error: sync with upstream Rustls error changes

* `Error::InvalidCertificate(CertificateError)` gained a new `CertificateError::ExpiredRevocationList`. * `InvalidMessage(InvalidMessage)` gained a new `InvalidMessage::CertificatePayloadTooLarge`. * New `Error::InconsistentKeys(InconsistentKeys)`. * New `Error::InvalidEncryptedClientHello(EncryptedClientHelloError)`.
rustls · Oct 4, 2024 · 4b48d53 · 4b48d53
1 parent 1e9d925
commit 4b48d53
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 3 deletions.
diff --git a/src/error.rs b/src/error.rs
@@ -5,7 +5,10 @@ use std::sync::Arc;
 use crate::ffi_panic_boundary;
 use libc::{c_char, c_uint, size_t};
 use rustls::server::VerifierBuilderError;
-use rustls::{CertRevocationListError, CertificateError, Error, InvalidMessage};
+use rustls::{
+    CertRevocationListError, CertificateError, EncryptedClientHelloError, Error, InconsistentKeys,
+    InvalidMessage,
+};
 
 /// A return value for a function that may return either success (0) or a
 /// non-zero value representing an error.
@@ -98,7 +101,8 @@ u32_enum_builder! {
         CertInvalidPurpose => 7129,
         CertApplicationVerificationFailure => 7130,
         CertOtherError => 7131,
-        CertUnknownRevocationStatus => 7154, // Last added.
+        CertUnknownRevocationStatus => 7154,
+        CertExpiredRevocationList => 7156, // Last added.
 
         // From InvalidMessage, with fields that get flattened.
         // https://docs.rs/rustls/0.21.0/rustls/enum.Error.html#variant.InvalidMessage
@@ -123,6 +127,7 @@ u32_enum_builder! {
         MessageUnsupportedCurveType => 7151,
         MessageUnsupportedKeyExchangeAlgorithm => 7152,
         MessageInvalidOther => 7153,
+        MessageCertificatePayloadTooLarge => 7155,
 
         // From Error, with fields that get dropped.
         PeerIncompatibleError => 7107,
@@ -191,7 +196,16 @@ u32_enum_builder! {
         CertRevocationListUnsupportedRevocationReason => 7410,
 
         // From ClientCertVerifierBuilderError, with fields that get flattened.
-        ClientCertVerifierBuilderNoRootAnchors => 7500
+        ClientCertVerifierBuilderNoRootAnchors => 7500,
+
+        // From InconsistentKeys, with fields that get flattened.
+        InconsistentKeysKeysMismatch => 7600,
+        InconsistentKeysUnknown => 7601,
+
+        // From InvalidEncryptedClientHello, with fields that get flattened.
+        InvalidEncryptedClientHelloInvalidConfigList => 7700,
+        InvalidEncryptedClientHelloNoCompatibleConfig => 7701,
+        InvalidEncryptedClientHelloSniRequired => 7702
     }
 }
 
@@ -268,6 +282,7 @@ pub(crate) fn cert_result_to_error(result: rustls_result) -> Error {
         CertApplicationVerificationFailure => {
             InvalidCertificate(CertificateError::ApplicationVerificationFailure)
         }
+        CertExpiredRevocationList => InvalidCertificate(CertificateError::ExpiredRevocationList),
         CertOtherError => InvalidCertificate(CertificateError::Other(OtherError(Arc::from(
             Box::from(""),
         )))),
@@ -320,6 +335,7 @@ pub(crate) fn map_error(input: Error) -> rustls_result {
 
         Error::InvalidMessage(e) => match e {
             InvalidMessage::HandshakePayloadTooLarge => MessageHandshakePayloadTooLarge,
+            InvalidMessage::CertificatePayloadTooLarge => MessageCertificatePayloadTooLarge,
             InvalidMessage::InvalidCcs => MessageInvalidCcs,
             InvalidMessage::InvalidContentType => MessageInvalidContentType,
             InvalidMessage::InvalidCertificateStatusType => MessageInvalidCertStatusType,
@@ -357,6 +373,7 @@ pub(crate) fn map_error(input: Error) -> rustls_result {
             CertificateError::UnhandledCriticalExtension => CertUnhandledCriticalExtension,
             CertificateError::UnknownIssuer => CertUnknownIssuer,
             CertificateError::UnknownRevocationStatus => CertUnknownRevocationStatus,
+            CertificateError::ExpiredRevocationList => CertExpiredRevocationList,
             CertificateError::BadSignature => CertBadSignature,
             CertificateError::NotValidForName => CertNotValidForName,
             CertificateError::InvalidPurpose => CertInvalidPurpose,
@@ -407,6 +424,9 @@ pub(crate) fn map_error(input: Error) -> rustls_result {
 
