Re: [NSE][PATCH] OpenSSL bindings for NSE

[David Fifield <david () bamsoftware com>]

On Wed, Sep 03, 2008 at 11:30:48PM +0200, Sven Klemm wrote:
> | I checked out your nse_openssl branch and built it with
> | --without-openssl. Then I ran
> |
> |     nmap --script=SSH-hostkey -p ssh goomba.bamsoftware.com
> - --script-args=ssh_hostkey=all
> |
> | I got the error
> |
> |     SCRIPT ENGINE: Initiating script scanning.
> |     SCRIPT ENGINE: Script scanning mail.bamsoftware.com (64.81.99.73).
> |     SCRIPT ENGINE: error while initializing script rules:
> |     ./scripts/SSH-hostkey.nse:34: module 'openssl' not found:
> |             no field package.preload['openssl']
> |             no file './nselib/openssl.lua'
> |             no file './openssl.lua'
> |             no file '/usr/local/share/lua/5.1/openssl.lua'
> |             no file '/usr/local/share/lua/5.1/openssl/init.lua'
> |             no file '/usr/local/lib/lua/5.1/openssl.lua'
> |             no file '/usr/local/lib/lua/5.1/openssl/init.lua'
> |             no file './nselib-bin/openssl.so'
> |             no file './openssl.so'
> |             no file '/usr/local/lib/lua/5.1/openssl.so'
> |             no file '/usr/local/lib/lua/5.1/loadall.so'
> |     stack traceback:
> |             [C]: in function 'require'
> |             ./scripts/SSH-hostkey.nse:34: in main chunk
> |             [C]: ?
> |             [C]: ?
> |
> |     SCRIPT ENGINE: Script scanning completed.
> |     SCRIPT ENGINE: Aborting script scan.
> |
> | I agree that the OpenSSL library could be useful. Is there a way to
> | handle this situation gracefully? As it is it halts all script scanning
> | when the openssl module can't be loaded.
>
> I haven't added any error handling to the script in case openssl is
> missing. The script could check for nmap.have_ssl() and return false
> in the portrule in this case.

Just using nmap.have_ssl in every script that uses the openssl modules
sounds okay. I worry a little that script authors will forget to do that
and we will release a broken script.

> | Can you explain the "BIGNUM" metatable?
>
> A lot of the functions in this module return userdata of type BIGNUM.
> The functions in the metatable are the functions available on objects
> of this type.
>
> For example bn = openssl.dec2bn("24234234242") will return a userdata
> object of type BIGNUM. All functions defined in the metatable are
> available on bn. You can for example write bn:to_dec() which is
> equivalent to openssl.bignum_bn2dec( bn ). As it maps to the same C
> function.
>
> The methods starting with __ are methods with a special meaning. For
> example __gc is called when the garbage collector sees the object is
> no longer referenced and will remove it. __add and __sub are for + und
> - operator behavior.
> Did this explain the purpose of the metatable?

Yes, thanks.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org