SSL overhaul fixing OpenSSL related problems when SSL has not been compiled in

* replace require function calls with stndse.silent_require * fixed a bug in nse_main that would fail creating scripts.db when a script fails to load * reworked some code to provide limited functionality even though SSL is not present
2025-12-06 04:31:29 +00:00 · 2012-08-05 12:05:07 +00:00
parent 7864c3cb08
commit 6f43ac38b2
21 changed files with 216 additions and 248 deletions
--- a/nse_main.lua
+++ b/nse_main.lua
@@ -1114,13 +1114,15 @@ if script_database_update then
  sort(scripts);
  for i, script in ipairs(scripts) do
    script = Script.new(script);
-    sort(script.categories);
+    if ( script ) then
-    db:write('Entry { filename = "', script.basename, '", ');
+      sort(script.categories);
-    db:write('categories = {');
+      db:write('Entry { filename = "', script.basename, '", ');
-    for j, category in ipairs(script.categories) do
+      db:write('categories = {');
-      db:write(' "', lower(category), '",');
+      for j, category in ipairs(script.categories) do
        db:write(' "', lower(category), '",');
      end
      db:write(' } }\n');
    end
    db:write(' } }\n');
  end
  db:close();
  log_write("stdout", "Script Database updated successfully.");
--- a/nselib/afp.lua
+++ b/nselib/afp.lua
@@ -114,18 +114,13 @@
 local bin = require "bin"
 local bit = require "bit"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local os = require "os"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("afp", stdnse.seeall);
-local HAVE_SSL = false
+local HAVE_SSL, openssl = pcall(require,'openssl')
 if pcall(require,'openssl') then
  HAVE_SSL = true
 end
 -- Table of valid REQUESTs
 local REQUEST = {
--- a/nselib/bitcoin.lua
+++ b/nselib/bitcoin.lua
@@ -35,11 +35,10 @@
 local bin = require "bin"
 local ipOps = require "ipOps"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local os = require "os"
 local stdnse = require "stdnse"
 local table = require "table"
-stdnse.silent_require('openssl')
+local openssl = stdnse.silent_require('openssl')
 _ENV = stdnse.module("bitcoin", stdnse.seeall)
 -- A class that supports the BitCoin network address structure
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -105,7 +105,6 @@ local base64 = require "base64"
 local comm = require "comm"
 local coroutine = require "coroutine"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local os = require "os"
 local stdnse = require "stdnse"
 local string = require "string"
@@ -114,7 +113,7 @@ local url = require "url"
 _ENV = stdnse.module("http", stdnse.seeall)
 ---Use ssl if we have it
-local have_ssl = (nmap.have_ssl() and pcall(require, "openssl"))
+local have_ssl, openssl = pcall(require,'openssl')
 local USER_AGENT = stdnse.get_script_args('http.useragent') or "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)"
 local MAX_REDIRECT_COUNT = 5
--- a/nselib/iax2.lua
+++ b/nselib/iax2.lua
@@ -9,9 +9,9 @@ local bin = require "bin"
 local bit = require "bit"
 local math = require "math"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local os = require "os"
 local stdnse = require "stdnse"
 local openssl = stdnse.silent_require "openssl"
 local table = require "table"
 _ENV = stdnse.module("iax2", stdnse.seeall)
--- a/nselib/iscsi.lua
+++ b/nselib/iscsi.lua
@@ -40,8 +40,8 @@ local bin = require "bin"
 local bit = require "bit"
 local ipOps = require "ipOps"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local stdnse = require "stdnse"
 local openssl = stdnse.silent_require "openssl"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("iscsi", stdnse.seeall)
--- a/nselib/mssql.lua
+++ b/nselib/mssql.lua
@@ -107,7 +107,6 @@ local bit = require "bit"
 local math = require "math"
 local match = require "match"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local os = require "os"
