Nmap Development mailing list archives
Re: [NSE][PATCH] OpenSSL bindings for NSE
From: David Fifield <david () bamsoftware com>
Date: Mon, 22 Sep 2008 17:47:21 -0600
On Fri, Sep 19, 2008 at 09:12:24AM +0200, Sven Klemm wrote:
Hi everyone, here is the latest OpenSSL bindings patch for nmap including support for multiprecision integer arithmetics, message digests, hmac, symmetric encryption, symmetric decryption. Documentation for the new functions is also included.
Hi Sven. This is looking great. The documentation is especially appreciated. This module will open a lot of doors for script developers and I'd like to see it integrated. Before that can be done, it must be made to degrade gracefully when OpenSSL isn't available. I see that you have altered the makefile not to build the module in that case. Patrick's recent change to allow script scanning in the face of "require" errors also helps. The way I see it, the remaining challenges are, when OpenSSL isn't available, 1) to make sure the script engine skips over script that use the openssl module without an error message, except at higher verbosity levels, and 2) to make sure --script-updatedb works. A minor issue is the removal of the current hash module, but that's small enough that it can be handled as part of the merge. Is it possible to modify SSH-hostkey.nse to keep it from throwing an error is openssl isn't available? If so, please do it. If it's not hard to do, it can become the standard technique for using OpenSSL in scripts. A solution that didn't require any script modifications would be better, but one that only requires one or two lines in each openssl-using script would be fine. By the way, I just did "./configure --without-openssl" to test. That's how I found that --script-updatedb didn't work. Merging the openssl module will remove a bit of existing functionality in the no-OpenSSL case. Any scripts that now use the hash module would now require OpenSSL, even though now they do not. That's because nbase currently has copied some OpenSSL files to do hashing, and these would be removed in preference of using the OpenSSL functions. I think that loss is acceptable, particularly because OpenSSL is usually available, but I want to be clear to everyone about what merging the openssl module would mean. David _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE][PATCH] OpenSSL bindings for NSE, (continued)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 04)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 04)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 04)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 22)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 22)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Ron (Sep 22)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 22)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Ron (Sep 22)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 22)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 23)