SSL overhaul fixing OpenSSL related problems when SSL has not been compiled in

* replace require function calls with stndse.silent_require
* fixed a bug in nse_main that would fail creating scripts.db when a script
  fails to load
* reworked some code to provide limited functionality even though SSL is not
  present

nse_main.lua

@@ -1114,6 +1114,7 @@ if script_database_update then
   sort(scripts);
   for i, script in ipairs(scripts) do
     script = Script.new(script);
+    if ( script ) then
       sort(script.categories);
       db:write('Entry { filename = "', script.basename, '", ');
       db:write('categories = {');
@@ -1122,6 +1123,7 @@ if script_database_update then
       end
       db:write(' } }\n');
     end
+  end
   db:close();
   log_write("stdout", "Script Database updated successfully.");
 end

nselib/afp.lua

@@ -114,18 +114,13 @@
 local bin = require "bin"
 local bit = require "bit"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local os = require "os"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("afp", stdnse.seeall);
 
-local HAVE_SSL = false
+local HAVE_SSL, openssl = pcall(require,'openssl')
-
-if pcall(require,'openssl') then
-  HAVE_SSL = true
-end
 
 -- Table of valid REQUESTs
 local REQUEST = {

nselib/bitcoin.lua

@@ -35,11 +35,10 @@
 local bin = require "bin"
 local ipOps = require "ipOps"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local os = require "os"
 local stdnse = require "stdnse"
 local table = require "table"
-stdnse.silent_require('openssl')
+local openssl = stdnse.silent_require('openssl')
 _ENV = stdnse.module("bitcoin", stdnse.seeall)
 
 -- A class that supports the BitCoin network address structure

nselib/http.lua

@@ -105,7 +105,6 @@ local base64 = require "base64"
 local comm = require "comm"
 local coroutine = require "coroutine"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local os = require "os"
 local stdnse = require "stdnse"
 local string = require "string"
@@ -114,7 +113,7 @@ local url = require "url"
 _ENV = stdnse.module("http", stdnse.seeall)
 
 ---Use ssl if we have it
-local have_ssl = (nmap.have_ssl() and pcall(require, "openssl"))
+local have_ssl, openssl = pcall(require,'openssl')
 
 local USER_AGENT = stdnse.get_script_args('http.useragent') or "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)"
 local MAX_REDIRECT_COUNT = 5

nselib/iax2.lua

@@ -9,9 +9,9 @@ local bin = require "bin"
 local bit = require "bit"
 local math = require "math"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local os = require "os"
 local stdnse = require "stdnse"
+local openssl = stdnse.silent_require "openssl"
 local table = require "table"
 _ENV = stdnse.module("iax2", stdnse.seeall)
 

nselib/iscsi.lua

@@ -40,8 +40,8 @@ local bin = require "bin"
 local bit = require "bit"
 local ipOps = require "ipOps"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local stdnse = require "stdnse"
+local openssl = stdnse.silent_require "openssl"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("iscsi", stdnse.seeall)

nselib/mssql.lua

@@ -107,7 +107,6 @@ local bit = require "bit"
 local math = require "math"
 local match = require "match"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local os = require "os"
 local shortport = require "shortport"
 local smb = require "smb"
@@ -132,7 +131,7 @@ _ENV = stdnse.module("mssql", stdnse.seeall)
 --
 --								(Patrik Karlsson, Chris Woodbury)
 
-HAVE_SSL = (nmap.have_ssl() and pcall(require, "openssl"))
+local openssl, HAVE_SSL = pcall(require, "openssl")
 
 do
   namedpipes = smb.namedpipes

nselib/mysql.lua

@@ -10,7 +10,6 @@
 local bin = require "bin"
 local bit = require "bit"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
@@ -26,11 +25,7 @@ _ENV = stdnse.module("mysql", stdnse.seeall)
 
 local tab = require('tab')
 
-local HAVE_SSL = false
+local HAVE_SSL, openssl = pcall(require,'openssl')
-
-if pcall(require,'openssl') then
-  HAVE_SSL = true
-end
 
 Capabilities = 
 {

nselib/pgsql.lua

@@ -14,8 +14,8 @@
 
 local bin = require "bin"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local stdnse = require "stdnse"
+local openssl = stdnse.silent_require "openssl"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("pgsql", stdnse.seeall)

nselib/pop3.lua

@@ -6,18 +6,12 @@
 local base64 = require "base64"
 local comm = require "comm"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("pop3", stdnse.seeall)
 
-local HAVE_SSL = false
+local HAVE_SSL, openssl = pcall(require,'openssl')
-
-if pcall(require,'openssl') then
-  HAVE_SSL = true
-end
-  
 
 
 err = {

nselib/sasl.lua

@@ -43,16 +43,19 @@
 
 local bin = require "bin"
 local bit = require "bit"
-local openssl = require "openssl"
 local smbauth = require "smbauth"
 local stdnse = require "stdnse"
 local string = require "string"
 _ENV = stdnse.module("sasl", stdnse.seeall)
 
