mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 14:23:41 +01:00
commit
19983c0c2b
12
cipherscan
12
cipherscan
@ -42,6 +42,11 @@ if [[ "$TIMEOUTOUTPUT" =~ BusyBox ]]; then
|
|||||||
TIMEOUTBIN="$TIMEOUTBIN -t"
|
TIMEOUTBIN="$TIMEOUTBIN -t"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# use custom config file to enable GOST ciphers
|
||||||
|
if [[ -e $(dirname $0)/openssl.cnf ]]; then
|
||||||
|
export OPENSSL_CONF="$(dirname $0)/openssl.cnf"
|
||||||
|
fi
|
||||||
|
|
||||||
# find a list of trusted CAs on the local system, or use the provided list
|
# find a list of trusted CAs on the local system, or use the provided list
|
||||||
if [ -z "$CACERTS" ]; then
|
if [ -z "$CACERTS" ]; then
|
||||||
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
|
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
|
||||||
@ -306,7 +311,12 @@ parse_openssl_output() {
|
|||||||
while read data; do
|
while read data; do
|
||||||
if [[ $data =~ Signature\ Algorithm ]]; then
|
if [[ $data =~ Signature\ Algorithm ]]; then
|
||||||
local match=($data)
|
local match=($data)
|
||||||
current_sigalg="${match[2]}"
|
unset match[0]
|
||||||
|
unset match[1]
|
||||||
|
local old_IFS="$IFS"
|
||||||
|
IFS="_"
|
||||||
|
current_sigalg="${match[*]}"
|
||||||
|
IFS="$old_IFS"
|
||||||
fi
|
fi
|
||||||
done <<<"$ossl_out"
|
done <<<"$ossl_out"
|
||||||
fi
|
fi
|
||||||
|
12
openssl.cnf
Normal file
12
openssl.cnf
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
openssl_conf = openssl_def
|
||||||
|
|
||||||
|
[openssl_def]
|
||||||
|
engines = engine_section
|
||||||
|
|
||||||
|
[engine_section]
|
||||||
|
gost = gost_section
|
||||||
|
|
||||||
|
[gost_section]
|
||||||
|
engine_id = gost
|
||||||
|
default_algorithms = ALL
|
||||||
|
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
|
@ -87,6 +87,7 @@ for r,d,flist in os.walk(path):
|
|||||||
tempkeystats = {}
|
tempkeystats = {}
|
||||||
tempecckeystats = {}
|
tempecckeystats = {}
|
||||||
tempdsakeystats = {}
|
tempdsakeystats = {}
|
||||||
|
tempgostkeystats = {}
|
||||||
tempsigstats = {}
|
tempsigstats = {}
|
||||||
tempticketstats = {}
|
tempticketstats = {}
|
||||||
tempeccfallback = "unknown"
|
tempeccfallback = "unknown"
|
||||||
@ -101,6 +102,7 @@ for r,d,flist in os.walk(path):
|
|||||||
DES3 = False
|
DES3 = False
|
||||||
CAMELLIA = False
|
CAMELLIA = False
|
||||||
RC4 = False
|
RC4 = False
|
||||||
|
GOST89_cipher = False
|
||||||
""" variables to support handshake simulation for different clients """
|
""" variables to support handshake simulation for different clients """
|
||||||
client_RC4_Only={}
|
client_RC4_Only={}
|
||||||
client_compat={}
|
client_compat={}
|
||||||
@ -124,6 +126,7 @@ for r,d,flist in os.walk(path):
|
|||||||
RSA = False
|
RSA = False
|
||||||
ECDH = False
|
ECDH = False
|
||||||
DH = False
|
DH = False
|
||||||
|
GOST2001_kex = False
|
||||||
SSL2 = False
|
SSL2 = False
|
||||||
SSL3 = False
|
SSL3 = False
|
||||||
TLS1 = False
|
TLS1 = False
|
||||||
@ -220,6 +223,11 @@ for r,d,flist in os.walk(path):
|
|||||||
ciphertypes += 1
|
ciphertypes += 1
|
||||||
name = "y:" + entry['cipher']
|
name = "y:" + entry['cipher']
|
||||||
tempcipherstats[name] = 1
|
tempcipherstats[name] = 1
|
||||||
|
elif 'GOST89-GOST89' in entry['cipher']:
|
||||||
|
GOST89_cipher = True
|
||||||
|
ciphertypes += 1
|
||||||
|
name = "y:" + entry['cipher']
|
||||||
|
tempcipherstats[name] = 1
|
||||||
else:
|
else:
|
||||||
ciphertypes += 1
|
ciphertypes += 1
|
||||||
name = "z:" + entry['cipher']
|
name = "z:" + entry['cipher']
|
||||||
@ -241,6 +249,8 @@ for r,d,flist in os.walk(path):
|
|||||||
ECDH = True
|
ECDH = True
|
||||||
elif 'DH' in entry['cipher']:
|
elif 'DH' in entry['cipher']:
|
||||||
DH = True
|
DH = True
|
||||||
|
elif entry['cipher'].startswith('GOST2001'):
|
||||||
|
GOST2001_kex = True
|
||||||
else:
|
else:
|
||||||
RSA = True
|
RSA = True
|
||||||
|
|
||||||
@ -252,6 +262,8 @@ for r,d,flist in os.walk(path):
|
|||||||
tempdsakeystats[entry['pubkey'][0]] = 1
|
tempdsakeystats[entry['pubkey'][0]] = 1
|
||||||
elif 'AECDH' in entry['cipher'] or 'ADH' in entry['cipher']:
|
elif 'AECDH' in entry['cipher'] or 'ADH' in entry['cipher']:
|
||||||
""" skip """
|
""" skip """
|
||||||
|
elif 'GOST' in entry['cipher']:
|
||||||
|
tempgostkeystats[entry['pubkey'][0]] = 1
|
||||||
else:
|
else:
|
||||||
tempkeystats[entry['pubkey'][0]] = 1
|
tempkeystats[entry['pubkey'][0]] = 1
|
||||||
if ECDSA:
|
if ECDSA:
|
||||||
@ -320,6 +332,8 @@ for r,d,flist in os.walk(path):
|
|||||||
keysize['ECDSA ' + s] += 1
|
keysize['ECDSA ' + s] += 1
|
||||||
for s in tempdsakeystats:
|
for s in tempdsakeystats:
|
||||||
keysize['DSA ' + s] += 1
|
keysize['DSA ' + s] += 1
|
||||||
|
for s in tempgostkeystats:
|
||||||
|
keysize['GOST ' + s] += 1
|
||||||
|
|
||||||
if dualstack:
|
if dualstack:
|
||||||
dsarsastack += 1
|
dsarsastack += 1
|
||||||
@ -449,6 +463,8 @@ for r,d,flist in os.walk(path):
|
|||||||
handshakestats['ECDH'] += 1
|
handshakestats['ECDH'] += 1
|
||||||
if DH:
|
if DH:
|
||||||
handshakestats['DH'] += 1
|
handshakestats['DH'] += 1
|
||||||
|
if GOST2001_kex:
|
||||||
|
handshakestats['GOST2001'] += 1
|
||||||
if RSA:
|
if RSA:
|
||||||
handshakestats['RSA'] += 1
|
handshakestats['RSA'] += 1
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user