Monday, August 06, 2018
I guess we'll see how well CBOR works
The Corporate Overlords of The Corporation have spoken, and lo, they said “Worry not, for you do not have to deal with the stupidity—we shall deal.” So great, we don't have to drink the REST/HTTPS über alles Kool-Aid™, but instead query our Corporate Overlords for the data, who have drunk the REST/HTTPS über alles Kool-Aid™ (or were forced to by the company we query for the data—the end effect is the same though).
Sigh.
So for now, we still make our queries via UDP, only now in CBOR—the legacy format of DNS is apparently too arcane to support any more.
I have a Lua module but we also need one in C. There are some existing ones, but they have their issues (either an alien build system or missing some critical CBOR feature) so I've been working on a C library I started a few years ago and never finished.
It's working now,
and to test it,
I've been using valgrind to ensure memory safety,
in addition to using /dev/urandom to generate random garbage:
GenericUnixPrompt% dd if=/dev/urandom count=2 | tee bad-data | valgrind ./testdecoder
dd is one of those relatively arcane Unix programs that I find useful on occasion
(like here to generate some random data). tee I use to record the data so I can play it back when valgrind finds an issue.
This is a reasonable way to fuzz a program.
It did find several issues that could have lead to a crash,
and I don't leak any memory so the code should be good to go.
It seems that checking the TLS API version number is useless
I've pretty much finished the Lua TLS module and before releasing it,
I thought it might be nice to ensure it compiles with previous versions of libtls.
The main header file contains the defined value TLS_API,
which I assume is updated whenever the API is updated.
So I began the arduous procedure of downloading previous versions of libtls to ensure I can compile against any version.
I started with LibreSSL version 2.7.4
(current when I started—they are now up to 2.8.0 as I write this).
The defined value TLS_API had a value of “20180210”.
I checked version 2.7.0 and no change in libtls.
It wasn't until I got into the pre-2.7 versions that things started going south.
The previous version of TLS_API,
“20170126”,
was first defined in 2.5.1,
and last used in 2.6.5.
But the API changed quite a bit between versions 2.5.1 and 2.6.5.
Five functions were added:
tls_config_set_crl_file()tls_config_set_crl_mem()tls_config_set_ecdhecurves()tls_peer_cert_chain_pem()tls_unload_file()
What's the point of having a defined value like TLS_API if it doesn't change when you add new functions?
Fortunately,
the defined value LIBRESSL_VERSION_NUMBER is updated per version,
so at least I can use that.
Sigh.
![[The future's so bright, I gotta wear shades]](https://www.conman.org/people/spc/about/2023/1023.t.jpg "The future's so bright, I gotta wear shades")