mirror of
				https://github.com/drwetter/testssl.sh.git
				synced 2025-10-26 05:20:59 +01:00 
			
		
		
		
	Speedup normalize_ciphercode()
While doing some performance testing I discovered that `normalize_ciphercode()` is very slow. This PR simplifies the function and speeds it up significantly. This PR also addresses the TODO item in `normalize_ciphercode()` by eliminating the global variable HEXC.
This commit is contained in:
		
							parent
							
								
									27aa25711d
								
							
						
					
					
						commit
						875cd43087
					
				
							
								
								
									
										40
									
								
								testssl.sh
									
									
									
									
									
								
							
							
						
						
									
										40
									
								
								testssl.sh
									
									
									
									
									
								
							| @ -209,7 +209,6 @@ GOST_STATUS_PROBLEM=false | |||||||
| DETECTED_TLS_VERSION="" | DETECTED_TLS_VERSION="" | ||||||
| PATTERN2SHOW="" | PATTERN2SHOW="" | ||||||
| SOCK_REPLY_FILE="" | SOCK_REPLY_FILE="" | ||||||
| HEXC="" |  | ||||||
| NW_STR="" | NW_STR="" | ||||||
| LEN_STR="" | LEN_STR="" | ||||||
| SNI="" | SNI="" | ||||||
| @ -2022,30 +2021,19 @@ run_more_flags() { | |||||||
| } | } | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| # #1: string with 2 opensssl codes, HEXC= same in NSS/ssllabs terminology | # #1: string with 2 opensssl codes, output is same in NSS/ssllabs terminology | ||||||
| normalize_ciphercode() { | normalize_ciphercode() { | ||||||
|      part1=$(echo "$1" | awk -F',' '{ print $1 }') |      if [[ "${1:2:2}" == "00" ]]; then | ||||||
|      part2=$(echo "$1" | awk -F',' '{ print $2 }') |           out "$(tolower "x${1:7:2}")" | ||||||
|      part3=$(echo "$1" | awk -F',' '{ print $3 }') |  | ||||||
|      if [[ "$part1" == "0x00" ]]; then       # leading 0x00 |  | ||||||
|           HEXC=$part2 |  | ||||||
|      else |      else | ||||||
|           #part2=$(echo $part2 | sed 's/0x//g') |           out "$(tolower "x${1:2:2}${1:7:2}${1:12:2}")" | ||||||
|           part2=${part2//0x/} |  | ||||||
|           if [[ -n "$part3" ]]; then    # a SSLv2 cipher has three parts |  | ||||||
|                #part3=$(echo $part3 | sed 's/0x//g') |  | ||||||
|                part3=${part3//0x/} |  | ||||||
|      fi |      fi | ||||||
|           HEXC="$part1$part2$part3" |  | ||||||
|      fi |  | ||||||
| #TODO: we should just echo this and avoid the global var HEXC |  | ||||||
|      HEXC=$(tolower "$HEXC"| sed 's/0x/x/')  # strip leading 0 |  | ||||||
|      return 0 |      return 0 | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| prettyprint_local() { | prettyprint_local() { | ||||||
|      local arg |      local arg | ||||||
|      local hexcode dash ciph sslvers kx auth enc mac export |      local hexc hexcode dash ciph sslvers kx auth enc mac export | ||||||
|      local re='^[0-9A-Fa-f]+$' |      local re='^[0-9A-Fa-f]+$' | ||||||
| 
 | 
 | ||||||
|      if [[ "$1" == 0x* ]] || [[ "$1" == 0X* ]]; then |      if [[ "$1" == 0x* ]] || [[ "$1" == 0X* ]]; then | ||||||
| @ -2066,19 +2054,19 @@ prettyprint_local() { | |||||||
| 
 | 
 | ||||||
|      if [[ -z "$1" ]]; then |      if [[ -z "$1" ]]; then | ||||||
|           $OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE | while read hexcode dash ciph sslvers kx auth enc mac export ; do       # -V doesn't work with openssl < 1.0 |           $OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE | while read hexcode dash ciph sslvers kx auth enc mac export ; do       # -V doesn't work with openssl < 1.0 | ||||||
|                normalize_ciphercode $hexcode |                hexc="$(normalize_ciphercode $hexcode)" | ||||||
|                neat_list "$HEXC" "$ciph" "$kx" "$enc" |                neat_list "$hexc" "$ciph" "$kx" "$enc" | ||||||
