meta: mark SSL CA as done in todo
This commit is contained in:
parent
a9525eb8cc
commit
9640a6cf4d
SSH key fingerprint:
SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
2 changed files with 5 additions and 223 deletions
|
|
@ -1,7 +1,7 @@
|
||||||
From f568270c4ec5b0472e0a49af510fd58f1f65155b Mon Sep 17 00:00:00 2001
|
From f568270c4ec5b0472e0a49af510fd58f1f65155b Mon Sep 17 00:00:00 2001
|
||||||
From: Mara Sophie Grosch <littlefox@lf-net.org>
|
From: Mara Sophie Grosch <littlefox@lf-net.org>
|
||||||
Date: Sat, 13 Feb 2021 23:01:02 +0100
|
Date: Sat, 13 Feb 2021 23:01:02 +0100
|
||||||
Subject: [PATCH 1/4] Resolve SRV record for hostname
|
Subject: [PATCH 1/3] Resolve SRV record for hostname
|
||||||
|
|
||||||
Very crude first implementation, needs more polishing.
|
Very crude first implementation, needs more polishing.
|
||||||
|
|
||||||
|
|
@ -296,7 +296,7 @@ index 0019281f4..95871013f 100644
|
||||||
From 885aca548189e24d50431f59b1c7c14b378c4d91 Mon Sep 17 00:00:00 2001
|
From 885aca548189e24d50431f59b1c7c14b378c4d91 Mon Sep 17 00:00:00 2001
|
||||||
From: Mara Sophie Grosch <littlefox@lf-net.org>
|
From: Mara Sophie Grosch <littlefox@lf-net.org>
|
||||||
Date: Sat, 13 Feb 2021 23:12:31 +0100
|
Date: Sat, 13 Feb 2021 23:12:31 +0100
|
||||||
Subject: [PATCH 2/4] Move DNS name decoding to dns.{c/h}
|
Subject: [PATCH 2/3] Move DNS name decoding to dns.{c/h}
|
||||||
|
|
||||||
---
|
---
|
||||||
dns.c | 43 +++++++++++++++++++++++++++++++++++++++++++
|
dns.c | 43 +++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
|
@ -421,228 +421,10 @@ index 95871013f..c295653e4 100644
|
||||||
2.44.1
|
2.44.1
|
||||||
|
|
||||||
|
|
||||||
From ac087b03f2733b128616bb575c11c511b81b6b39 Mon Sep 17 00:00:00 2001
|
From afa1e00156dc0fb899e3ed48d08480cece390d03 Mon Sep 17 00:00:00 2001
|
||||||
From: Mara Sophie Grosch <littlefox@lf-net.org>
|
|
||||||
Date: Sun, 14 Feb 2021 00:20:26 +0100
|
|
||||||
Subject: [PATCH 3/4] Add some unit tests for dns_decode_name
|
|
||||||
|
|
||||||
---
|
|
||||||
Makefile.in | 17 +++++++++++++
|
|
||||||
dns.c | 32 ++++++++++++++++-------
|
|
||||||
regress/Makefile | 1 +
|
|
||||||
regress/unittests/Makefile | 3 ++-
|
|
||||||
regress/unittests/dns/tests.c | 48 +++++++++++++++++++++++++++++++++++
|
|
||||||
5 files changed, 91 insertions(+), 10 deletions(-)
|
|
||||||
create mode 100644 regress/unittests/dns/tests.c
|
|
||||||
|
|
||||||
diff --git a/Makefile.in b/Makefile.in
|
|
||||||
index e1b77ebc6..4f30d0c5f 100644
|
|
||||||
--- a/Makefile.in
|
|
||||||
+++ b/Makefile.in
|
|
||||||
@@ -288,6 +288,8 @@ clean: regressclean
|
|
||||||
rm -f regress/unittests/bitmap/test_bitmap$(EXEEXT)
|
|
||||||
rm -f regress/unittests/conversion/*.o
|
|
||||||
rm -f regress/unittests/conversion/test_conversion$(EXEEXT)
|
|
||||||
+ rm -f regress/unittests/dns/*.o
|
|
||||||
+ rm -f regress/unittests/dns/test_dns$(EXEEXT)
|
|
