Author: bh
Date: 2007-10-05 21:03:33 +0200 (Fri, 05 Oct 2007)
New Revision: 413
Modified:
trunk/openvas-libnasl/ChangeLog
trunk/openvas-libnasl/nasl/nasl.c
trunk/openvas-libnasl/nasl/nasl_crypto2.c
Log:
* nasl/nasl.c (usage, main): Remove the option to sign a
script (-S). It's not needed anymore in OpenVAS.
* nasl/nasl_crypto2.c (generate_signed_script): Remove. Now
unused.
Modified: trunk/openvas-libnasl/ChangeLog
===================================================================
--- trunk/openvas-libnasl/ChangeLog 2007-10-05 18:52:04 UTC (rev 412)
+++ trunk/openvas-libnasl/ChangeLog 2007-10-05 19:03:33 UTC (rev 413)
@@ -1,5 +1,13 @@
2007-10-05 Bernhard Herzog <[EMAIL PROTECTED]>
+ * nasl/nasl.c (usage, main): Remove the option to sign a
+ script (-S). It's not needed anymore in OpenVAS.
+
+ * nasl/nasl_crypto2.c (generate_signed_script): Remove. Now
+ unused.
+
+2007-10-05 Bernhard Herzog <[EMAIL PROTECTED]>
+
* test/README: New. Some information about the test suite,
especially the signature tests.
Modified: trunk/openvas-libnasl/nasl/nasl.c
===================================================================
--- trunk/openvas-libnasl/nasl/nasl.c 2007-10-05 18:52:04 UTC (rev 412)
+++ trunk/openvas-libnasl/nasl/nasl.c 2007-10-05 19:03:33 UTC (rev 413)
@@ -108,7 +108,6 @@
printf("\t-T file : Trace actions into the file (or '-' for stderr)\n");
printf("\t-s : specifies that the script should be run with 'safe checks'
enabled\n");
printf("\t-v : shows the version number\n");
- printf("\t-S : sign the script\n");
printf("\t-X : Run the script in 'authenticated' mode\n");
}
@@ -133,19 +132,9 @@
---------------------------------------------*/
mode |= NASL_COMMAND_LINE;
- while((i = getopt(argc, argv, "hvt:k:T:spS:XDL"))!=EOF)
+ while((i = getopt(argc, argv, "hvt:k:T:spXDL"))!=EOF)
switch(i)
{
- case 'S' :
- if ( optarg == NULL ) {
- usage();
- exit(1);
- }
-
- nessus_SSL_init(NULL);
- generate_signed_script(optarg);
- exit(0);
- break;
case 'X' :
mode |= NASL_ALWAYS_SIGNED;
break;
Modified: trunk/openvas-libnasl/nasl/nasl_crypto2.c
===================================================================
--- trunk/openvas-libnasl/nasl/nasl_crypto2.c 2007-10-05 18:52:04 UTC (rev
412)
+++ trunk/openvas-libnasl/nasl/nasl_crypto2.c 2007-10-05 19:03:33 UTC (rev
413)
@@ -1199,101 +1199,3 @@
close(fd);
return contents;
}
-
-
-/*----------------------------- Script signature management
------------------------------------------*/
-
-/*
- * Signs a given script
- */
-int
-generate_signed_script(char * filename)
-{
- const char * pemfilename = NESSUS_STATE_DIR "/openvas/openvas_org.priv.pem";
- int result = -1;
- int i;
- int be_len;
- gnutls_datum_t pem = {NULL, 0};
- gnutls_datum_t script = {NULL, 0};
- gnutls_x509_privkey_t privkey = NULL;
- unsigned char* signature = NULL;
- size_t signature_size = 0;
- int err;
-
- err = gnutls_x509_privkey_init(&privkey);
- if (err)
- {
- print_tls_error(NULL, "gnutls_x509_privkey_init", err);
- goto fail;
- }
-
- pem = map_file(pemfilename);
- if (!pem.data)
- goto fail;
-
- err = gnutls_x509_privkey_import(privkey, &pem, GNUTLS_X509_FMT_PEM);
- if (err)
- {
- print_tls_error(NULL, "gnutls_x509_privkey_import", err);
- goto fail;
- }
-
- script = map_file(filename);
- if (!script.data)
- {
- goto fail;
- }
-
- /* append the size of the file at the end of the script */
- script.data = erealloc(script.data, script.size + sizeof(be_len));
- be_len = htonl(script.size);
- memcpy(script.data + script.size, &be_len, sizeof(be_len));
- script.size += sizeof(be_len);
-
- /* call gnutls_x509_privkey_sign_data twice: once to determine the
- * size of the signature and then again to actually create the
- * signature */
- err = gnutls_x509_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &script,
- signature, &signature_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- print_tls_error(NULL, "gnutls_x509_privkey_sign_data", err);
- goto fail;
- }
-
- signature = emalloc(signature_size);
- err = gnutls_x509_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &script,
- signature, &signature_size);
- if (err)
- {
- print_tls_error(NULL, "gnutls_x509_privkey_sign_data", err);
- goto fail;
- }
-
- /* print the header with the signature */
- printf("#TRUSTED ");
- for (i = 0; i < signature_size; i++)
- {
- printf("%.2x", signature[i]);
- }
- printf("\n");
-
- /* strip the size from the end of the script again */
- script.size -= sizeof(be_len);
- memset(script.data + script.size, 0, sizeof(be_len));
-
- /* print the script itself */
- printf("%s", script.data);
- fflush(stdout);
-
- result = 0;
-
- fail:
- efree(&pem.data);
- efree(&script.data);
- efree(&signature);
- gnutls_x509_privkey_deinit(privkey);
-
- return result;
-}
-
_______________________________________________
Openvas-commits mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-commits