Commit 2e424e019f

dec05eba <dec05eba@protonmail.com>
2023-07-07 00:19:30
Client.zig: support rsa_pss_rsae_sha384 and rsa_pss_rsae_sha512
This fixes HTTP GET to https://www.iana.org/domains/reserved for example
master
1 parent 44df3a1
Changed files (1)
lib
std
crypto
tls
Client.zig
lib/std/crypto/tls/Client.zig
@@ -595,11 +595,14 @@ pub fn init(stream: anytype, ca_bundle: Certificate.Bundle, host: []const u8) In
                                     const key = try Ecdsa.PublicKey.fromSec1(main_cert_pub_key);
                                     try sig.verify(verify_bytes, key);
                                 },
-                                .rsa_pss_rsae_sha256 => {
+                                inline .rsa_pss_rsae_sha256,
+                                .rsa_pss_rsae_sha384,
+                                .rsa_pss_rsae_sha512,
+                                => |comptime_scheme| {
                                     if (main_cert_pub_key_algo != .rsaEncryption)
                                         return error.TlsBadSignatureScheme;
 
-                                    const Hash = crypto.hash.sha2.Sha256;
+                                    const Hash = SchemeHash(comptime_scheme);
                                     const rsa = Certificate.rsa;
                                     const components = try rsa.PublicKey.parseDer(main_cert_pub_key);
                                     const exponent = components.exponent;
@@ -1295,6 +1298,15 @@ fn SchemeEcdsa(comptime scheme: tls.SignatureScheme) type {
     };
 }
 
+fn SchemeHash(comptime scheme: tls.SignatureScheme) type {
+    return switch (scheme) {
+        .rsa_pss_rsae_sha256 => crypto.hash.sha2.Sha256,
+        .rsa_pss_rsae_sha384 => crypto.hash.sha2.Sha384,
+        .rsa_pss_rsae_sha512 => crypto.hash.sha2.Sha512,
+        else => @compileError("bad scheme"),
+    };
+}
+
 /// Abstraction for sending multiple byte buffers to a slice of iovecs.
 const VecPut = struct {
     iovecs: []const std.os.iovec,