         Error::InvalidCertRevocationList(e) => map_crl_error(e),
 
+        Error::InconsistentKeys(InconsistentKeys::KeyMismatch) => InconsistentKeysKeysMismatch,
+        Error::InconsistentKeys(InconsistentKeys::Unknown) => InconsistentKeysUnknown,
+
         _ => General,
     }
 }
@@ -525,6 +545,9 @@ impl Display for rustls_result {
             CertUnknownRevocationStatus => {
                 Error::InvalidCertificate(CertificateError::UnknownRevocationStatus).fmt(f)
             }
+            CertExpiredRevocationList => {
+                Error::InvalidCertificate(CertificateError::ExpiredRevocationList).fmt(f)
+            }
             CertOtherError => write!(f, "unknown certificate error"),
 
             // These variants correspond to a rustls::Error variant with a field,
@@ -536,6 +559,9 @@ impl Display for rustls_result {
             MessageHandshakePayloadTooLarge => {
                 Error::InvalidMessage(InvalidMessage::HandshakePayloadTooLarge).fmt(f)
             }
+            MessageCertificatePayloadTooLarge => {
+                Error::InvalidMessage(InvalidMessage::CertificatePayloadTooLarge).fmt(f)
+            }
             MessageInvalidContentType => {
                 Error::InvalidMessage(InvalidMessage::InvalidContentType).fmt(f)
             }
@@ -692,6 +718,23 @@ impl Display for rustls_result {
             .fmt(f),
 
             ClientCertVerifierBuilderNoRootAnchors => write!(f, "no root trust anchors provided"),
+
+            InconsistentKeysKeysMismatch => {
+                Error::InconsistentKeys(InconsistentKeys::KeyMismatch).fmt(f)
+            }
+            InconsistentKeysUnknown => Error::InconsistentKeys(InconsistentKeys::Unknown).fmt(f),
+
+            InvalidEncryptedClientHelloInvalidConfigList => {
+                Error::InvalidEncryptedClientHello(EncryptedClientHelloError::InvalidConfigList)
+                    .fmt(f)
+            }
+            InvalidEncryptedClientHelloNoCompatibleConfig => {
+                Error::InvalidEncryptedClientHello(EncryptedClientHelloError::NoCompatibleConfig)
+                    .fmt(f)
+            }
+            InvalidEncryptedClientHelloSniRequired => {
+                Error::InvalidEncryptedClientHello(EncryptedClientHelloError::SniRequired).fmt(f)
+            }
         }
     }
 }
diff --git a/src/rustls.h b/src/rustls.h
@@ -49,6 +49,7 @@ enum rustls_result {
   RUSTLS_RESULT_CERT_APPLICATION_VERIFICATION_FAILURE = 7130,
   RUSTLS_RESULT_CERT_OTHER_ERROR = 7131,
   RUSTLS_RESULT_CERT_UNKNOWN_REVOCATION_STATUS = 7154,
+  RUSTLS_RESULT_CERT_EXPIRED_REVOCATION_LIST = 7156,
   RUSTLS_RESULT_MESSAGE_HANDSHAKE_PAYLOAD_TOO_LARGE = 7133,
   RUSTLS_RESULT_MESSAGE_INVALID_CCS = 7134,
   RUSTLS_RESULT_MESSAGE_INVALID_CONTENT_TYPE = 7135,
@@ -70,6 +71,7 @@ enum rustls_result {
   RUSTLS_RESULT_MESSAGE_UNSUPPORTED_CURVE_TYPE = 7151,
   RUSTLS_RESULT_MESSAGE_UNSUPPORTED_KEY_EXCHANGE_ALGORITHM = 7152,
   RUSTLS_RESULT_MESSAGE_INVALID_OTHER = 7153,
+  RUSTLS_RESULT_MESSAGE_CERTIFICATE_PAYLOAD_TOO_LARGE = 7155,
   RUSTLS_RESULT_PEER_INCOMPATIBLE_ERROR = 7107,
   RUSTLS_RESULT_PEER_MISBEHAVED_ERROR = 7108,
   RUSTLS_RESULT_INAPPROPRIATE_MESSAGE = 7109,
@@ -122,6 +124,11 @@ enum rustls_result {
   RUSTLS_RESULT_CERT_REVOCATION_LIST_UNSUPPORTED_INDIRECT_CRL = 7409,
   RUSTLS_RESULT_CERT_REVOCATION_LIST_UNSUPPORTED_REVOCATION_REASON = 7410,
   RUSTLS_RESULT_CLIENT_CERT_VERIFIER_BUILDER_NO_ROOT_ANCHORS = 7500,
+  RUSTLS_RESULT_INCONSISTENT_KEYS_KEYS_MISMATCH = 7600,
+  RUSTLS_RESULT_INCONSISTENT_KEYS_UNKNOWN = 7601,
+  RUSTLS_RESULT_INVALID_ENCRYPTED_CLIENT_HELLO_INVALID_CONFIG_LIST = 7700,
+  RUSTLS_RESULT_INVALID_ENCRYPTED_CLIENT_HELLO_NO_COMPATIBLE_CONFIG = 7701,
+  RUSTLS_RESULT_INVALID_ENCRYPTED_CLIENT_HELLO_SNI_REQUIRED = 7702,
 };
 typedef uint32_t rustls_result;