| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
As usual, this removes many unused includes and moves used includes
further down the chain.
|
|
We are working with a MemoryStream, so our stream operations shouldn't
ever fail as long as we stay in-bounds, so `MUST` is fine.
|
|
This replaces a mixture of `Result`, `Optional`, and a custom error enum
with our usual `ErrorOr`-based error handling.
|
|
This also removes a few cases where the respective header wasn't
actually required to be included.
|
|
Having an alias function that only wraps another one is silly, and
keeping the more obvious name should flush out more uses of deprecated
strings.
No behavior change.
|
|
|
|
|
|
clang-format sure has some interesting opinions about where to put a
method call that comes after a lambda. :thonk:
|
|
|
|
All of our functions are `_or_error` (or are about to be), and maybe
making it less reminiscient of AK::Stream will make people use it more.
|
|
Next to functions like `is_eof` these were really confusing to use, and
the `read`/`write` functions should fail anyways if a stream is not
readable/writable.
|
|
This will make it easier to support both string types at the same time
while we convert code, and tracking down remaining uses.
One big exception is Value::to_string() in LibJS, where the name is
dictated by the ToString AO.
|
|
We have a new, improved string type coming up in AK (OOM aware, no null
state), and while it's going to use UTF-8, the name UTF8String is a
mouthful - so let's free up the String name by renaming the existing
class.
Making the old one have an annoying name will hopefully also help with
quick adoption :^)
|
|
|
|
|
|
Otherwise, we end up propagating those dependencies into targets that
link against that library, which creates unnecessary link-time
dependencies.
Also included are changes to readd now missing dependencies to tools
that actually need them.
|
|
|
|
LLVM 15 now warns (and thus errors) about this, and there is really no
point in keeping them.
|
|
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).
No functional changes.
|
|
Error::from_string_literal now takes direct char const*s, while
Error::from_string_view does what Error::from_string_literal used to do:
taking StringViews. This change will remove the need to insert `sv`
after error strings when returning string literal errors once
StringView(char const*) is removed.
No functional changes.
|
|
|
|
|
|
Subject alternative name entries containing IP addresses will now be
parsed and added to the list of SANs. This should allow for certificate
verification when accessing IP addresses directly.
|
|
With this option enabled self-signed certificates will be accepted,
eventhough they cannot be verified.
|
|
Root and intermediate CA certificates should have these extensions set
to indicate that they are allowed to sign other certificates. The values
reported in these extensions is now also checked by `verify_chain` to
make sure no non-CA certificates are used to sign another certificate.
The certificate parser now also aborts when a critical extension is
detected which is unsupported, as is required by the specification.
|
|
The ASN.1 decoder was originally using AK::BitmapView for decoded
BitStrings, however the specification requires that the bits are stored
in a byte from the most significant to the least significant.
Storing three bits '110' would result in a byte '1100 0000', i.e. 0xC0.
However, AK::BitmapView expects the bits to be stored at the bottom like
'0000 0110', i.e. 0x06. For the current uses the data was always a
multiple of eight bits, resulting in complete bytes, which could
directly be interpreted correctly.
For the implementation of the key usage extension of certificates the
correct implementation of the BitString is required.
|
|
The wildcard specified in a certificates subject can only match a single
level of subdomains. Originally, this function could match multiple
levels of subdomains with a single "*.".
As an example, https://wrong.host.badssl.com/ should fail to load, as
the certificate provided by the server only specifies "*.badssl.com".
However this was correctly matching anyway. With this change this page
now correctly fails to load.
|
|
|
|
The `build_rsa_pre_master_secret` function originally called
`verify_chain_and_get_matching_certificate`, which verified the chain
and returned a certificate matching the specified hostname.
Since the first certificate in the chain should always be the one
matching with the hostname, we can simply use that one instead. This
means we can completely remove this method and just use `verify_chain`.