 local shortport = require "shortport"
 local smb = require "smb"
@@ -132,7 +131,7 @@ _ENV = stdnse.module("mssql", stdnse.seeall)
 --
 --								(Patrik Karlsson, Chris Woodbury)
-HAVE_SSL = (nmap.have_ssl() and pcall(require, "openssl"))
+local openssl, HAVE_SSL = pcall(require, "openssl")
 do
  namedpipes = smb.namedpipes
--- a/nselib/mysql.lua
+++ b/nselib/mysql.lua
@@ -10,7 +10,6 @@
 local bin = require "bin"
 local bit = require "bit"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
@@ -26,11 +25,7 @@ _ENV = stdnse.module("mysql", stdnse.seeall)
 local tab = require('tab')
-local HAVE_SSL = false
+local HAVE_SSL, openssl = pcall(require,'openssl')
 if pcall(require,'openssl') then
  HAVE_SSL = true
 end
 Capabilities = 
 {
--- a/nselib/pgsql.lua
+++ b/nselib/pgsql.lua
@@ -14,8 +14,8 @@
 local bin = require "bin"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local stdnse = require "stdnse"
 local openssl = stdnse.silent_require "openssl"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("pgsql", stdnse.seeall)
--- a/nselib/pop3.lua
+++ b/nselib/pop3.lua
@@ -6,18 +6,12 @@
 local base64 = require "base64"
 local comm = require "comm"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("pop3", stdnse.seeall)
-local HAVE_SSL = false
+local HAVE_SSL, openssl = pcall(require,'openssl')
 if pcall(require,'openssl') then
  HAVE_SSL = true
 end
 err = {
--- a/nselib/sasl.lua
+++ b/nselib/sasl.lua
@@ -43,206 +43,201 @@
 local bin = require "bin"
 local bit = require "bit"
 local openssl = require "openssl"
 local smbauth = require "smbauth"
 local stdnse = require "stdnse"
 local string = require "string"
 _ENV = stdnse.module("sasl", stdnse.seeall)
-local HAVE_SSL = false
+local HAVE_SSL, openssl = pcall(require, 'openssl')
-
+if ( not(HAVE_SSL) ) then
 	 stdnse.print_debug(1,
 	    "sasl.lua: OpenSSL not present, SASL support limited.")
 end
 local MECHANISMS = { }
 -- Calculates a DIGEST MD5 response
 DigestMD5 = {
 	--- Instantiates DigestMD5
 	--
 	-- @param chall string containing the base64 decoded challenge
 	-- @return a new instance of DigestMD5
 	new = function(self, chall, username, password, method, uri, service, realm)
 		local o = { nc = 0, 
 			chall = chall, 
 			challnvs = {},
 			username = username,
 			password = password,
 			method = method,
 			uri = uri,
 			service = service,
 			realm = realm }
       	setmetatable(o, self)
        self.__index = self
 		o:parseChallenge()
 		return o
 	end,
 	-- parses a challenge received from the server
 	-- takes care of both quoted and unqoted identifiers
 	-- regardless of what RFC says
 	parseChallenge = function(self)
 		local results = {}
 		local start, stop = 0,0
 		while(true) do
 			local name, value
 			start, stop, name = self.chall:find("([^=]*)=%s*", stop + 1)
 			if ( not(start) ) then break end
 			if ( self.chall:sub(stop + 1, stop + 1) == "\"" ) then
 				start, stop, value = self.chall:find("(.-)\"", stop + 2)
 			else
 				start, stop, value = self.chall:find("([^,]*)", stop + 1)
 			end
 			self.challnvs[name:lower()] = value
 			start, stop = self.chall:find("%s*,%s*", stop + 1)
 			if ( not(start) ) then break end
 		end
 	end,
 	--- Calculates the digest 
 	calcDigest = function( self )
 		local uri = self.uri or ("%s/%s"):format(self.service, "localhost")
 		local realm = self.realm or self.challnvs.realm or ""
 		local cnonce = stdnse.tohex(openssl.rand_bytes( 8 ))
 		local qop = "auth"
 		self.nc = self.nc + 1
 		local A1_part1 = openssl.md5(self.username .. ":" .. (self.challnvs.realm or "") .. ":" .. self.password)
 		local A1 = stdnse.tohex(openssl.md5(A1_part1 .. ":" .. self.challnvs.nonce .. ':' .. cnonce))
 		local A2 = stdnse.tohex(openssl.md5(("%s:%s"):format(self.method, uri)))
 		local digest = stdnse.tohex(openssl.md5(A1 .. ":" .. self.challnvs.nonce .. ":" ..
