Re: [NSE][PATCH] OpenSSL bindings for NSE

[Fyodor <fyodor () insecure org>]

On Sun, Aug 31, 2008 at 02:33:11PM +0200, Sven Klemm wrote:
> Hi,
>
> I've updated the openssl bindings. The module is now built as a static 
> module. The module is built when OpenSSL is available and Lua is enabled.
>
> The module currently includes all the functions I needed for writing 
> the SSH hostkey script, which are mostly bignum functions. I've also 
> added documentation for the included functions.
>
> Any opinions about integrating this into nmap?

Hi Sven.  This certainly looks like an interesting and potentially
quite useful module.  But I haven't had time to really review the code
closely.  If we put this module in, and scripts start depending on it,
how do you suggest those scripts deal with the cases where OpenSSL
isn't available?  I'm not sure that we should require OpenSSL (though
it is an option), so failing that we need a good way for scripts to
deal elegantly with its absence.

Also, we recently added the OpenSSL hash functions
to Nbase.  If we were to put these bindings in, we should probably
deal with the hash functions the same way and remove them from Nbase.

Another option would be to move the bignum operations into Nbase, but
there quickly comes a point where it is better to just use OpenSSL
rather than import multiple parts of it into our codebase.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org