Re: [NSE][PATCH] OpenSSL bindings for NSE

[David Fifield <david () bamsoftware com>]

On Thu, Sep 04, 2008 at 03:48:03PM -0600, Patrick Donnelly wrote:
> On Thu, Sep 4, 2008 at 2:58 PM, Sven Klemm <sven () c3d2 de> wrote:
> > Adding furthing functions is trivial. I am not yet sure about the best
> > interface for the hashing functions though.
> > These are the possibilities I see:
> > - - add two functions for each algorithm one producing binary data the
> > other producing a hexencoded string
> > - - add a flag to the function signature controlling whether binary data
> > or a hexencoded string should be returned
> > - - only create functions producing binary data and do the conversion
> > with bin.unpack
> > - - only create functions producing binary data and add a to_hex
> > function to the lua string class
>
> I just want to caution that there are many existing libraries for Lua,
> especially for OpenSSL (e.g. http://luacrypto.luaforge.net/). Careful
> not to reinvent any wheels :)

Thanks for mentioning this, Patrick. I didn't know about it.

I was all set to ask why not just use LuaCrypto, but it seems to be
deficient in a few ways. It doesn't appear to support the bignum
functions that Sven's library does, which was the motivation for the
openssl library in the first place, I believe. Also the latest date in
their "History" section is over two years ago, so maybe we would end up
maintaining it anyway.

I did a few web searches to see if there were other Lua crypto libraries
but didn't find anything compelling. I am inclined to accept Sven's
library. Does anyone know of other third-party Lua libraries that do
what his library does?

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org