 					("%08d"):format(self.nc)  .. ":" .. cnonce .. ":" ..
 					qop .. ":" .. A2))
 		local response = "username=\"" .. self.username .. "\""
 		response = response .. (",%s=\"%s\""):format("realm", realm)
 		response = response .. (",%s=\"%s\""):format("nonce", self.challnvs.nonce)
 		response = response .. (",%s=\"%s\""):format("cnonce", cnonce)
 		response = response .. (",%s=%08d"):format("nc", self.nc)
 		response = response .. (",%s=%s"):format("qop", "auth")
 		response = response .. (",%s=\"%s\""):format("digest-uri", uri)
 		response = response .. (",%s=%s"):format("response", digest)
 		response = response .. (",%s=%s"):format("charset", "utf-8")
 		return response
 	end,
 }
 -- The NTLM class handling NTLM challenge response authentication
 NTLM = {
 	--- Creates a new instance of the NTLM class
 	--
 	-- @param chall string containing the challenge received from the server
 	-- @param username string containing the username
 	-- @param password string containing the password
 	-- @return new instance of NTML
 	new = function(self, chall, username, password)
 		local o = { nc = 0, 
 			chall = chall, 
 			username = username,
 			password = password}
       	setmetatable(o, self)
        self.__index = self
 		o:parseChallenge()
 		return o
 	end,
 	--- Converst str to "unicode" (adds null bytes for every other byte)
 	-- @param str containing string to convert
 	-- @return unicode string containing the unicoded str
 	to_unicode = function(str)
 		local unicode = ""
 		for i = 1, #str, 1 do
 			unicode = unicode .. bin.pack("<S", string.byte(str, i))
 		end
 		return unicode
 	end,
 	--- Parses the NTLM challenge as received from the server
 	parseChallenge = function(self)
 		local NTLM_NegotiateUnicode 			= 0x00000001
 		local NTLM_NegotiateExtendedSecurity 	= 0x00080000
 		local pos, _, message_type
 		pos, _, message_type, _, _, 
 		_, self.flags, self.chall, _, 
 		_, _, _	 = bin.unpack("<A8ISSIIA8LSSI", self.chall)
 		if ( message_type ~= 0x02 ) then
 			error("NTLM parseChallenge expected message type: 0x02")
 		end
 		self.is_extended = ( bit.band(self.flags, NTLM_NegotiateExtendedSecurity) == NTLM_NegotiateExtendedSecurity )
 		local is_unicode  = ( bit.band(self.flags, NTLM_NegotiateUnicode) == NTLM_NegotiateUnicode )
 		self.workstation = "NMAP-HOST"
 		self.domain = self.username:match("^(.-)\\(.*)$") or "DOMAIN"
 		if ( is_unicode ) then
 			self.workstation = self.to_unicode(self.workstation)
 			self.username = self.to_unicode(self.username)
 			self.domain = self.to_unicode(self.domain)
 		end	
 	end,
 	--- Calculates the response
 	calcResponse = function(self)
 		local ntlm, lm = smbauth.get_password_response(nil, self.username, self.domain, self.password, nil, "v1", self.chall, self.is_extended)
 		local msg_type = 3
 		local response
 		local BASE_OFFSET = 72
 		local offset
 		local encrypted_random_sesskey = ""
 		local flags = 0xa2888205  -- (NTLM_NegotiateUnicode | \
 		                    		-- NTLM_RequestTarget | \
 				                    -- NTLM_NegotiateNTLM | \
 				                    -- NTLM_NegotiateAlwaysSign | \
 				                    -- NTLM_NegotiateExtendedSecurity | \
 				                    -- NTLM_NegotiateTargetInfo | \
 				                    -- NTLM_NegotiateVersion | \
 				                    -- NTLM_Negotiate128 | \
 				                    -- NTLM_Negotiate56)
 		response = bin.pack("<AI", "NTLMSSP\0", msg_type)
 		offset = BASE_OFFSET + #self.workstation + #self.username + #self.domain
 		response = response .. bin.pack("<SSI", #lm, #lm, offset)
 		offset = offset + #lm
 		response = response .. bin.pack("<SSI", #ntlm, #ntlm, offset)
 		offset = BASE_OFFSET
 		response = response .. bin.pack("<SSI", #self.domain, #self.domain, offset)
 		offset = BASE_OFFSET + #self.domain
 		response = response .. bin.pack("<SSI", #self.username, #self.username, offset)
 		offset = BASE_OFFSET + #self.domain + #self.username
 		response = response .. bin.pack("<SSI", #self.workstation, #self.workstation, offset)
 		offset = offset + #self.workstation + #lm + #ntlm
 		response = response .. bin.pack("<SSI", #encrypted_random_sesskey, #encrypted_random_sesskey, offset)
 		response = response .. bin.pack("<I", flags)
 		-- add version info (major 5, minor 1, build 2600, reserved(1-3) 0,
 		-- NTLM Revision 15)
 		response = response .. bin.pack("<CCSCCCC", 5, 1, 2600, 0, 0, 0, 15)
 		response = response .. self.domain .. self.username .. self.workstation .. ntlm .. lm .. encrypted_random_sesskey
 		return response
 	end
 }
 if pcall(require, 'openssl') then
  HAVE_SSL = true
 else
  stdnse.print_debug(1,
    "sasl.lua: OpenSSL not present, SASL support limited.")