-local HAVE_SSL = false
+local HAVE_SSL, openssl = pcall(require, 'openssl')
-
+if ( not(HAVE_SSL) ) then
+	 stdnse.print_debug(1,
+	    "sasl.lua: OpenSSL not present, SASL support limited.")
+end
 local MECHANISMS = { }
 
+if HAVE_SSL then 
 	-- Calculates a DIGEST MD5 response
 	DigestMD5 = {
 
@@ -235,14 +238,6 @@ NTLM = {
 
 	}
 	
-if pcall(require, 'openssl') then
-  HAVE_SSL = true
-else
-  stdnse.print_debug(1,
-    "sasl.lua: OpenSSL not present, SASL support limited.")
-end
-
-if HAVE_SSL then 
   --- Encodes the parameters using the <code>CRAM-MD5</code> mechanism.
   --
   -- @param username string.

nselib/sip.lua

@@ -44,9 +44,9 @@
 local bin = require "bin"
 local math = require "math"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local os = require "os"
 local stdnse = require "stdnse"
+local openssl = stdnse.silent_require "openssl"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("sip", stdnse.seeall)

nselib/smbauth.lua

@@ -82,13 +82,12 @@
 
 local bin = require "bin"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("smbauth", stdnse.seeall)
 
-have_ssl = (nmap.have_ssl() and pcall(require, "openssl"))
+local openssl, have_ssl = pcall(require, "openssl")
 
 -- Constants
 local NTLMSSP_NEGOTIATE = 0x00000001

nselib/ssh1.lua

@@ -10,8 +10,8 @@ local bin = require "bin"
 local bit = require "bit"
 local math = require "math"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local stdnse = require "stdnse"
+local openssl = stdnse.silent_require "openssl"
 _ENV = stdnse.module("ssh1", stdnse.seeall)
 
 --- Retrieve the size of the packet that is being received

nselib/vnc.lua

@@ -31,17 +31,12 @@
 
 local bin = require "bin"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("vnc", stdnse.seeall)
 
-local HAVE_SSL = false
+local HAVE_SSL, openssl = pcall(require,'openssl')
-
-if pcall(require,'openssl') then
-  HAVE_SSL = true
-end
 
 VNC = {
 

nselib/wsdd.lua

@@ -34,17 +34,12 @@
 
 local bin = require "bin"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local stdnse = require "stdnse"
 local table = require "table"
 local target = require "target"
 _ENV = stdnse.module("wsdd", stdnse.seeall)
 
-local HAVE_SSL = false
+local HAVE_SSL, openssl = pcall(require,'openssl')
-
-if pcall(require,'openssl') then
-  HAVE_SSL = true
-end
 
 -- The different probes
 local probes = {

scripts/dns-nsec3-enum.nse

@@ -2,7 +2,6 @@ local stdnse = require "stdnse"
 local shortport = require "shortport"
 local dns = require "dns"
 local base32 = require "base32"
-local openssl = require "openssl"
 local msrpc = require "msrpc" -- just for random string generation
 local math = require "math"
 local bin = require "bin"
@@ -10,6 +9,8 @@ local nmap = require "nmap"
 local string = require "string"
 local table = require "table"
 
+local openssl = stdnse.silent_require "openssl"
+
 description = [[
 Tries to enumerate domain names from the DNS server that supports DNSSEC
 NSEC3 records.

scripts/http-userdir-enum.nse

@@ -3,7 +3,6 @@ local bin = require "bin"
 local datafiles = require "datafiles"
 local http = require "http"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local os = require "os"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
@@ -158,7 +157,8 @@ end
 
 function randomstring()
   local rnd, s, l, _
-  if pcall(require, "openssl") then
+  local status, openssl = pcall(require, "openssl")
+  if status then
     rnd = openssl.rand_pseudo_bytes
   end
   s = rnd and rnd(8) or tostring( os.time() )

scripts/http-virustotal.nse

@@ -1,8 +1,8 @@
 local http = require "http"
 local io = require "io"
 local json = require "json"
-local openssl = require "openssl"
 local stdnse = require "stdnse"
+local openssl = stdnse.silent_require "openssl"
 local tab = require "tab"
 local table = require "table"
 

scripts/smb-ls.nse

@@ -3,7 +3,7 @@ local smb    = require 'smb'
 local stdnse = require 'stdnse'
 local tab    = require 'tab'
 local table = require "table"
-local openssl= require 'openssl'
+local openssl= stdnse.silent_require 'openssl'
 
 description = [[
 Attempts to retrieve useful information about files shared on SMB volumes.

scripts/svn-brute.nse

@@ -1,9 +1,9 @@
 local brute = require "brute"
 local creds = require "creds"
 local nmap = require "nmap"
-local openssl = require "openssl"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
+local openssl = stdnse.silent_require "openssl"
 
 description = [[
 Performs brute force password auditing against Subversion source code control servers.