diff options
Diffstat (limited to 'src/http/async_socket.zig')
| -rw-r--r-- | src/http/async_socket.zig | 493 |
1 files changed, 364 insertions, 129 deletions
diff --git a/src/http/async_socket.zig b/src/http/async_socket.zig index 83ee904aa..84b024dfd 100644 --- a/src/http/async_socket.zig +++ b/src/http/async_socket.zig @@ -15,6 +15,10 @@ const SOCKET_FLAGS: u32 = @import("../http_client_async.zig").SOCKET_FLAGS; const getAllocator = @import("../http_client_async.zig").getAllocator; const OPEN_SOCKET_FLAGS: u32 = @import("../http_client_async.zig").OPEN_SOCKET_FLAGS; +const SSLFeatureFlags = struct { + pub const early_data_enabled = true; +}; + io: *AsyncIO = undefined, socket: std.os.socket_t = 0, head: *AsyncMessage = undefined, @@ -278,21 +282,64 @@ pub fn read( return this.read_offset - original_read_offset; } +pub fn Yield(comptime Type: anytype) type { + return struct { + frame: @Frame(Type) = undefined, + wait: bool = false, + + pub fn set(this: *@This(), frame: anytype) void { + this.wait = true; + this.frame = frame.*; + } + + pub fn maybeResume(this: *@This()) void { + if (!this.wait) return; + this.wait = false; + resume this.frame; + } + }; +} + pub const SSL = struct { ssl: *boring.SSL = undefined, ssl_loaded: bool = false, socket: AsyncSocket, handshake_complete: bool = false, ssl_bio: ?*AsyncBIO = null, - read_bio: ?*AsyncMessage = null, - handshake_frame: @Frame(SSL.handshake) = undefined, - send_frame: @Frame(SSL.send) = undefined, - read_frame: @Frame(SSL.read) = undefined, + unencrypted_bytes_to_send: ?*AsyncMessage = null, + connect_frame: Yield(SSL.handshake) = Yield(SSL.handshake){}, + send_frame: Yield(SSL.send) = Yield(SSL.send){}, + read_frame: Yield(SSL.read) = Yield(SSL.read){}, + hostname: [std.fs.MAX_PATH_BYTES]u8 = undefined, is_ssl: bool = false, + handshake_state: HandshakeState = HandshakeState.none, + next_handshake_state: HandshakeState = HandshakeState.none, + first_posthandshake_write: bool = true, + in_confirm_handshake: bool = false, + completed_connect: bool = false, + disconnected: bool = false, + + pending_write_buffer: []const u8 = &[_]u8{}, + pending_read_buffer: []u8 = &[_]u8{}, + pending_read_result: anyerror!u32 = 0, + pending_write_result: anyerror!u32 = 0, + + first_post_handshake_write: bool = true, + + handshake_result: ?anyerror = null, + + peek_complete: bool = false, + + pub const HandshakeState = enum { + none, + handshake, + complete, + }; + const SSLConnectError = ConnectError || HandshakeError; - const HandshakeError = error{OpenSSLError}; + const HandshakeError = error{ ClientCertNeeded, OpenSSLError, WouldBlock }; pub fn connect(this: *SSL, name: []const u8, port: u16) !void { this.is_ssl = true; @@ -309,6 +356,10 @@ pub const SSL = struct { this.ssl = undefined; } + // SNI should only contain valid DNS hostnames, not IP addresses (see RFC + // 6066, Section 3). + // + // See https://crbug.com/496472 and https://crbug.com/496468 for discussion. { std.mem.copy(u8, &this.hostname, name); this.hostname[name.len] = 0; @@ -317,168 +368,352 @@ pub const SSL = struct { } var bio = try AsyncBIO.init(this.socket.allocator); + errdefer bio.release(); + bio.onReady = AsyncBIO.Callback.Wrap(SSL, SSL.retryAll).get(this); bio.socket_fd = this.socket.socket; this.ssl_bio = bio; boring.SSL_set_bio(ssl, bio.bio, bio.bio); - this.read_bio = AsyncMessage.get(this.socket.allocator); + // boring.SSL_set_early_data_enabled(ssl, 1); + _ = boring.SSL_clear_options(ssl, boring.SSL_OP_NO_COMPRESSION | boring.SSL_OP_LEGACY_SERVER_CONNECT); + _ = boring.SSL_set_options(ssl, boring.SSL_OP_NO_COMPRESSION | boring.SSL_OP_LEGACY_SERVER_CONNECT); + const mode = boring.SSL_MODE_RELEASE_BUFFERS | boring.SSL_MODE_CBC_RECORD_SPLITTING | boring.SSL_MODE_ENABLE_FALSE_START; + + _ = boring.SSL_set_mode(ssl, mode); + _ = boring.SSL_clear_mode(ssl, mode); + + var alpns = &[_]u8{ 8, 'h', 't', 't', 'p', '/', '1', '.', '1' }; + std.debug.assert(boring.SSL_set_alpn_protos(this.ssl, alpns, alpns.len) == 0); + + boring.SSL_enable_signed_cert_timestamps(ssl); + boring.SSL_enable_ocsp_stapling(ssl); + + // std.debug.assert(boring.SSL_set_strict_cipher_list(ssl, boring.SSL_DEFAULT_CIPHER_LIST) == 0); + + boring.SSL_set_enable_ech_grease(ssl, 1); + + // Configure BoringSSL to allow renegotiations. Once the initial handshake + // completes, if renegotiations are not allowed, the default reject value will + // be restored. This is done in this order to permit a BoringSSL + // optimization. See https://crbug.com/boringssl/123. Use + // ssl_renegotiate_explicit rather than ssl_renegotiate_freely so DoPeek() + // does not trigger renegotiations. + boring.SSL_set_renegotiate_mode(ssl, boring.ssl_renegotiate_explicit); + + boring.SSL_set_shed_handshake_config(ssl, 1); + + this.unencrypted_bytes_to_send = AsyncMessage.get(this.socket.allocator); + try this.handshake(); + + this.completed_connect = true; } pub fn close(this: *SSL) void { this.socket.close(); } - fn handshake(this: *SSL) HandshakeError!void { - while (!this.ssl.isInitFinished()) { - boring.ERR_clear_error(); - this.ssl_bio.?.enqueueSend(); - const handshake_result = boring.SSL_connect(this.ssl); - if (handshake_result == 0) { - Output.prettyErrorln("ssl accept error", .{}); - Output.flush(); - return error.OpenSSLError; + pub fn handshake(this: *SSL) HandshakeError!void { + this.next_handshake_state = .handshake; + this.handshake_result = null; + this.doHandshakeLoop() catch |err| { + if (err == error.WouldBlock) { + suspend { + this.connect_frame.set(@frame()); + } + } else { + return err; } - this.handshake_complete = handshake_result == 1 and this.ssl.isInitFinished(); + }; - if (!this.handshake_complete) { - // accept_result < 0 - const e = boring.SSL_get_error(this.ssl, handshake_result); - if ((e == boring.SSL_ERROR_WANT_READ or e == boring.SSL_ERROR_WANT_WRITE)) { - this.ssl_bio.?.enqueueSend(); - suspend { - this.handshake_frame = @frame().*; - this.ssl_bio.?.pushPendingFrame(&this.handshake_frame); - } + if (this.handshake_result) |handshake_err| { + const err2 = @errSetCast(HandshakeError, handshake_err); + this.handshake_result = null; + return err2; + } + } - continue; - } + fn retryAll(this: *SSL) void { + const had_handshaked = this.completed_connect; + // SSL_do_handshake, SSL_read, and SSL_write may all be retried when blocked, + // so retry all operations for simplicity. (Otherwise, SSL_get_error for each + // operation may be remembered to retry only the blocked ones.) + if (this.next_handshake_state == .handshake) { + this.onHandshakeIOComplete() catch {}; + } + + this.doPeek(); + if (!had_handshaked or !this.peek_complete) return; + + if (this.pending_read_buffer.len > 0) { + reader: { + this.pending_read_result = this.doPayloadRead(this.pending_read_buffer) catch |err| brk: { + if (err == error.WouldBlock) break :reader; + break :brk err; + }; - Output.prettyErrorln("ssl accept error = {}, return val was {}", .