Re: [NSE][PATCH] OpenSSL bindings for NSE

[Sven Klemm <sven () c3d2 de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Fifield wrote:
| On Sun, Aug 31, 2008 at 02:33:11PM +0200, Sven Klemm wrote:
|> I've updated the openssl bindings. The module is now built as a
static
|> module. The module is built when OpenSSL is available and Lua is
enabled.
|>
|> The module currently includes all the functions I needed for
writing the
|> SSH hostkey script, which are mostly bignum functions. I've also added
|> documentation for the included functions.
|
| I checked out your nse_openssl branch and built it with
| --without-openssl. Then I ran
|
|       nmap --script=SSH-hostkey -p ssh goomba.bamsoftware.com
- --script-args=ssh_hostkey=all
|
| I got the error
|
|       SCRIPT ENGINE: Initiating script scanning.
|       SCRIPT ENGINE: Script scanning mail.bamsoftware.com (64.81.99.73).
|       SCRIPT ENGINE: error while initializing script rules:
|       ./scripts/SSH-hostkey.nse:34: module 'openssl' not found:
|               no field package.preload['openssl']
|               no file './nselib/openssl.lua'
|               no file './openssl.lua'
|               no file '/usr/local/share/lua/5.1/openssl.lua'
|               no file '/usr/local/share/lua/5.1/openssl/init.lua'
|               no file '/usr/local/lib/lua/5.1/openssl.lua'
|               no file '/usr/local/lib/lua/5.1/openssl/init.lua'
|               no file './nselib-bin/openssl.so'
|               no file './openssl.so'
|               no file '/usr/local/lib/lua/5.1/openssl.so'
|               no file '/usr/local/lib/lua/5.1/loadall.so'
|       stack traceback:
|               [C]: in function 'require'
|               ./scripts/SSH-hostkey.nse:34: in main chunk
|               [C]: ?
|               [C]: ?
|
|       SCRIPT ENGINE: Script scanning completed.
|       SCRIPT ENGINE: Aborting script scan.
|
| I agree that the OpenSSL library could be useful. Is there a way to
| handle this situation gracefully? As it is it halts all script scanning
| when the openssl module can't be loaded.

I haven't added any error handling to the script in case openssl is
missing. The script could check for nmap.have_ssl() and return false
in the portrule in this case.

|
| Can you explain the "BIGNUM" metatable? It appears to be used for type
| checking or arguments:
|
|   bignum_data_t * a = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM");
|
| but aren't metatable methods supposed to have names like __add and
| __sub? The "BIGNUM" table has the OpenSSL names num_bits, num_bytes,
| etc.

A lot of the functions in this module return userdata of type BIGNUM.
The functions in the metatable are the functions available on objects
of this type.

For example bn = openssl.dec2bn("24234234242") will return a userdata
object of type BIGNUM. All functions defined in the metatable are
available on bn. You can for example write bn:to_dec() which is
equivalent to openssl.bignum_bn2dec( bn ). As it maps to the same C
function.

The methods starting with __ are methods with a special meaning. For
example __gc is called when the garbage collector sees the object is
no longer referenced and will remove it. __add and __sub are for + und
- - operator behavior.
Did this explain the purpose of the metatable?

Cheers,
Sven

- --
Sven Klemm
http://cthulhu.c3d2.de/~sven/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki/AggACgkQevlgTHEIT4ZaegCfRShp3UstpkYrjnIw2Tq9OkcX
w1wAnA6gb2lvJSWu6azlNkGFJaGabXDk
=8JYT
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org