Updated all OpenSSL code to OpenSSL 3.0 API with no deprecated functions. Some
NSE functions were changed:
* openssl.rc4_options and openssl.rc4 were removed in favor of openssl.encrypt
* openssl.bignum_pseudo_rand is now an alias for openssl.bignum_rand
* openssl.bignum_is_prime and openssl.bignum_is_safe_prime will now ignore the
nchecks parameter, using a secure default instead.
Instead of maintaining parallel blocks of code that do the same thing,
use preprocessor defines to unify the syntax. This way, functional
changes only need to happen in one place.
Lua 5.3 adds several awesome features of particular interest to nmap including
bitwise operators and integers, a utf8 library, and standard binary pack/unpack
functions.
In addition to adding Lua 5.3, this branch changes:
o Complete removal of the NSE bit library (in C), It has been replaced with
a new Lua library wrapping Lua 5.3's bit-wise operators.
o Complete removal of the NSE bin library (in C). It has been replaced with a
new Lua library wrapping Lua 5.3's string.pack|unpack functions.
o The bin.pack "B" format specifier (which has never worked correctly) is
unimplemented. All scripts/libraries which use it have been updated. Most
usage of this option was to allow string based bit-wise operations which are no
longer necessary now that Lua 5.3 provides integers and bit-wise operators.
o The base32/base64 libraries have been reimplemented using Lua 5.3's new
bitwise operators. (This library was the main user of the bin.pack "B" format
specifier.)
o A new "bits" library has been added for common bit hacks. Currently only has
a reverse function.
Thanks to David Fifield, Daniel Miller, Jacek Wielemborek, and Paulino
Calderon for testing this branch.
Excellent discussion of the issues with RAND_pseudo_bytes here:
https://jbp.io/2014/01/16/openssl-rand-api/
Essentially, RAND_pseudo_bytes is the same function as RAND_bytes,
except with worse documentation and broken implementations in some
cases.
found by Patrik Karlsson. The second and subsequent times we call
EVP{Encrypt,Decrypt}Init_ex, we have to pass NULL for the type argument.
This allows setting to accumulate from previous calls.
and l_decrypt. Otherwise, OpenSSL reads unallocated memory:
openssl.encrypt("DES", "key", "iv", "datadatadatadata")
==5691== Invalid read of size 1
==5691== at 0x412F07D: DES_set_key_unchecked (in /usr/lib/libcrypto.so.0.9.8)
==5691== Address 0x4bcc415 is 2 bytes after a block of size 19 alloc'd
==5691== at 0x402598A: malloc (vg_replace_malloc.c:195)
==5691== by 0x4025A16: realloc (vg_replace_malloc.c:476)
==5691== by 0x80ED502: luaM_realloc_ (in /home/david/nmap/nmap)
==5691== by 0x80F134B: luaS_newlstr (in /home/david/nmap/nmap)
==5691== by 0x80F85FA: luaX_newstring (in /home/david/nmap/nmap)
==5691== by 0x80F8FF6: llex (in /home/david/nmap/nmap)
==5691== by 0x80F9861: luaX_next (in /home/david/nmap/nmap)
==5691== by 0x80EDCAF: testnext (in /home/david/nmap/nmap)
==5691== by 0x80EF718: explist1 (in /home/david/nmap/nmap)
==5691== by 0x80EF7C0: funcargs (in /home/david/nmap/nmap)
==5691== by 0x80EFA1C: primaryexp (in /home/david/nmap/nmap)
==5691== by 0x80EEE16: subexpr (in /home/david/nmap/nmap)
Moved the includes for Lua headers to the .cc files so they are
not needlessly, repeatedly included.
Similarly, moved some standard headers to the .cc files and reorganized
includes to be uniform for all nse_* source files.
Fixed whitespace (removed tabs).