|                outln |                outln | ||||||
|           done |           done | ||||||
|      else |      else | ||||||
|           #for arg in $(echo $@ | sed 's/,/ /g'); do |           #for arg in $(echo $@ | sed 's/,/ /g'); do | ||||||
|           for arg in ${*//,/ /}; do |           for arg in ${*//,/ /}; do | ||||||
|                $OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE | while read hexcode dash ciph sslvers kx auth enc mac export ; do # -V doesn't work with openssl < 1.0 |                $OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' 2>$ERRFILE | while read hexcode dash ciph sslvers kx auth enc mac export ; do # -V doesn't work with openssl < 1.0 | ||||||
|                     normalize_ciphercode $hexcode |                     hexc="$(normalize_ciphercode $hexcode)" | ||||||
|                     # for numbers we don't do word matching: |                     # for numbers we don't do word matching: | ||||||
|                     [[ $arg =~ $re ]] && \ |                     [[ $arg =~ $re ]] && \ | ||||||
|                          neat_list "$HEXC" "$ciph" "$kx" "$enc" | grep -ai "$arg" || \ |                          neat_list "$hexc" "$ciph" "$kx" "$enc" | grep -ai "$arg" || \ | ||||||
|                          neat_list "$HEXC" "$ciph" "$kx" "$enc" | grep -wai "$arg" |                          neat_list "$hexc" "$ciph" "$kx" "$enc" | grep -wai "$arg" | ||||||
|                done |                done | ||||||
|           done |           done | ||||||
|      fi |      fi | ||||||
| @ -2418,16 +2406,16 @@ test_just_one(){ | |||||||
|                done |                done | ||||||
|           else |           else | ||||||
|                while read hexc n ciph[nr_ciphers] sslvers[nr_ciphers] kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do |                while read hexc n ciph[nr_ciphers] sslvers[nr_ciphers] kx[nr_ciphers] auth enc[nr_ciphers] mac export2[nr_ciphers]; do | ||||||
|                     normalize_ciphercode $hexc |                     hexc="$(normalize_ciphercode $hexc)" | ||||||
|                     # is argument a number? |                     # is argument a number? | ||||||
|                     if [[ $arg =~ $re ]]; then |                     if [[ $arg =~ $re ]]; then | ||||||
|                          neat_list "$HEXC" "${ciph[nr_ciphers]}" "${kx[nr_ciphers]}" "${enc[nr_ciphers]}" | grep -qai "$arg" |                          neat_list "$hexc" "${ciph[nr_ciphers]}" "${kx[nr_ciphers]}" "${enc[nr_ciphers]}" | grep -qai "$arg" | ||||||
|                     else |                     else | ||||||
|                          neat_list "$HEXC" "${ciph[nr_ciphers]}" "${kx[nr_ciphers]}" "${enc[nr_ciphers]}" | grep -qwai "$arg" |                          neat_list "$hexc" "${ciph[nr_ciphers]}" "${kx[nr_ciphers]}" "${enc[nr_ciphers]}" | grep -qwai "$arg" | ||||||
|                     fi |                     fi | ||||||
|                     if [[ $? -eq 0 ]]; then    # string matches, so we can ssl to it: |                     if [[ $? -eq 0 ]]; then    # string matches, so we can ssl to it: | ||||||
|                          ciphers_found[nr_ciphers]=false |                          ciphers_found[nr_ciphers]=false | ||||||
|                          normalized_hexcode[nr_ciphers]="$HEXC" |                          normalized_hexcode[nr_ciphers]="$hexc" | ||||||
|                          sigalg[nr_ciphers]="" |                          sigalg[nr_ciphers]="" | ||||||
|                          ossl_supported[nr_ciphers]=true |                          ossl_supported[nr_ciphers]=true | ||||||
|                          nr_ciphers+=1 |                          nr_ciphers+=1 | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user