mirror/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2026-01-28 10:15:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Client.zig: support rsa_pss_rsae_sha384 and rsa_pss_rsae_sha512

Browse Source 
This fixes HTTP GET to https://www.iana.org/domains/reserved
for example
This commit is contained in:
dec05eba 2023-07-07 00:19:30 +02:00 committed by Andrew Kelley
parent 44df3a148b
commit 2e424e019f
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/std/crypto/tls/Client.zig
View File

@ -595,11 +595,14 @@ pub fn init(stream: anytype, ca_bundle: Certificate.Bundle, host: []const u8) In
const key = try Ecdsa.PublicKey.fromSec1(main_cert_pub_key);
try sig.verify(verify_bytes, key);
},
.rsa_pss_rsae_sha256 => {
inline .rsa_pss_rsae_sha256,
.rsa_pss_rsae_sha384,
.rsa_pss_rsae_sha512,
=> |comptime_scheme| {
if (main_cert_pub_key_algo != .rsaEncryption)
return error.TlsBadSignatureScheme;
const Hash = crypto.hash.sha2.Sha256;
const Hash = SchemeHash(comptime_scheme);
const rsa = Certificate.rsa;
const components = try rsa.PublicKey.parseDer(main_cert_pub_key);
const exponent = components.exponent;
@ -1295,6 +1298,15 @@ fn SchemeEcdsa(comptime scheme: tls.SignatureScheme) type {
};
}
fn SchemeHash(comptime scheme: tls.SignatureScheme) type {
return switch (scheme) {
.rsa_pss_rsae_sha256 => crypto.hash.sha2.Sha256,
.rsa_pss_rsae_sha384 => crypto.hash.sha2.Sha384,
.rsa_pss_rsae_sha512 => crypto.hash.sha2.Sha512,
else => @compileError("bad scheme"),
};
}
/// Abstraction for sending multiple byte buffers to a slice of iovecs.
const VecPut = struct {
iovecs: []const std.os.iovec,