Re: [NSE][PATCH] OpenSSL bindings for NSE

[Fyodor <fyodor () insecure org>]

On Wed, Sep 03, 2008 at 04:29:57PM -0600, David Fifield wrote:
> On Mon, Sep 01, 2008 at 05:10:02PM -0700, Fyodor wrote:
> > On Sun, Aug 31, 2008 at 02:33:11PM +0200, Sven Klemm wrote:
> >
> > Also, we recently added the OpenSSL hash functions
> > to Nbase.  If we were to put these bindings in, we should probably
> > deal with the hash functions the same way and remove them from Nbase.
>
> As far as I can tell, the nbase hash functions are used nowhere but in
> nse_hash.cc, and there are no scripts that use the hash module that
> nse_hash.cc implements. Moving the hash functions into the openssl
> module would have no effect on current scripts.

Just FYI, Philip has some scripts/libraries in his nmap-exp which use
the nse_hash stuff.  I'm not sure why they haven't been checked in
yet.  In any case, this does mean that we can more easily change how
the hash functions work.  If the OpenSSL bindings are added, I'd be
tempted to use them for hashing and remove the Nbase copies.  I
suspect that 90% or more new Nmap installations (the only ones which
matter for new changes we make) have OpenSSL support.  Possibly 95%+.

I like Patrick's patch which prevents a missing OpenSSL from halting
all of NSE and prints a message instead.  But we may also want to
modify at least some of the relevant scripts to just return "" at the
beginning if OpenSSL is missing.  Particularly for any "default"
category scripts.  People should not receive the same error message
every time they run nmap (with scripting) just because they don't have
the optional OpenSSL library.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org