||||||
rm -f regress/unittests/hostkeys/*.o
|
|
||||||
rm -f regress/unittests/hostkeys/test_hostkeys$(EXEEXT)
|
|
||||||
rm -f regress/unittests/kex/*.o
|
|
||||||
@@ -325,6 +327,8 @@ distclean: regressclean
|
|
||||||
rm -f regress/unittests/bitmap/test_bitmap
|
|
||||||
rm -f regress/unittests/conversion/*.o
|
|
||||||
rm -f regress/unittests/conversion/test_conversion
|
|
||||||
+ rm -f regress/unittests/dns/*.o
|
|
||||||
+ rm -f regress/unittests/dns/test_dns
|
|
||||||
rm -f regress/unittests/hostkeys/*.o
|
|
||||||
rm -f regress/unittests/hostkeys/test_hostkeys
|
|
||||||
rm -f regress/unittests/kex/*.o
|
|
||||||
@@ -510,6 +514,7 @@ regress-prep:
|
|
||||||
$(MKDIR_P) `pwd`/regress/unittests/authopt
|
|
||||||
$(MKDIR_P) `pwd`/regress/unittests/bitmap
|
|
||||||
$(MKDIR_P) `pwd`/regress/unittests/conversion
|
|
||||||
+ $(MKDIR_P) `pwd`/regress/unittests/dns
|
|
||||||
$(MKDIR_P) `pwd`/regress/unittests/hostkeys
|
|
||||||
$(MKDIR_P) `pwd`/regress/unittests/kex
|
|
||||||
$(MKDIR_P) `pwd`/regress/unittests/match
|
|
||||||
@@ -629,6 +634,17 @@ regress/unittests/conversion/test_conversion$(EXEEXT): \
|
|
||||||
regress/unittests/test_helper/libtest_helper.a \
|
|
||||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
|
|
||||||
|
|
||||||
+UNITTESTS_TEST_DNS_OBJS=\
|
|
||||||
+ regress/unittests/dns/tests.o \
|
|
||||||
+ $(SKOBJS)
|
|
||||||
+
|
|
||||||
+regress/unittests/dns/test_dns$(EXEEXT): \
|
|
||||||
+ ${UNITTESTS_TEST_DNS_OBJS} \
|
|
||||||
+ regress/unittests/test_helper/libtest_helper.a libssh.a
|
|
||||||
+ $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_DNS_OBJS) \
|
|
||||||
+ regress/unittests/test_helper/libtest_helper.a \
|
|
||||||
+ -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
|
||||||
+
|
|
||||||
UNITTESTS_TEST_KEX_OBJS=\
|
|
||||||
regress/unittests/kex/tests.o \
|
|
||||||
regress/unittests/kex/test_kex.o \
|
|
||||||
@@ -718,6 +734,7 @@ regress-unit-binaries: regress-prep $(REGRESSLIBS) \
|
|
||||||
regress/unittests/authopt/test_authopt$(EXEEXT) \
|
|
||||||
regress/unittests/bitmap/test_bitmap$(EXEEXT) \
|
|
||||||
regress/unittests/conversion/test_conversion$(EXEEXT) \
|
|
||||||
+ regress/unittests/dns/test_dns$(EXEEXT) \
|
|
||||||
regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
|
|
||||||
regress/unittests/kex/test_kex$(EXEEXT) \
|
|
||||||
regress/unittests/match/test_match$(EXEEXT) \
|
|
||||||
diff --git a/dns.c b/dns.c
|
|
||||||
index ab156f5c3..dfd4a49bb 100644
|
|
||||||
--- a/dns.c
|
|
||||||
+++ b/dns.c
|
|
||||||
@@ -351,23 +351,34 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic,
|
|
||||||
*/
|
|
||||||
char*
|
|
||||||
dns_decode_name(const char* data, size_t len) {
|
|
||||||
- size_t index = 0;
|
|
||||||
+ if(len < 1) {
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
char* decoded = NULL;
|
|
||||||
size_t size = 0;
|
|
||||||
|
|
||||||