To make sure the hostname is still verified, `verify_chain` now also
checks that the first certificate in the chain matches the specified
hostname. If the hostname is empty, we currently fail the verification,
however this basically never happen, as the server name indication
extension is always used.
|
|
With this change the certificate chain sent by the server will actually
be verified, instead of just checking the names of the certificates.
To determine if a certificate is signed by a root certificate, the list
of root certificates is now a HashMap mapping from the unique identifier
string to the certificate. This allows us to take the issuer of a
certificate and easily check if it is a root certificate. If a
certificate is not signed by a root certificate, we will check that it
is signed by the next certificate in the chain.
This also removes the ad-hoc checking of certificate validity from
multiple places, and moves all checking to the verify_chain.
|
|
This part of the certificate was originally just skipped, however it
will be needed to check the validity of the certificate.
|
|
The CA certificates list now contains the actual certificate data for
approximatly a hundred certificate authorities. These certificates were
generated from https://mkcert.org, which uses the Mozilla CA certificate
list.
This also updates the code for reading the CA certificates.
|
|
The RSA key exchange was the only one actually verifying the validity of
the certificate chain supplied by the server. Now the DHE and ECDHE key
exchanges also check the certificate chain.
|
|
A mistake I've repeatedly made is along these lines:
```c++
auto nread = TRY(source_file->read(buffer));
TRY(destination_file->write(buffer));
```
It's a little clunky to have to create a Bytes or StringView from the
buffer's data pointer and the nread, and easy to forget and just use
the buffer. So, this patch changes the read() function to return a
Bytes of the data that were just read.
The other read_foo() methods will be modified in the same way in
subsequent commits.
Fixes #13687
|
|
Since all types and class names live in the DNS namespace, we don't
need to spell it out twice each time.
|
|
LibTLS does not want to be blocked.
|
|
|
|
When the server doesn't signal the Content-Length or use a chunked mode,
it may just terminate the connection after sending the data.
The TLS sockets would then get stuck in a state with no data to read and
not reach the disconnected state, making some requests hang.
We know double check the EOF status of HTTP jobs after reading the
payload to resolve requests properly and also mark the TLS sockets as
EOF after processing all the data and the underlying TCP socket reaches
EOF.
Fixes #12866.
|
|
Add the required methods to SECP256r1 to conform to the EllipticCurve
virtual base class. Using this updated version of SECP256r1, support in
LibTLS is implemented.
|
|
These changes generalize the interface with an elliptic curve
implementation. This allows LibTLS to support elliptic curves generally
without needing the specifics of elliptic curve implementations.
This should allow for easier addition of other elliptic curves.
|
|
|
|
This will verify that the signature of the ephemeral key used in the
DHE and ECDHE key exchanges is actually generated by the server.
This verification is done using the first certificate provided by the
server, however the validity of this certificate is not checked here.
Instead this code expects the validity to be checked earlier by
`TLSv12::handle_certificate`.
|
|
NotUnderstood will generate a TLS alert with an InternalError instead of
crashing the RequestServer.
|
|
|
|
This adds support for the Elliptic Curve Diffie-Hellman Ephemeral key
exchange, using the X25519 elliptic curve. This means that the
ECDHE_RSA_WITH_AES_128_GCM_SHA256 and ECDHE_RSA_WITH_AES_256_GCM_SHA384
cipher suites are now supported.
Currently, only the X25519 elliptic curve is supported in combination
with the uncompressed elliptic curve point format. However, since the
X25519 is the recommended curve, basically every server supports this.
Furthermore, the uncompressed point format is required by the TLS
specification, which means any server with EC support will support the
uncompressed format.
Like the implementation of the normal Diffie-Hellman Ephemeral key
exchange, this implementation does not currently validate the signature
of the public key sent by the server.
|
|
I've attempted to handle the errors gracefully where it was clear how to
do so, and simple, but a lot of this was just adding
`release_value_but_fixme_should_propagate_errors()` in places.
|
|
|
