mirror/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2026-02-06 06:27:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
25,933 Commits 43 Branches 24 Tags
Commit Graph

25933 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Kelley
c71c562486 remove std.crypto.der 
Only a little bit of generalized logic for DER encoding is needed and so
it can live inside the Certificate namespace.

This commit removes the generic "parse object id" function which is no
longer used in favor of more specific, smaller sets of object ids used
with ComptimeStringMap.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
642a8b05c3 std.crypto.tls.Certificate: explicit error set for verify 2023-01-02 16:57:15 -07:00
Andrew Kelley
7cb535d4b5 std.crypto.tls.Certificate: verify time validity 
When scanning the file system for root certificates, expired
certificates are skipped and therefore not used for verification in TLS
sessions. There is only this one check, however, so a long-running
server will need to periodically rescan for a new Certificate.Bundle
and strategically start using it for new sessions. In this commit I made
the judgement call that applications would like to opt-in to root
certificate rescanning at a point in time that makes sense for that
application, as opposed to having the system clock potentially start
causing connections to fail.

Certificate verification checks the subject only, as opposed to both the
subject and the issuer. The idea is that the trust chain analysis will
always check the subject, leading to every certificate in the chain's
validity being checked exactly once, with the root certificate's
validity checked upon scanning.

Furthermore, this commit adjusts the scanning logic to fully parse
certificates, even though only the subject is technically needed. This
allows relying on parsing to succeed later on.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
862ecf2344 std.crypto.tls.Client: handle extra data after handshake 2023-01-02 16:57:15 -07:00
Andrew Kelley
16f936b420 std.crypto.tls: handle the certificate_verify message 2023-01-02 16:57:15 -07:00
Andrew Kelley
29475b4518 std.crypto.tls: validate previous certificate 2023-01-02 16:57:15 -07:00
Andrew Kelley
4f9f4575bd std.crypto.tls: rename HandshakeCipher 2023-01-02 16:57:15 -07:00
Andrew Kelley
22db1e166a std.crypto.CertificateBundle: disable test on WASI 2023-01-02 16:57:15 -07:00
Andrew Kelley
7ed7bd247e std.crypto.tls: verify the common name matches 2023-01-02 16:57:15 -07:00
Andrew Kelley
244a97e8ad std.crypto.tls: certificate signature validation 2023-01-02 16:57:15 -07:00
Andrew Kelley
504070e8fc std.crypto.CertificateBundle: ignore duplicate certificates 2023-01-02 16:57:15 -07:00
Andrew Kelley
bbc074252c introduce std.crypto.CertificateBundle 
for reading root certificate authority bundles from standard
installation locations on the file system. So far only Linux logic is
added.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
3237000d95 std.crypto.tls: rudimentary certificate parsing 2023-01-02 16:57:15 -07:00
Andrew Kelley
5d7eca6669 std.crypto.tls.Client: fix verify_data for batched handshakes 2023-01-02 16:57:15 -07:00
Andrew Kelley
e2c16d03ab std.crypto.tls.Client: support secp256r1 for handshake 2023-01-02 16:57:15 -07:00
Andrew Kelley
f460c21705 std.crypto.tls.Client: avoid hard-coded bytes in key_share 2023-01-02 16:57:15 -07:00
Andrew Kelley
7a23778384 std.crypto.tls: send a legacy session id 
To support middlebox compatibility mode.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
e2efba76aa std.crypto.tls: refactor to remove mutations 
build up the hello message with array concatenation and helper functions
rather than hard-coded offsets and lengths.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
41f4461cda std.crypto.tls.Client: verify the server's Finished message 2023-01-02 16:57:15 -07:00
Andrew Kelley
f6c3a86f0f std.crypto.tls.Client: remove unnecessary coercion 2023-01-02 16:57:15 -07:00
Andrew Kelley
8ef4dcd39f std.crypto.tls: add some benchmark data points 
Looks like aegis-128l is the winner on baseline too.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
942b5b468f std.crypto.tls: implement the rest of the cipher suites 
Also:
 * Use KeyPair.create() function
 * Don't bother with CCM
 2023-01-02 16:57:15 -07:00
Andrew Kelley
93ab8be8d8 extract std.crypto.tls.Client into separate namespace 2023-01-02 16:57:15 -07:00
Andrew Kelley
02c33d02e0 std.crypto.Tls: parse encrypted extensions 2023-01-02 16:57:15 -07:00
Andrew Kelley
462b3ed69c std.crypto.Tls: handshake fixes 
* Handle multiple handshakes in one encrypted record
 * Fix incorrect handshake length sent to server
 2023-01-02 16:57:15 -07:00
Andrew Kelley
b97fc43baa std.crypto.Tls: client is working against some servers 2023-01-02 16:57:15 -07:00
Andrew Kelley
40a85506b2 std.crypto.Tls: add read/write methods 2023-01-02 16:57:15 -07:00
Andrew Kelley
595fff7cb6 std.crypto.Tls: decrypting handshake messages 2023-01-02 16:57:15 -07:00
Andrew Kelley
920e5bc4ff std.crypto.Tls: discard ChangeCipherSpec messages 
The next step here is to decrypt encrypted records
 2023-01-02 16:57:15 -07:00
Andrew Kelley
d2f5d0b199 std.crypto.Tls: parse the ServerHello handshake 2023-01-02 16:57:15 -07:00
Andrew Kelley
ba44513c2f std.http reorg; introduce std.crypto.Tls 
TLS is capable of sending a Client Hello
 2023-01-02 16:57:15 -07:00
Andrew Kelley
cd0d514643 remove the experimental std.x namespace 
Playtime is over. I'm working on networking now.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
ebcfc86bb9 Compilation: better error message for file not found 2023-01-02 16:57:15 -07:00
Andrew Kelley
c1f404ad53 Compilation: fix merge conflict with previous commit 2023-01-02 16:41:13 -07:00
Andrew Kelley
9bcd48e40e Revert "make a .rsp file for zig clang" 
This reverts commit 9db293492bbbc5b8d70638bd9c59dea19d13596c.