 end
 if HAVE_SSL then 
 	-- Calculates a DIGEST MD5 response
 	DigestMD5 = {
 		--- Instantiates DigestMD5
 		--
 		-- @param chall string containing the base64 decoded challenge
 		-- @return a new instance of DigestMD5
 		new = function(self, chall, username, password, method, uri, service, realm)
 			local o = { nc = 0, 
 				chall = chall, 
 				challnvs = {},
 				username = username,
 				password = password,
 				method = method,
 				uri = uri,
 				service = service,
 				realm = realm }
 	       	setmetatable(o, self)
 	        self.__index = self
 			o:parseChallenge()
 			return o
 		end,
 		-- parses a challenge received from the server
 		-- takes care of both quoted and unqoted identifiers
 		-- regardless of what RFC says
 		parseChallenge = function(self)
 			local results = {}
 			local start, stop = 0,0
 			while(true) do
 				local name, value
 				start, stop, name = self.chall:find("([^=]*)=%s*", stop + 1)
 				if ( not(start) ) then break end
 				if ( self.chall:sub(stop + 1, stop + 1) == "\"" ) then
 					start, stop, value = self.chall:find("(.-)\"", stop + 2)
 				else
 					start, stop, value = self.chall:find("([^,]*)", stop + 1)
 				end
 				self.challnvs[name:lower()] = value
 				start, stop = self.chall:find("%s*,%s*", stop + 1)
 				if ( not(start) ) then break end
 			end
 		end,
 		--- Calculates the digest 
 		calcDigest = function( self )
 			local uri = self.uri or ("%s/%s"):format(self.service, "localhost")
 			local realm = self.realm or self.challnvs.realm or ""
 			local cnonce = stdnse.tohex(openssl.rand_bytes( 8 ))
 			local qop = "auth"
 			self.nc = self.nc + 1
 			local A1_part1 = openssl.md5(self.username .. ":" .. (self.challnvs.realm or "") .. ":" .. self.password)
 			local A1 = stdnse.tohex(openssl.md5(A1_part1 .. ":" .. self.challnvs.nonce .. ':' .. cnonce))
 			local A2 = stdnse.tohex(openssl.md5(("%s:%s"):format(self.method, uri)))
 			local digest = stdnse.tohex(openssl.md5(A1 .. ":" .. self.challnvs.nonce .. ":" ..
 						("%08d"):format(self.nc)  .. ":" .. cnonce .. ":" ..