- uint8_t next_label_len;
|
|
||||||
- do {
|
|
||||||
- next_label_len = data[index];
|
|
||||||
+ size_t index = 0;
|
|
||||||
+ uint8_t next_label_len = data[index++];
|
|
||||||
+
|
|
||||||
+ while(1) {
|
|
||||||
+ if(index + next_label_len > len) {
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if(!next_label_len) {
|
|
||||||
+ return decoded;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
char* old_decoded = decoded;
|
|
||||||
|
|
||||||
if(old_decoded) {
|
|
||||||
decoded = malloc(size + next_label_len + 2);
|
|
||||||
+ decoded[size + next_label_len + 1] = 0;
|
|
||||||
+
|
|
||||||
memcpy(decoded, old_decoded, size);
|
|
||||||
decoded[size] = '.';
|
|
||||||
- memcpy(decoded + size + 1, data + index + 1, next_label_len);
|
|
||||||
- decoded[size + next_label_len + 1] = 0;
|
|
||||||
+ memcpy(decoded + size + 1, data + index, next_label_len);
|
|
||||||
|
|
||||||
size += 1;
|
|
||||||
|
|
||||||
@@ -375,13 +386,16 @@ dns_decode_name(const char* data, size_t len) {
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
decoded = malloc(next_label_len + 1);
|
|
||||||
- memcpy(decoded, data + index + 1, next_label_len);
|
|
||||||
decoded[next_label_len] = 0;
|
|
||||||
+
|
|
||||||
+ memcpy(decoded, data + index, next_label_len);
|
|
||||||
}
|
|
||||||
|
|
||||||
size += next_label_len;
|
|
||||||
- index += next_label_len + 1;
|
|
||||||
- } while(next_label_len > 0 && index + next_label_len <= len);
|
|
||||||
+ index += next_label_len;
|
|
||||||
+
|
|
||||||
+ next_label_len = data[index++];
|
|
||||||
+ }
|
|
||||||
|
|
||||||
return decoded;
|
|
||||||
}
|
|
||||||
diff --git a/regress/Makefile b/regress/Makefile
|
|
||||||
index 7f7349706..af22225c5 100644
|
|
||||||
--- a/regress/Makefile
|
|
||||||
+++ b/regress/Makefile
|
|
||||||
@@ -305,6 +305,7 @@ unit:
|
|
||||||
-d ${.CURDIR}/unittests/authopt/testdata ; \
|
|
||||||
$$V ${.OBJDIR}/unittests/bitmap/test_bitmap ; \
|
|
||||||
$$V ${.OBJDIR}/unittests/conversion/test_conversion ; \
|
|
||||||
+ $$V ${.OBJDIR}/unittests/dns/test_dns ; \
|
|
||||||
$$V ${.OBJDIR}/unittests/kex/test_kex ; \
|
|
||||||
$$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \
|
|
||||||
-d ${.CURDIR}/unittests/hostkeys/testdata ; \
|
|
||||||
diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile
|
|
||||||
index e370900e4..3032c2d1b 100644
|
|
||||||
--- a/regress/unittests/Makefile
|
|
||||||
+++ b/regress/unittests/Makefile
|
|
||||||
@@ -1,6 +1,7 @@
|
|
||||||
# $OpenBSD: Makefile,v 1.13 2023/09/24 08:14:13 claudio Exp $
|
|
||||||
|
|
||||||
-SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion
|
|
||||||
+REGRESS_FAIL_EARLY?= yes
|
|
||||||
+SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion dns
|
|
||||||
SUBDIR+=authopt misc sshsig
|
|
||||||
|
|
||||||
.include <bsd.subdir.mk>
|
|
||||||
diff --git a/regress/unittests/dns/tests.c b/regress/unittests/dns/tests.c
