Add support for TLS sockets

This adds the module std.net.tls and refactors std.net.socket in various
places, such that we can provide support for TLS 1.2 and TLS 1.3.

The TLS stack is backed by Rustls (https://github.com/rustls/rustls). My
original plan was to write the stack in Inko, but I deemed this far too
time consuming and not beneficial for users (compared to using an
existing mature stack). I also experimented with OpenSSL, but using
OpenSSL is like walking through a minefield, and its API is a pain to
use (in part due to its use of global and thread-local state).

Rustls is compiled such that it uses the "ring" backend instead of
aws-lc. This is done because aws-lc requires additional dependencies on
FreeBSD, and increases compile times significantly (about 30 seconds or
so). While performance of TLS 1.3 is less ideal when using ring compared
to using aws-lc (rustls/rustls#1751), it
should still be good enough (and still be much faster compared to using
OpenSSL).

A downside of using Rustls is that the executable sizes increase by
about 6 MiB (or 2 MiB when stripping them), due to the extra code
introduced by Rustls and its dependencies. Sadly we can't avoid this
unless we use OpenSSL, which introduces far more pressing issues.

For certificate validation we use a patched version of the
rustls-platform-verifier crate. The patched version strips the code we
don't need (mostly so we don't get tons of "this code is unused"
warnings and what not), and patches the macOS code to account for the
system verification process being (potentially) slow by using the
`Process::blocking` method.

This fixes #329.

Changelog: added

Author: yorickpeterse

Cargo.lock

@@ -256,7 +256,13 @@ pub(crate) fn link(
             cmd.arg("-lm");
             cmd.arg("-lpthread");
         }
-        _ => {}
+        OperatingSystem::Mac => {
+            // This is needed for TLS support.
+            for name in ["Security", "CoreFoundation"] {
+                cmd.arg("-framework");
+                cmd.arg(name);
+            }
+        }
     }
 
     let mut static_linking = state.config.static_linking;

compiler/src/linker.rs

@@ -23,6 +23,35 @@ unicode-segmentation = "^1.10"
 backtrace = "^0.3"
 rustix = { version = "^0.38", features = ["fs", "mm", "param", "process", "net", "std", "time", "event"], default-features = false }
 
+# The dependencies needed for TLS support.
+#
+# We use ring instead of the default aws-lc-sys because:
+#
+# 1. aws-lc-sys requires cmake to be installed when building on FreeBSD (and
+#    potentially other platforms), as aws-lc-sys only provides generated
+#    bindings for a limited set of platforms
+# 2. aws-lc-sys increases compile times quite a bit
+# 3. We don't care about FIPS compliance at the time of writing
+rustls = { version = "^0.23", features = ["ring", "tls12", "std"], default-features = false }
+rustls-pemfile = "^2.1"
+
+# These dependencies are used by the customized version of
+# rustls-platform-modifier. We include a custom version so we can deal with the
+# platform verification process being potentially slow. See
+# https://github.com/rustls/rustls/issues/850 and
+# https://github.com/inko-lang/inko/issues/329 for more details.
+once_cell = "1.9"
+
+[target.'cfg(all(unix, not(target_os = "macos"), not(target_os = "ios"), not(target_os = "tvos")))'.dependencies]
+rustls-native-certs = "0.7"
+webpki = { package = "rustls-webpki", version = "0.102", default-features = false }
+
+[target.'cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos"))'.dependencies]
+core-foundation = "0.9"
+core-foundation-sys = "0.8"
+security-framework = { version = "2.10", features = ["OSX_10_14"] }
+security-framework-sys = { version = "2.10", features = ["OSX_10_14"] }
+
 [dependencies.socket2]
 version = "^0.5"
 features = ["all"]

rt/Cargo.toml

@@ -3,21 +3,22 @@
 #![allow(clippy::missing_safety_doc)]
 #![allow(clippy::too_many_arguments)]
 
-pub mod macros;
+mod macros;
 
-pub mod arc_without_weak;
-pub mod config;
-pub mod context;
-pub mod mem;
-pub mod memory_map;
-pub mod network_poller;
-pub mod process;
-pub mod result;
-pub mod runtime;
-pub mod scheduler;
-pub mod socket;
-pub mod stack;
-pub mod state;
+mod arc_without_weak;
+mod config;
+mod context;
+mod mem;
+mod memory_map;
+mod network_poller;
+mod process;
+mod result;
+mod runtime;
+mod rustls_platform_verifier;
+mod scheduler;
+mod socket;
+mod stack;
+mod state;
 
 #[cfg(test)]
 pub mod test;

rt/src/lib.rs

@@ -25,6 +25,7 @@ const CAPACITY: usize = 1024;
 pub(crate) type NetworkPoller = sys::Poller;
 
