Merge pull request #15927 from truemedian/http-bugs

std.http: fix infinite read loop, deduplicate connection code, add TlsAlert errors

Author: andrewrk

lib/std/crypto/tls.zig

@@ -138,6 +138,35 @@ pub const AlertLevel = enum(u8) {
 };
 
 pub const AlertDescription = enum(u8) {
+    pub const Error = error{
+        TlsAlertUnexpectedMessage,
+        TlsAlertBadRecordMac,
+        TlsAlertRecordOverflow,
+        TlsAlertHandshakeFailure,
+        TlsAlertBadCertificate,
+        TlsAlertUnsupportedCertificate,
+        TlsAlertCertificateRevoked,
+        TlsAlertCertificateExpired,
+        TlsAlertCertificateUnknown,
+        TlsAlertIllegalParameter,
+        TlsAlertUnknownCa,
+        TlsAlertAccessDenied,
+        TlsAlertDecodeError,
+        TlsAlertDecryptError,
+        TlsAlertProtocolVersion,
+        TlsAlertInsufficientSecurity,
+        TlsAlertInternalError,
+        TlsAlertInappropriateFallback,
+        TlsAlertMissingExtension,
+        TlsAlertUnsupportedExtension,
+        TlsAlertUnrecognizedName,
+        TlsAlertBadCertificateStatusResponse,
+        TlsAlertUnknownPskIdentity,
+        TlsAlertCertificateRequired,
+        TlsAlertNoApplicationProtocol,
+        TlsAlertUnknown,
+    };
+
     close_notify = 0,
     unexpected_message = 10,
     bad_record_mac = 20,
@@ -166,6 +195,39 @@ pub const AlertDescription = enum(u8) {
     certificate_required = 116,
     no_application_protocol = 120,
     _,
+
+    pub fn toError(alert: AlertDescription) Error!void {
+        return switch (alert) {
+            .close_notify => {}, // not an error
+            .unexpected_message => error.TlsAlertUnexpectedMessage,
+            .bad_record_mac => error.TlsAlertBadRecordMac,
+            .record_overflow => error.TlsAlertRecordOverflow,
+            .handshake_failure => error.TlsAlertHandshakeFailure,
+            .bad_certificate => error.TlsAlertBadCertificate,
+            .unsupported_certificate => error.TlsAlertUnsupportedCertificate,
+            .certificate_revoked => error.TlsAlertCertificateRevoked,
+            .certificate_expired => error.TlsAlertCertificateExpired,
+            .certificate_unknown => error.TlsAlertCertificateUnknown,
+            .illegal_parameter => error.TlsAlertIllegalParameter,
+            .unknown_ca => error.TlsAlertUnknownCa,
+            .access_denied => error.TlsAlertAccessDenied,
+            .decode_error => error.TlsAlertDecodeError,
+            .decrypt_error => error.TlsAlertDecryptError,
+            .protocol_version => error.TlsAlertProtocolVersion,
+            .insufficient_security => error.TlsAlertInsufficientSecurity,
+            .internal_error => error.TlsAlertInternalError,
+            .inappropriate_fallback => error.TlsAlertInappropriateFallback,
+            .user_canceled => {}, // not an error
+            .missing_extension => error.TlsAlertMissingExtension,
+            .unsupported_extension => error.TlsAlertUnsupportedExtension,
+            .unrecognized_name => error.TlsAlertUnrecognizedName,
+            .bad_certificate_status_response => error.TlsAlertBadCertificateStatusResponse,
+            .unknown_psk_identity => error.TlsAlertUnknownPskIdentity,
+            .certificate_required => error.TlsAlertCertificateRequired,
+            .no_application_protocol => error.TlsAlertNoApplicationProtocol,
+            _ => error.TlsAlertUnknown,
+        };
+    }
 };
 
 pub const SignatureScheme = enum(u16) {

lib/std/crypto/tls/Client.zig

@@ -89,12 +89,11 @@ pub const StreamInterface = struct {
 };
 
 pub fn InitError(comptime Stream: type) type {
-    return std.mem.Allocator.Error || Stream.WriteError || Stream.ReadError || error{
+    return std.mem.Allocator.Error || Stream.WriteError || Stream.ReadError || tls.AlertDescription.Error || error{
         InsufficientEntropy,
         DiskQuota,
         LockViolation,
         NotOpenForWriting,
-        TlsAlert,
         TlsUnexpectedMessage,
         TlsIllegalParameter,
         TlsDecryptFailure,
@@ -251,8 +250,11 @@ pub fn init(stream: anytype, ca_bundle: Certificate.Bundle, host: []const u8) In
                 const level = ptd.decode(tls.AlertLevel);
                 const desc = ptd.decode(tls.AlertDescription);
                 _ = level;
-                _ = desc;
-                return error.TlsAlert;
+
+                // if this isn't a error alert, then it's a closure alert, which makes no sense in a handshake
+                try desc.toError();
+                // TODO: handle server-side closures
+                return error.TlsUnexpectedMessage;
             },
             .handshake => {
                 try ptd.ensure(4);
@@ -1071,8 +1073,10 @@ pub fn readvAdvanced(c: *Client, stream: anytype, iovecs: []const std.os.iovec)
                 const level = @intToEnum(tls.AlertLevel, frag[in]);
                 const desc = @intToEnum(tls.AlertDescription, frag[in + 1]);
                 _ = level;
-                _ = desc;
-                return error.TlsAlert;
+
+                try desc.toError();
+                // TODO: handle server-side closures
+                return error.TlsUnexpectedMessage;
             },
             .application_data => {
                 const cleartext = switch (c.application_cipher) {
@@ -1112,7 +1116,10 @@ pub fn readvAdvanced(c: *Client, stream: anytype, iovecs: []const std.os.iovec)
                             return vp.total;
                         }
                         _ = level;
-                        return error.TlsAlert;
+
+                        try desc.toError();
+                        // TODO: handle server-side closures
+                        return error.TlsUnexpectedMessage;
                     },
                     .handshake => {
                         var ct_i: usize = 0;