Nmap Development mailing list archives
Re: [NSE][PATCH] OpenSSL bindings for NSE
From: Sven Klemm <sven () c3d2 de>
Date: Tue, 02 Sep 2008 10:35:27 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fyodor wrote: | On Sun, Aug 31, 2008 at 02:33:11PM +0200, Sven Klemm wrote: |> Hi, |> |> I've updated the openssl bindings. The module is now built as a static |> module. The module is built when OpenSSL is available and Lua is enabled. |> |> The module currently includes all the functions I needed for writing |> the SSH hostkey script, which are mostly bignum functions. I've also |> added documentation for the included functions. |> |> Any opinions about integrating this into nmap? | | Hi Sven. This certainly looks like an interesting and potentially | quite useful module. But I haven't had time to really review the code | closely. If we put this module in, and scripts start depending on it, | how do you suggest those scripts deal with the cases where OpenSSL | isn't available? I'm not sure that we should require OpenSSL (though | it is an option), so failing that we need a good way for scripts to | deal elegantly with its absence. I think we shouldn't require OpenSSL although I wouldn't mind if we would. If you don't have OpenSSL those scripts using this module wouldn't work similar to Nsock not being able to establish SSL connections if you don't have OpenSSL. | Also, we recently added the OpenSSL hash functions | to Nbase. If we were to put these bindings in, we should probably | deal with the hash functions the same way and remove them from Nbase. | | Another option would be to move the bignum operations into Nbase, but | there quickly comes a point where it is better to just use OpenSSL | rather than import multiple parts of it into our codebase. I think the hash functions are important enough to justify putting them into Nbase. I do have doubts about putting the bignum functions in Nbase, though. This would add quite a lot of code to Nbase which would also have to be maintained. I think just using OpenSSL is the better alternative. Cheers, Sven - -- Sven Klemm http://cthulhu.c3d2.de/~sven/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAki8+s8ACgkQevlgTHEIT4YltwCeNVq5XE5vGuEJIb2CvIEY4wvs mmMAn1ZroCIE+lY0IcR+bcccr/OV4eSi =zWR7 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Aug 31)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 01)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 02)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Ron (Sep 02)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 04)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 04)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 01)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 04)