 /// The type of event a poller should wait for.
+#[derive(Debug)]
 pub(crate) enum Interest {
     Read,
     Write,

rt/src/network_poller.rs

@@ -40,18 +40,20 @@ impl Poller {
         source: impl AsFd,
         interest: Interest,
     ) {
-        let fd = source.as_fd().as_raw_fd();
-        let (add, del) = match interest {
-            Interest::Read => (EventFilter::Read(fd), EventFilter::Write(fd)),
-            Interest::Write => (EventFilter::Write(fd), EventFilter::Read(fd)),
-        };
         let id = process.identifier() as isize;
+        let fd = source.as_fd().as_raw_fd();
         let flags =
             EventFlags::CLEAR | EventFlags::ONESHOT | EventFlags::RECEIPT;
-        let events = [
-            Event::new(add, EventFlags::ADD | flags, id),
-            Event::new(del, EventFlags::DELETE, 0),
-        ];
+        let events = match interest {
+            Interest::Read => [
+                Event::new(EventFilter::Read(fd), EventFlags::ADD | flags, id),
+                Event::new(EventFilter::Write(fd), EventFlags::DELETE, 0),
+            ],
+            Interest::Write => [
+                Event::new(EventFilter::Write(fd), EventFlags::ADD | flags, id),
+                Event::new(EventFilter::Read(fd), EventFlags::DELETE, 0),
+            ],
+        };
 
         self.apply(&events);
     }

rt/src/network_poller/kqueue.rs

@@ -4,7 +4,6 @@ use crate::scheduler::process::Thread;
 use crate::scheduler::timeouts::Timeout;
 use crate::stack::Stack;
 use crate::state::State;
-use backtrace;
 use std::alloc::{alloc, dealloc, handle_alloc_error, Layout};
 use std::cell::UnsafeCell;
 use std::collections::VecDeque;

rt/src/process.rs

@@ -13,7 +13,11 @@ pub(crate) fn error_to_int(error: io::Error) -> i64 {
         // raw_os_error() above returns a None.
         Errno::TIMEDOUT.raw_os_error()
     } else {
-        -1
+        match error.kind() {
+            io::ErrorKind::InvalidData => -2,
+            io::ErrorKind::UnexpectedEof => -3,
+            _ => -1,
+        }
     };
 
     code as i64
@@ -60,7 +64,7 @@ impl Result {
     }
 
     pub(crate) fn io_error(error: io::Error) -> Result {
-        Self::error({ error_to_int(error) } as _)
+        Self::error(error_to_int(error) as _)
     }
 }
 

rt/src/result.rs

@@ -14,6 +14,7 @@ mod stdio;
 mod string;
 mod sys;
 mod time;
+mod tls;
 
 use crate::config::Config;
 use crate::mem::ClassPointer;
@@ -67,6 +68,12 @@ pub unsafe extern "system" fn inko_runtime_new(
     // does for us when compiling an executable.
     signal_sched::block_all();
 
+    // Configure the TLS provider. This must be done once before we start the
+    // program.
+    rustls::crypto::ring::default_provider()
+        .install_default()
+        .expect("failed to set up the default TLS cryptography provider");
+
     Box::into_raw(Box::new(Runtime::new(&*counts, args)))
 }
 

rt/src/runtime.rs

@@ -40,26 +40,6 @@ pub unsafe extern "system" fn inko_env_size(state: *const State) -> i64 {
     (*state).environment.len() as _
 }
 
-#[no_mangle]
-pub unsafe extern "system" fn inko_env_home_directory(
-    state: *const State,
-) -> InkoResult {
-    let state = &*state;
-
-    // Rather than performing all sorts of magical incantations to get the home
-    // directory, we're just going to require that HOME is set.
-    //
-    // If the home is explicitly set to an empty string we still ignore it,
-    // because there's no scenario in which Some("") is useful.
-    state
-        .environment
-        .get("HOME")
-        .filter(|&path| !path.is_empty())
-        .cloned()
-        .map(|v| InkoResult::ok(InkoString::alloc(state.string_class, v) as _))
-        .unwrap_or_else(InkoResult::none)
-}
-
 #[no_mangle]
 pub unsafe extern "system" fn inko_env_temp_directory(
     state: *const State,

rt/src/runtime/env.rs

@@ -1,3 +1,9 @@
+use crate::context;
+use crate::network_poller::Interest;
+use crate::process::ProcessPointer;
+use crate::scheduler::timeouts::Timeout;
+use crate::socket::Socket;
+use crate::state::State;
 use std::io::{self, Read};
 
 /// Reads a number of bytes from a buffer into a Vec.
@@ -14,3 +20,48 @@ pub(crate) fn read_into<T: Read>(
 
     Ok(read as i64)
 }
+
+pub(crate) fn poll(
+    state: &State,
+    mut process: ProcessPointer,
+    socket: &mut Socket,
+    interest: Interest,
+    deadline: i64,
+) -> io::Result<()> {
+    let poll_id = unsafe { process.thread() }.network_poller;
+
+    // We must keep the process' state lock open until everything is registered,
+    // otherwise a timeout thread may reschedule the process (i.e. the timeout
+    // is very short) before we finish registering the socket with a poller.
+    {
+        let mut proc_state = process.state();
+
+        // A deadline of -1 signals that we should wait indefinitely.
+        if deadline >= 0 {
+            let time = Timeout::until(deadline as u64);
+
+            proc_state.waiting_for_io(Some(time.clone()));
+            state.timeout_worker.suspend(process, time);
+        } else {
+            proc_state.waiting_for_io(None);
+        }
+
+        socket.register(state, process, poll_id, interest);
+    }
+
+    // Safety: the current thread is holding on to the process' run lock, so if
+    // the process gets rescheduled onto a different thread, said thread won't
+    // be able to use it until we finish this context switch.
+    unsafe { context::switch(process) };
+
+    if process.timeout_expired() {
+        // The socket is still registered at this point, so we have to
+        // deregister first. If we don't and suspend for another IO operation,
+        // the poller could end up rescheduling the process multiple times (as
+        // there are multiple events still in flight for the process).
+        socket.deregister(state);
+        return Err(io::Error::from(io::ErrorKind::TimedOut));
+    }
+
+    Ok(())
+}