std.crypto.tls: rework for new std.Io API

2025-12-09 15:53:08 +00:00 · 2025-08-01 00:13:28 -07:00 · 2025-08-01 00:13:28 -07:00 · 28190cc404
commit 28190cc404
parent 02908a2d8c
4 changed files with 502 additions and 949 deletions
--- a/lib/std/Io/Reader.zig
+++ b/lib/std/Io/Reader.zig
@ -1306,31 +1306,6 @@ pub fn defaultRebase(r: *Reader, capacity: usize) RebaseError!void {
    r.end = data.len;
 }
 /// Advances the stream and decreases the size of the storage buffer by `n`,
 /// returning the range of bytes no longer accessible by `r`.
 ///
 /// This action can be undone by `restitute`.
 ///
 /// Asserts there are at least `n` buffered bytes already.
 ///
 /// Asserts that `r.seek` is zero, i.e. the buffer is in a rebased state.
 pub fn steal(r: *Reader, n: usize) []u8 {
    assert(r.seek == 0);
    assert(n <= r.end);
    const stolen = r.buffer[0..n];
    r.buffer = r.buffer[n..];
    r.end -= n;
    return stolen;
 }
 /// Expands the storage buffer, undoing the effects of `steal`
 /// Assumes that `n` does not exceed the total number of stolen bytes.
 pub fn restitute(r: *Reader, n: usize) void {
    r.buffer = (r.buffer.ptr - n)[0 .. r.buffer.len + n];
    r.end += n;
    r.seek += n;
 }
 test fixed {
    var r: Reader = .fixed("a\x02");
    try testing.expect((try r.takeByte()) == 'a');
--- a/lib/std/crypto/tls.zig
+++ b/lib/std/crypto/tls.zig
@ -49,8 +49,8 @@ pub const hello_retry_request_sequence = [32]u8{
 };
 pub const close_notify_alert = [_]u8{
-    @intFromEnum(AlertLevel.warning),
+    @intFromEnum(Alert.Level.warning),
-    @intFromEnum(AlertDescription.close_notify),
+    @intFromEnum(Alert.Description.close_notify),
 };
 pub const ProtocolVersion = enum(u16) {
@ -138,13 +138,17 @@ pub const ExtensionType = enum(u16) {
    _,
 };
-pub const AlertLevel = enum(u8) {
+pub const Alert = struct {
    level: Level,
    description: Description,
    pub const Level = enum(u8) {
        warning = 1,
        fatal = 2,
        _,
-};
+    };
-pub const AlertDescription = enum(u8) {
+    pub const Description = enum(u8) {
        pub const Error = error{
            TlsAlertUnexpectedMessage,
            TlsAlertBadRecordMac,
@ -203,8 +207,8 @@ pub const AlertDescription = enum(u8) {
        no_application_protocol = 120,
        _,
-    pub fn toError(alert: AlertDescription) Error!void {
+        pub fn toError(description: Description) Error!void {
-        switch (alert) {
+            switch (description) {
                .close_notify => {}, // not an error
                .unexpected_message => return error.TlsAlertUnexpectedMessage,
                .bad_record_mac => return error.TlsAlertBadRecordMac,
@ -235,6 +239,7 @@ pub const AlertDescription = enum(u8) {
                _ => return error.TlsAlertUnknown,
            }
        }
    };
 };
 pub const SignatureScheme = enum(u16) {
@ -650,7 +655,7 @@ pub const Decoder = struct {
    }
    /// Use this function to increase `their_end`.
-    pub fn readAtLeast(d: *Decoder, stream: anytype, their_amt: usize) !void {
+    pub fn readAtLeast(d: *Decoder, stream: *std.io.Reader, their_amt: usize) !void {
        assert(!d.disable_reads);
        const existing_amt = d.cap - d.idx;
        d.their_end = d.idx + their_amt;
@ -658,14 +663,16 @@ pub const Decoder = struct {
        const request_amt = their_amt - existing_amt;
        const dest = d.buf[d.cap..];
        if (request_amt > dest.len) return error.TlsRecordOverflow;
-        const actual_amt = try stream.readAtLeast(dest, request_amt);
+        stream.readSlice(dest[0..request_amt]) catch |err| switch (err) {
-        if (actual_amt < request_amt) return error.TlsConnectionTruncated;
+            error.EndOfStream => return error.TlsConnectionTruncated,
-        d.cap += actual_amt;
+            error.ReadFailed => return error.ReadFailed,
        };
        d.cap += request_amt;
    }
    /// Same as `readAtLeast` but also increases `our_end` by exactly `our_amt`.
    /// Use when `our_amt` is calculated by us, not by them.
-    pub fn readAtLeastOurAmt(d: *Decoder, stream: anytype, our_amt: usize) !void {
+    pub fn readAtLeastOurAmt(d: *Decoder, stream: *std.io.Reader, our_amt: usize) !void {
        assert(!d.disable_reads);
        try readAtLeast(d, stream, our_amt);
        d.our_end = d.idx + our_amt;
--- a/lib/std/crypto/tls/Client.zig
+++ b/lib/std/crypto/tls/Client.zig
--- a/lib/std/http.zig
+++ b/lib/std/http.zig
@ -343,10 +343,9 @@ pub const Reader = struct {
    /// read from `in`.
    trailers: []const u8 = &.{},
    body_err: ?BodyError = null,
-    /// Stolen from `in`.
+    /// Determines at which point `error.HttpHeadersOversize` occurs, as well
-    head_buffer: []u8 = &.{},
+    /// as the minimum buffer capacity of `in`.
-
+    max_head_len: usize,
    pub const max_chunk_header_len = 22;
    pub const RemainingChunkLen = enum(u64) {
        head = 0,
@ -398,19 +397,11 @@ pub const Reader = struct {
        ReadFailed,
    };
-    pub fn restituteHeadBuffer(reader: *Reader) void {
+    /// Buffers the entire head.
        reader.in.restitute(reader.head_buffer.len);
        reader.head_buffer.len = 0;
    }
    /// Buffers the entire head into `head_buffer`, invalidating the previous
    /// `head_buffer`, if any.
    pub fn receiveHead(reader: *Reader) HeadError!void {
        reader.trailers = &.{};
        const in = reader.in;
-        in.restitute(reader.head_buffer.len);
+        try in.rebase(reader.max_head_len);
        reader.head_buffer.len = 0;
        in.rebase();
        var hp: HeadParser = .{};
        var head_end: usize = 0;
        while (true) {