From 2e424e019f6e7e12656a045ed4b9804f786dede9 Mon Sep 17 00:00:00 2001 From: dec05eba Date: Fri, 7 Jul 2023 00:19:30 +0200 Subject: [PATCH] Client.zig: support rsa_pss_rsae_sha384 and rsa_pss_rsae_sha512 This fixes HTTP GET to https://www.iana.org/domains/reserved for example --- lib/std/crypto/tls/Client.zig | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/lib/std/crypto/tls/Client.zig b/lib/std/crypto/tls/Client.zig index 74dff13c70..37306dd37f 100644 --- a/lib/std/crypto/tls/Client.zig +++ b/lib/std/crypto/tls/Client.zig @@ -595,11 +595,14 @@ pub fn init(stream: anytype, ca_bundle: Certificate.Bundle, host: []const u8) In const key = try Ecdsa.PublicKey.fromSec1(main_cert_pub_key); try sig.verify(verify_bytes, key); }, - .rsa_pss_rsae_sha256 => { + inline .rsa_pss_rsae_sha256, + .rsa_pss_rsae_sha384, + .rsa_pss_rsae_sha512, + => |comptime_scheme| { if (main_cert_pub_key_algo != .rsaEncryption) return error.TlsBadSignatureScheme; - const Hash = crypto.hash.sha2.Sha256; + const Hash = SchemeHash(comptime_scheme); const rsa = Certificate.rsa; const components = try rsa.PublicKey.parseDer(main_cert_pub_key); const exponent = components.exponent; @@ -1295,6 +1298,15 @@ fn SchemeEcdsa(comptime scheme: tls.SignatureScheme) type { }; } +fn SchemeHash(comptime scheme: tls.SignatureScheme) type { + return switch (scheme) { + .rsa_pss_rsae_sha256 => crypto.hash.sha2.Sha256, + .rsa_pss_rsae_sha384 => crypto.hash.sha2.Sha384, + .rsa_pss_rsae_sha512 => crypto.hash.sha2.Sha512, + else => @compileError("bad scheme"), + }; +} + /// Abstraction for sending multiple byte buffers to a slice of iovecs. const VecPut = struct { iovecs: []const std.os.iovec,