 						qop .. ":" .. A2))
 			local response = "username=\"" .. self.username .. "\""
 			response = response .. (",%s=\"%s\""):format("realm", realm)
 			response = response .. (",%s=\"%s\""):format("nonce", self.challnvs.nonce)
 			response = response .. (",%s=\"%s\""):format("cnonce", cnonce)
 			response = response .. (",%s=%08d"):format("nc", self.nc)
 			response = response .. (",%s=%s"):format("qop", "auth")
 			response = response .. (",%s=\"%s\""):format("digest-uri", uri)
 			response = response .. (",%s=%s"):format("response", digest)
 			response = response .. (",%s=%s"):format("charset", "utf-8")
 			return response
 		end,
 	}
 	-- The NTLM class handling NTLM challenge response authentication
 	NTLM = {
 		--- Creates a new instance of the NTLM class
 		--
 		-- @param chall string containing the challenge received from the server
 		-- @param username string containing the username
 		-- @param password string containing the password
 		-- @return new instance of NTML
 		new = function(self, chall, username, password)
 			local o = { nc = 0, 
 				chall = chall, 
 				username = username,
 				password = password}
 	       	setmetatable(o, self)
 	        self.__index = self
 			o:parseChallenge()
 			return o
 		end,
 		--- Converst str to "unicode" (adds null bytes for every other byte)
 		-- @param str containing string to convert
 		-- @return unicode string containing the unicoded str
 		to_unicode = function(str)
 			local unicode = ""
 			for i = 1, #str, 1 do
 				unicode = unicode .. bin.pack("<S", string.byte(str, i))
 			end
 			return unicode
 		end,
 		--- Parses the NTLM challenge as received from the server
 		parseChallenge = function(self)
 			local NTLM_NegotiateUnicode 			= 0x00000001
 			local NTLM_NegotiateExtendedSecurity 	= 0x00080000
 			local pos, _, message_type
 			pos, _, message_type, _, _, 
 			_, self.flags, self.chall, _, 
 			_, _, _	 = bin.unpack("<A8ISSIIA8LSSI", self.chall)
 			if ( message_type ~= 0x02 ) then
 				error("NTLM parseChallenge expected message type: 0x02")
 			end
 			self.is_extended = ( bit.band(self.flags, NTLM_NegotiateExtendedSecurity) == NTLM_NegotiateExtendedSecurity )
 			local is_unicode  = ( bit.band(self.flags, NTLM_NegotiateUnicode) == NTLM_NegotiateUnicode )
 			self.workstation = "NMAP-HOST"
 			self.domain = self.username:match("^(.-)\\(.*)$") or "DOMAIN"
 			if ( is_unicode ) then
 				self.workstation = self.to_unicode(self.workstation)
 				self.username = self.to_unicode(self.username)
 				self.domain = self.to_unicode(self.domain)
 			end	
 		end,
 		--- Calculates the response
 		calcResponse = function(self)
 			local ntlm, lm = smbauth.get_password_response(nil, self.username, self.domain, self.password, nil, "v1", self.chall, self.is_extended)
 			local msg_type = 3
 			local response
 			local BASE_OFFSET = 72
 			local offset
 			local encrypted_random_sesskey = ""
 			local flags = 0xa2888205  -- (NTLM_NegotiateUnicode | \
 			                    		-- NTLM_RequestTarget | \
 					                    -- NTLM_NegotiateNTLM | \
 					                    -- NTLM_NegotiateAlwaysSign | \
 					                    -- NTLM_NegotiateExtendedSecurity | \
 					                    -- NTLM_NegotiateTargetInfo | \
 					                    -- NTLM_NegotiateVersion | \
 					                    -- NTLM_Negotiate128 | \
 					                    -- NTLM_Negotiate56)
 			response = bin.pack("<AI", "NTLMSSP\0", msg_type)
 			offset = BASE_OFFSET + #self.workstation + #self.username + #self.domain
 			response = response .. bin.pack("<SSI", #lm, #lm, offset)
 			offset = offset + #lm
 			response = response .. bin.pack("<SSI", #ntlm, #ntlm, offset)
 			offset = BASE_OFFSET
 			response = response .. bin.pack("<SSI", #self.domain, #self.domain, offset)
 			offset = BASE_OFFSET + #self.domain
 			response = response .. bin.pack("<SSI", #self.username, #self.username, offset)
 			offset = BASE_OFFSET + #self.domain + #self.username
 			response = response .. bin.pack("<SSI", #self.workstation, #self.workstation, offset)
 			offset = offset + #self.workstation + #lm + #ntlm
 			response = response .. bin.pack("<SSI", #encrypted_random_sesskey, #encrypted_random_sesskey, offset)
 			response = response .. bin.pack("<I", flags)
 			-- add version info (major 5, minor 1, build 2600, reserved(1-3) 0,
 			-- NTLM Revision 15)
 			response = response .. bin.pack("<CCSCCCC", 5, 1, 2600, 0, 0, 0, 15)
 			response = response .. self.domain .. self.username .. self.workstation .. ntlm .. lm .. encrypted_random_sesskey
 			return response
 		end
 	}
  --- Encodes the parameters using the <code>CRAM-MD5</code> mechanism.
  --
  -- @param username string.
