mirror/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2026-02-07 23:17:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
34,846 Commits 43 Branches 24 Tags
Commit Graph

12877 Commits

Author SHA1 Message Date
Andrew Kelley
5bbedb63cf std.crypto.Certificate: support verifying secp384r1 pub keys 2023-01-02 16:57:15 -07:00
Andrew Kelley
b1cbfa0ec6 std.crypto.Certificate: remove subject_alt_name parsing 
I believe this is provided as an extension, not in this location.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
b24f178029 std.crypto.tls.Certificate: fix parsing missing subsequent fields 
Instead of seeing all the attributed types and values, the code was only
seeing the first one.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
a1f6a08dcb std.crypto.Certificate.Bundle: fix 32-bit build 2023-01-02 16:57:15 -07:00
Andrew Kelley
5b8b5f2505 add url parsing to the std lib 2023-01-02 16:57:15 -07:00
Andrew Kelley
c71c562486 remove std.crypto.der 
Only a little bit of generalized logic for DER encoding is needed and so
it can live inside the Certificate namespace.

This commit removes the generic "parse object id" function which is no
longer used in favor of more specific, smaller sets of object ids used
with ComptimeStringMap.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
642a8b05c3 std.crypto.tls.Certificate: explicit error set for verify 2023-01-02 16:57:15 -07:00
Andrew Kelley
7cb535d4b5 std.crypto.tls.Certificate: verify time validity 
When scanning the file system for root certificates, expired
certificates are skipped and therefore not used for verification in TLS
sessions. There is only this one check, however, so a long-running
server will need to periodically rescan for a new Certificate.Bundle
and strategically start using it for new sessions. In this commit I made
the judgement call that applications would like to opt-in to root
certificate rescanning at a point in time that makes sense for that
application, as opposed to having the system clock potentially start
causing connections to fail.

Certificate verification checks the subject only, as opposed to both the
subject and the issuer. The idea is that the trust chain analysis will
always check the subject, leading to every certificate in the chain's
validity being checked exactly once, with the root certificate's
validity checked upon scanning.

