]] = 1
|
||||
elif 'AECDH' in entry['cipher'] or 'ADH' in entry['cipher']:
|
||||
""" skip """
|
||||
elif 'GOST' in entry['cipher']:
|
||||
tempgostkeystats[entry['pubkey'][0]] = 1
|
||||
else:
|
||||
tempkeystats[entry['pubkey'][0]] = 1
|
||||
if ECDSA:
|
||||
@ -320,6 +332,8 @@ for r,d,flist in os.walk(path):
|
||||
keysize['ECDSA ' + s] += 1
|
||||
for s in tempdsakeystats:
|
||||
keysize['DSA ' + s] += 1
|
||||
for s in tempgostkeystats:
|
||||
keysize['GOST ' + s] += 1
|
||||
|
||||
if dualstack:
|
||||
dsarsastack += 1
|
||||
@ -449,6 +463,8 @@ for r,d,flist in os.walk(path):
|
||||
handshakestats['ECDH'] += 1
|
||||
if DH:
|
||||
handshakestats['DH'] += 1
|
||||
if GOST2001_kex:
|
||||
handshakestats['GOST2001'] += 1
|
||||
if RSA:
|
||||
handshakestats['RSA'] += 1
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user