It's not OK to call `realpath` in the compiler.

Reopens #12419
 2023-01-02 16:31:45 -07:00
Andrew Kelley
df5fcf5432
Merge pull request #14159 from Vexu/err-fix 
Sema: prevent spurious "depends on itself" errors
 2023-01-02 17:37:27 -05:00
Andrew Kelley
0b99c83c21 fix behavior test compile error 
I bungled the commit 995c36dcb1a82c3ec9cbd0cd7bfbadd5c0abd10e during the
merge. Sorry about that.
 2023-01-02 15:02:33 -07:00
Andrew Kelley
4c1007fc04
Merge pull request #14002 from kcbanner/cbe_msvc_compatibility 
CBE: MSVC-compatible code generation, and fixes to get behaviour tests passing and zig2.c building
 2023-01-02 16:11:17 -05:00
Andrew Kelley
23b1544f6c update zig1.wasm for MSVC compatibility 2023-01-02 14:09:26 -07:00
Andrew Kelley
995c36dcb1 avoid testing inline for in unrelated behavior tests 2023-01-02 14:09:01 -07:00
Andrew Kelley
72560b8db5 add some comments to explain workarounds 2023-01-02 14:08:50 -07:00
kcbanner
4776128099 skip "atomicrmw with 128-bit ints" on everything except cbe 2023-01-02 13:56:32 -07:00
kcbanner
8ebf18635c skip "atomicrmw with 128-bit ints" on linux x64_64 due to linker error 2023-01-02 13:56:32 -07:00
kcbanner
50c31e5caa skip "truncate int128" on wasm 2023-01-02 13:56:32 -07:00
kcbanner
fc84b233ee skip "truncate to non-power-of-two integers from 128-bit" on non-llvm 2023-01-02 13:56:32 -07:00
kcbanner
c2f5c3bc4e skip "binary not 128-bit" on non-llvm 2023-01-02 13:56:32 -07:00
kcbanner
45a55df12c cbe: fixups for -Wstrict-prototypes 2023-01-02 13:56:32 -07:00
kcbanner
9c951cc874 fmt fixups 2023-01-02 13:56:32 -07:00
kcbanner
cac652f81b cbe: fixup cpuid on non-msvc 2023-01-02 13:56:17 -07:00
kcbanner
ccf0ab0ef6 cbe: use callconv(.C) for zig.g stub functions, use zig.h function for windows teb instead of syscall 2023-01-02 13:56:11 -07:00