--- a/nselib/sip.lua
+++ b/nselib/sip.lua
@@ -44,9 +44,9 @@
 local bin = require "bin"
 local math = require "math"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local os = require "os"
 local stdnse = require "stdnse"
 local openssl = stdnse.silent_require "openssl"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("sip", stdnse.seeall)
--- a/nselib/smbauth.lua
+++ b/nselib/smbauth.lua
@@ -82,13 +82,12 @@
 local bin = require "bin"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("smbauth", stdnse.seeall)
-have_ssl = (nmap.have_ssl() and pcall(require, "openssl"))
+local openssl, have_ssl = pcall(require, "openssl")
 -- Constants
 local NTLMSSP_NEGOTIATE = 0x00000001
--- a/nselib/ssh1.lua
+++ b/nselib/ssh1.lua
@@ -10,8 +10,8 @@ local bin = require "bin"
 local bit = require "bit"
 local math = require "math"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local stdnse = require "stdnse"
 local openssl = stdnse.silent_require "openssl"
 _ENV = stdnse.module("ssh1", stdnse.seeall)
 --- Retrieve the size of the packet that is being received
--- a/nselib/vnc.lua
+++ b/nselib/vnc.lua
@@ -31,17 +31,12 @@
 local bin = require "bin"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
 _ENV = stdnse.module("vnc", stdnse.seeall)
-local HAVE_SSL = false
+local HAVE_SSL, openssl = pcall(require,'openssl')
 if pcall(require,'openssl') then
  HAVE_SSL = true
 end
 VNC = {
--- a/nselib/wsdd.lua
+++ b/nselib/wsdd.lua
@@ -34,17 +34,12 @@
 local bin = require "bin"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local stdnse = require "stdnse"
 local table = require "table"
 local target = require "target"
 _ENV = stdnse.module("wsdd", stdnse.seeall)
-local HAVE_SSL = false
+local HAVE_SSL, openssl = pcall(require,'openssl')
 if pcall(require,'openssl') then
  HAVE_SSL = true
 end
 -- The different probes
 local probes = {
--- a/scripts/dns-nsec3-enum.nse
+++ b/scripts/dns-nsec3-enum.nse
@@ -2,7 +2,6 @@ local stdnse = require "stdnse"
 local shortport = require "shortport"
 local dns = require "dns"
 local base32 = require "base32"
 local openssl = require "openssl"
 local msrpc = require "msrpc" -- just for random string generation
 local math = require "math"
 local bin = require "bin"
@@ -10,6 +9,8 @@ local nmap = require "nmap"
 local string = require "string"
 local table = require "table"
 local openssl = stdnse.silent_require "openssl"
 description = [[
 Tries to enumerate domain names from the DNS server that supports DNSSEC
 NSEC3 records.
--- a/scripts/http-userdir-enum.nse
+++ b/scripts/http-userdir-enum.nse
@@ -3,7 +3,6 @@ local bin = require "bin"
 local datafiles = require "datafiles"
 local http = require "http"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local os = require "os"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
@@ -158,7 +157,8 @@ end
 function randomstring()
  local rnd, s, l, _
-  if pcall(require, "openssl") then
+  local status, openssl = pcall(require, "openssl")
  if status then
    rnd = openssl.rand_pseudo_bytes
  end
  s = rnd and rnd(8) or tostring( os.time() )
--- a/scripts/http-virustotal.nse
+++ b/scripts/http-virustotal.nse
@@ -1,8 +1,8 @@
 local http = require "http"
 local io = require "io"
 local json = require "json"
 local openssl = require "openssl"
 local stdnse = require "stdnse"
 local openssl = stdnse.silent_require "openssl"
 local tab = require "tab"
 local table = require "table"
--- a/scripts/smb-ls.nse
+++ b/scripts/smb-ls.nse
@@ -3,7 +3,7 @@ local smb    = require 'smb'
 local stdnse = require 'stdnse'
 local tab    = require 'tab'
 local table = require "table"
-local openssl= require 'openssl'
+local openssl= stdnse.silent_require 'openssl'
 description = [[
 Attempts to retrieve useful information about files shared on SMB volumes.
--- a/scripts/svn-brute.nse
+++ b/scripts/svn-brute.nse
@@ -1,9 +1,9 @@
 local brute = require "brute"
 local creds = require "creds"
 local nmap = require "nmap"
 local openssl = require "openssl"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
 local openssl = stdnse.silent_require "openssl"
 description = [[
 Performs brute force password auditing against Subversion source code control servers.