|
|
||||||
new file mode 100644
|
|
||||||
index 000000000..53e6d0a6e
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/regress/unittests/dns/tests.c
|
|
||||||
@@ -0,0 +1,48 @@
|
|
||||||
+/* $OpenBSD: tests.c,v 1.3 2021/01/18 11:43:34 dtucker Exp $ */
|
|
||||||
+/*
|
|
||||||
+ * Regress test for dns utility functions
|
|
||||||
+ *
|
|
||||||
+ * Placed in the public domain
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#include "includes.h"
|
|
||||||
+
|
|
||||||
+#include <sys/types.h>
|
|
||||||
+#include <sys/param.h>
|
|
||||||
+#include <stdio.h>
|
|
||||||
+#ifdef HAVE_STDINT_H
|
|
||||||
+#include <stdint.h>
|
|
||||||
+#endif
|
|
||||||
+#include <stdlib.h>
|
|
||||||
+#include <string.h>
|
|
||||||
+
|
|
||||||
+#include "../test_helper/test_helper.h"
|
|
||||||
+
|
|
||||||
+#include "sshkey.h"
|
|
||||||
+#include "dns.h"
|
|
||||||
+
|
|
||||||
+void
|
|
||||||
+tests(void)
|
|
||||||
+{
|
|
||||||
+ TEST_START("dns_decode_name");
|
|
||||||
+
|
|
||||||
+ // no data at all
|
|
||||||
+ ASSERT_PTR_EQ(dns_decode_name(0, 0), NULL);
|
|
||||||
+
|
|
||||||
+ // some data, but truncated a lot
|
|
||||||
+ ASSERT_PTR_EQ(dns_decode_name("\04example", 4), NULL);
|
|
||||||
+
|
|
||||||
+ // some data, but truncated (trailing zero length label missing)
|
|
||||||
+ ASSERT_PTR_EQ(dns_decode_name("\07example", 8), NULL);
|
|
||||||
+
|
|
||||||
+ // single label, correct data
|
|
||||||
+ ASSERT_STRING_EQ(dns_decode_name("\07example", 9), "example");
|
|
||||||
+
|
|
||||||
+ // two labels, correct data
|
|
||||||
+ ASSERT_STRING_EQ(dns_decode_name("\07example\03com", 13), "example.com");
|
|
||||||
+
|
|
||||||
+ // three labels, correct data
|
|
||||||
+ ASSERT_STRING_EQ(dns_decode_name("\03www\07example\03com", 17), "www.example.com");
|
|
||||||
+
|
|
||||||
+ TEST_DONE();
|
|
||||||
+}
|
|
||||||
--
|
|
||||||
2.44.1
|
|
||||||
|
|
||||||
|
|
||||||
From d17e6c0b75b56914b755356e464b8aa77b442fa3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Mara Sophie Grosch <littlefox@lf-net.org>
|
From: Mara Sophie Grosch <littlefox@lf-net.org>
|
||||||
Date: Sun, 14 Feb 2021 00:35:53 +0100
|
Date: Sun, 14 Feb 2021 00:35:53 +0100
|
||||||
Subject: [PATCH 4/4] Code reordering: fix uninitialized use
|
Subject: [PATCH 3/3] Code reordering: fix uninitialized use
|
||||||
|
|
||||||
---
|
---
|
||||||
ssh.c | 5 +++--
|
ssh.c | 5 +++--
|
||||||
|
|
|
||||||
2
todo.md
2
todo.md
|
|
@ -47,7 +47,7 @@
|
||||||
# Certificate Authority
|
# Certificate Authority
|
||||||
- [ ] SSH CA
|
- [ ] SSH CA
|
||||||
- https://vriska.dev/trusting-ssh-keys-using-a-centralized-hardware-secret/
|
- https://vriska.dev/trusting-ssh-keys-using-a-centralized-hardware-secret/
|
||||||
- [ ] SSL CA
|
- [x] SSL CA
|
||||||
- [ ] Signing server?
|
- [ ] Signing server?
|
||||||
|
|
||||||
# NixVim
|
# NixVim
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue