WIP: TLS sockets

This fixes #329.

Changelog: added

Author: yorickpeterse

Cargo.lock

@@ -256,7 +256,11 @@ pub(crate) fn link(
             cmd.arg("-lm");
             cmd.arg("-lpthread");
         }
-        _ => {}
+        OperatingSystem::Mac => {
+            // This is needed for TLS support.
+            cmd.arg("-framework Security");
+            cmd.arg("-framework CoreFoundation");
+        }
     }
 
     let mut static_linking = state.config.static_linking;

compiler/src/linker.rs

@@ -23,6 +23,19 @@ unicode-segmentation = "^1.10"
 backtrace = "^0.3"
 rustix = { version = "^0.38", features = ["fs", "mm", "param", "process", "net", "std", "time", "event"], default-features = false }
 
+# The dependencies needed for TLS support.
+#
+# We use ring instead of the default aws-lc-sys because:
+#
+# 1. aws-lc-sys requires cmake to be installed when building on FreeBSD (and
+#    potentially other platforms), as aws-lc-sys only provides generated
+#    bindings for a limited set of platforms
+# 2. aws-lc-sys increases compile times quite a bit
+# 3. We don't care about FIPS compliance at the time of writing
+rustls = { version = "^0.23", features = ["ring", "tls12", "std"], default-features = false }
+rustls-native-certs = "^0.7"
+rustls-pemfile = "^2.1"
+
 [dependencies.socket2]
 version = "^0.5"
 features = ["all"]

rt/Cargo.toml

@@ -28,6 +28,17 @@ pub(crate) type NetworkPoller = sys::Poller;
 pub(crate) enum Interest {
     Read,
     Write,
+    ReadWrite,
+}
+
+impl Interest {
+    pub(crate) fn new(read: bool, write: bool) -> Interest {
+        match (read, write) {
+            (true, true) => Interest::ReadWrite,
+            (false, true) => Interest::Write,
+            _ => Interest::Read,
+        }
+    }
 }
 
 /// A thread that polls a poller and reschedules processes.

rt/src/network_poller.rs

@@ -11,6 +11,7 @@ fn flags_for(interest: Interest) -> EventFlags {
     let flags = match interest {
         Interest::Read => EventFlags::IN,
         Interest::Write => EventFlags::OUT,
+        Interest::ReadWrite => EventFlags::IN | EventFlags::OUT,
     };
 
     flags | EventFlags::ET | EventFlags::ONESHOT

rt/src/network_poller/epoll.rs

@@ -40,18 +40,24 @@ impl Poller {
         source: impl AsFd,
         interest: Interest,
     ) {
-        let fd = source.as_fd().as_raw_fd();
-        let (add, del) = match interest {
-            Interest::Read => (EventFilter::Read(fd), EventFilter::Write(fd)),
-            Interest::Write => (EventFilter::Write(fd), EventFilter::Read(fd)),
-        };
         let id = process.identifier() as isize;
+        let fd = source.as_fd().as_raw_fd();
         let flags =
             EventFlags::CLEAR | EventFlags::ONESHOT | EventFlags::RECEIPT;
-        let events = [
-            Event::new(add, EventFlags::ADD | flags, id),
-            Event::new(del, EventFlags::DELETE, 0),
-        ];
+        let events = match interest {
+            Interest::Read => [
+                Event::new(EventFilter::Read(fd), EventFlags::ADD | flags, id),
+                Event::new(EventFilter::Write(fd), EventFlags::DELETE, 0),
+            ],
+            Interest::Write => [
+                Event::new(EventFilter::Write(fd), EventFlags::ADD | flags, id),
+                Event::new(EventFilter::Read(fd), EventFlags::DELETE, 0),
+            ],
+            Interest::ReadWrite => [
+                Event::new(EventFilter::Write(fd), EventFlags::ADD | flags, id),
+                Event::new(EventFilter::Read(fd), EventFlags::ADD | flags, id),
+            ],
+        };
 
         self.apply(&events);
     }

rt/src/network_poller/kqueue.rs

@@ -60,7 +60,7 @@ impl Result {
     }
 
     pub(crate) fn io_error(error: io::Error) -> Result {
-        Self::error({ error_to_int(error) } as _)
+        Self::error(error_to_int(error) as _)
     }
 }
 

rt/src/result.rs

@@ -67,6 +67,12 @@ pub unsafe extern "system" fn inko_runtime_new(
     // does for us when compiling an executable.
     signal_sched::block_all();
 
+    // Configure the TLS provider. This must be done once before we start the
+    // program.
+    rustls::crypto::ring::default_provider()
+        .install_default()
+        .expect("failed to set up the default TLS cryptography provider");
+
     Box::into_raw(Box::new(Runtime::new(&*counts, args)))
 }
 

rt/src/runtime.rs

@@ -40,26 +40,6 @@ pub unsafe extern "system" fn inko_env_size(state: *const State) -> i64 {
     (*state).environment.len() as _
 }
 
-#[no_mangle]
-pub unsafe extern "system" fn inko_env_home_directory(
-    state: *const State,
-) -> InkoResult {
-    let state = &*state;
-
-    // Rather than performing all sorts of magical incantations to get the home
-    // directory, we're just going to require that HOME is set.
-    //
-    // If the home is explicitly set to an empty string we still ignore it,
-    // because there's no scenario in which Some("") is useful.
-    state
-        .environment
-        .get("HOME")
-        .filter(|&path| !path.is_empty())
-        .cloned()
-        .map(|v| InkoResult::ok(InkoString::alloc(state.string_class, v) as _))
-        .unwrap_or_else(InkoResult::none)
-}
-
 #[no_mangle]
 pub unsafe extern "system" fn inko_env_temp_directory(
     state: *const State,