Nmap Development mailing list archives

Re: [NSE][PATCH] OpenSSL bindings for NSE

From: Sven Klemm <sven () c3d2 de>
Date: Tue, 02 Sep 2008 10:35:27 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
| On Sun, Aug 31, 2008 at 02:33:11PM +0200, Sven Klemm wrote:
|> Hi,
|>
|> I've updated the openssl bindings. The module is now built as a static
|> module. The module is built when OpenSSL is available and Lua is
enabled.
|>
|> The module currently includes all the functions I needed for writing
|> the SSH hostkey script, which are mostly bignum functions. I've also
|> added documentation for the included functions.
|>
|> Any opinions about integrating this into nmap?
|
| Hi Sven.  This certainly looks like an interesting and potentially
| quite useful module.  But I haven't had time to really review the code
| closely.  If we put this module in, and scripts start depending on it,
| how do you suggest those scripts deal with the cases where OpenSSL
| isn't available?  I'm not sure that we should require OpenSSL (though
| it is an option), so failing that we need a good way for scripts to
| deal elegantly with its absence.

I think we shouldn't require OpenSSL although I wouldn't mind if we
would. If you don't have OpenSSL those scripts using this module
wouldn't work similar to Nsock not being able to establish SSL
connections if you don't have OpenSSL.

| Also, we recently added the OpenSSL hash functions
| to Nbase.  If we were to put these bindings in, we should probably
| deal with the hash functions the same way and remove them from Nbase.
|
| Another option would be to move the bignum operations into Nbase, but
| there quickly comes a point where it is better to just use OpenSSL
| rather than import multiple parts of it into our codebase.

I think the hash functions are important enough to justify putting
them into Nbase. I do have doubts about putting the bignum functions
in Nbase, though. This would add quite a lot of code to Nbase which
would also have to be maintained. I think just using OpenSSL is the
better alternative.

Cheers,
Sven


- --
Sven Klemm
http://cthulhu.c3d2.de/~sven/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki8+s8ACgkQevlgTHEIT4YltwCeNVq5XE5vGuEJIb2CvIEY4wvs
mmMAn1ZroCIE+lY0IcR+bcccr/OV4eSi
=zWR7
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Aug 31)
- Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 01)
  - Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 02)
  - Re: [NSE][PATCH] OpenSSL bindings for NSE Ron (Sep 02)
  - Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Patrick Donnelly (Sep 04)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Sven Klemm (Sep 04)
    - Re: [NSE][PATCH] OpenSSL bindings for NSE Fyodor (Sep 04)
- Re: [NSE][PATCH] OpenSSL bindings for NSE David Fifield (Sep 03)

(Thread continues...)