Furthermore, this commit adjusts the scanning logic to fully parse
certificates, even though only the subject is technically needed. This
allows relying on parsing to succeed later on.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
862ecf2344 std.crypto.tls.Client: handle extra data after handshake 2023-01-02 16:57:15 -07:00
Andrew Kelley
16f936b420 std.crypto.tls: handle the certificate_verify message 2023-01-02 16:57:15 -07:00
Andrew Kelley
29475b4518 std.crypto.tls: validate previous certificate 2023-01-02 16:57:15 -07:00
Andrew Kelley
4f9f4575bd std.crypto.tls: rename HandshakeCipher 2023-01-02 16:57:15 -07:00
Andrew Kelley
22db1e166a std.crypto.CertificateBundle: disable test on WASI 2023-01-02 16:57:15 -07:00
Andrew Kelley
7ed7bd247e std.crypto.tls: verify the common name matches 2023-01-02 16:57:15 -07:00
Andrew Kelley
244a97e8ad std.crypto.tls: certificate signature validation 2023-01-02 16:57:15 -07:00
Andrew Kelley
504070e8fc std.crypto.CertificateBundle: ignore duplicate certificates 2023-01-02 16:57:15 -07:00
Andrew Kelley
bbc074252c introduce std.crypto.CertificateBundle 
for reading root certificate authority bundles from standard
installation locations on the file system. So far only Linux logic is
added.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
3237000d95 std.crypto.tls: rudimentary certificate parsing 2023-01-02 16:57:15 -07:00
Andrew Kelley
5d7eca6669 std.crypto.tls.Client: fix verify_data for batched handshakes 2023-01-02 16:57:15 -07:00
Andrew Kelley
e2c16d03ab std.crypto.tls.Client: support secp256r1 for handshake 2023-01-02 16:57:15 -07:00
Andrew Kelley
f460c21705 std.crypto.tls.Client: avoid hard-coded bytes in key_share 2023-01-02 16:57:15 -07:00
Andrew Kelley
7a23778384 std.crypto.tls: send a legacy session id 
To support middlebox compatibility mode.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
e2efba76aa std.crypto.tls: refactor to remove mutations 
build up the hello message with array concatenation and helper functions
rather than hard-coded offsets and lengths.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
41f4461cda std.crypto.tls.Client: verify the server's Finished message 2023-01-02 16:57:15 -07:00
Andrew Kelley
f6c3a86f0f std.crypto.tls.Client: remove unnecessary coercion 2023-01-02 16:57:15 -07:00
Andrew Kelley
8ef4dcd39f std.crypto.tls: add some benchmark data points 
Looks like aegis-128l is the winner on baseline too.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
942b5b468f std.crypto.tls: implement the rest of the cipher suites 
Also:
 * Use KeyPair.create() function
 * Don't bother with CCM
 2023-01-02 16:57:15 -07:00
Andrew Kelley
93ab8be8d8 extract std.crypto.tls.Client into separate namespace 2023-01-02 16:57:15 -07:00
Andrew Kelley
02c33d02e0 std.crypto.Tls: parse encrypted extensions 2023-01-02 16:57:15 -07:00
Andrew Kelley
462b3ed69c std.crypto.Tls: handshake fixes 
* Handle multiple handshakes in one encrypted record
 * Fix incorrect handshake length sent to server
 2023-01-02 16:57:15 -07:00
Andrew Kelley
b97fc43baa std.crypto.Tls: client is working against some servers 2023-01-02 16:57:15 -07:00
Andrew Kelley
40a85506b2 std.crypto.Tls: add read/write methods 2023-01-02 16:57:15 -07:00
Andrew Kelley
595fff7cb6 std.crypto.Tls: decrypting handshake messages 2023-01-02 16:57:15 -07:00
Andrew Kelley
920e5bc4ff std.crypto.Tls: discard ChangeCipherSpec messages 
The next step here is to decrypt encrypted records
 2023-01-02 16:57:15 -07:00
Andrew Kelley
d2f5d0b199 std.crypto.Tls: parse the ServerHello handshake 2023-01-02 16:57:15 -07:00
Andrew Kelley
ba44513c2f std.http reorg; introduce std.crypto.Tls 
TLS is capable of sending a Client Hello
 2023-01-02 16:57:15 -07:00
Andrew Kelley
cd0d514643 remove the experimental std.x namespace 
Playtime is over. I'm working on networking now.
 2023-01-02 16:57:15 -07:00
Andrew Kelley
72560b8db5 add some comments to explain workarounds 2023-01-02 14:08:50 -07:00
kcbanner
45a55df12c cbe: fixups for -Wstrict-prototypes 2023-01-02 13:56:32 -07:00
kcbanner
cac652f81b cbe: fixup cpuid on non-msvc 2023-01-02 13:56:17 -07:00
kcbanner
ccf0ab0ef6 cbe: use callconv(.C) for zig.g stub functions, use zig.h function for windows teb instead of syscall 2023-01-02 13:56:11 -07:00
kcbanner
0251ce1e1b compiler_rt: skip "__udivei4/__umodei4" on cbe due to missing > 128 bit integer support 2023-01-02 13:55:45 -07:00
kcbanner
6cab3c304e cbe: be more explicit about x86 special cases 2023-01-02 13:55:45 -07:00
kcbanner
676e4f3824 cbe: changes to get zig2.c compiling under msvc 
- Add cpuid / getXCR0 functions for the cbe to use instead of asm blocks
- Don't cast between 128 bit types during truncation
- Fixup truncation to use functions for shifts / adds
- Fixup float casts for undefined values
- Add test for 128 bit integer truncation
 2023-01-01 16:44:29 -05:00
kcbanner
f07d33f54b cbe: fixes for compiling zig2.c under msvc 
- add zig_mul_i128
- render slice structs in static initializers without casts / c99 style init
- add negative numbers and u128 to 128-bit multiply test
 2023-01-01 16:44:29 -05:00
kcbanner
55c3551bef cbe: fixup 64 bit float atomics 2023-01-01 16:44:29 -05:00
kcbanner
7a20e7589e stage1: update zig1.wasm 2023-01-01 16:44:29 -05:00
kcbanner
5d59799641 cbe: add msvc flt atomics, re-enable test 2023-01-01 16:44:29 -05:00
kcbanner
6ed049fe36 cbe: all behaviour tests now pass on msvc 
- Fix zig_clz_u128 not respecting the bits argument. This was crashing the compile-rt addxf3 tests with the cbe
- Instead of redering a negation for negative 128 bit int literals, render the literal as twos complement. This allows
rendering int representations of floats correctly (specifically f80).
 2023-01-01 16:44:29 -05:00
kcbanner
7b999dae73 cbe: special float macros passthrough to builtins if available, but fallback to conversion from repr if not 2023-01-01 16:44:29 -05:00