{ e, handshake_result }); - Output.flush(); - return error.OpenSSLError; + this.read_frame.maybeResume(); } } - } - pub fn write(this: *SSL, buffer_: []const u8) usize { - var buffer = buffer_; - var read_bio = this.read_bio; - while (buffer.len > 0) { - const response = read_bio.?.writeAll(buffer); - buffer = buffer[response.written..]; - if (response.overflow) { - read_bio = read_bio.?.next orelse brk: { - read_bio.?.next = AsyncMessage.get(this.socket.allocator); - break :brk read_bio.?.next.?; + if (this.pending_write_buffer.len > 0) { + writer: { + this.pending_write_result = this.doPayloadWrite() catch |err| brk: { + if (err == error.WantWrite or err == error.WantRead) break :writer; + break :brk err; }; + + this.send_frame.maybeResume(); } } + } + + pub fn doPayloadWrite(this: *SSL) anyerror!u32 { + const rv = try this.ssl.write(this.pending_write_buffer); + + if (rv >= 0) { + this.pending_write_buffer = this.pending_write_buffer[rv..]; + } - return buffer_.len; + return rv; } - pub fn send(this: *SSL) !usize { - var bio_ = this.read_bio; - var len: usize = 0; - while (bio_) |bio| { - var slice = bio.slice(); - len += this.ssl.write(slice) catch |err| { - switch (err) { - error.WantRead => { - suspend { - this.send_frame = @frame().*; - this.ssl_bio.?.pushPendingFrame(&this.send_frame); - } - continue; - }, - error.WantWrite => { - this.ssl_bio.?.enqueueSend(); - - suspend { - this.send_frame = @frame().*; - this.ssl_bio.?.pushPendingFrame(&this.send_frame); - } - continue; - }, - else => {}, - } + pub fn doPayloadRead(this: *SSL, buffer: []u8) anyerror!u32 { + if (this.ssl_bio.?.socket_recv_error != null) { + const pending = this.ssl_bio.?.socket_recv_error.?; + this.ssl_bio.?.socket_recv_error = null; + return pending; + } - if (comptime Environment.isDebug) { - Output.prettyErrorln("SSL error: {s} (buf: {s})\n URL:", .{ - @errorName(err), - bio.slice(), - }); - Output.flush(); + var total_bytes_read: u32 = 0; + var ssl_ret: c_int = 0; + var ssl_err: c_int = 0; + const buf_len = @truncate(u32, buffer.len); + while (true) { + ssl_ret = boring.SSL_read(this.ssl, buffer.ptr + total_bytes_read, @intCast(c_int, buf_len - total_bytes_read)); + ssl_err = boring.SSL_get_error(this.ssl, ssl_ret); + + if (ssl_ret > 0) { + total_bytes_read += @intCast(u32, ssl_ret); + } else if (ssl_err == boring.SSL_ERROR_WANT_RENEGOTIATE) { + if (boring.SSL_renegotiate(this.ssl) == 0) { + ssl_err = boring.SSL_ERROR_SSL; } + } - return err; - }; + // Continue processing records as long as there is more data available + // synchronously. + if (!(ssl_err == boring.SSL_ERROR_WANT_RENEGOTIATE or (total_bytes_read < buf_len and ssl_ret > 0 and this.ssl_bio.?.hasPendingReadData()))) break; + } + + // Although only the final SSL_read call may have failed, the failure needs to + // processed immediately, while the information still available in OpenSSL's + // error queue. + var result: anyerror!u32 = total_bytes_read; + + if (ssl_ret <= 0) { + switch (ssl_err) { + boring.SSL_ERROR_ZERO_RETURN => {}, + boring.SSL_ERROR_WANT_X509_LOOKUP => { + result = error.SSLErrorWantX509Lookup; + }, + boring.SSL_ERROR_WANT_PRIVATE_KEY_OPERATION => { + result = error.SSLErrorWantPrivateKeyOperation; + }, + + // Do not treat insufficient data as an error to return in the next call to + // DoPayloadRead() - instead, let the call fall through to check SSL_read() + // again. The transport may have data available by then. + boring.SSL_ERROR_WANT_READ, boring.SSL_ERROR_WANT_WRITE => { + result = error.WouldBlock; + }, + else => { + result = error.OpenSSLError; + }, + } + } - bio_ = bio.next; + // Many servers do not reliably send a close_notify alert when shutting down + // a connection, and instead terminate the TCP connection. This is reported + // as ERR_CONNECTION_CLOSED. Because of this, map the unclean shutdown to a + // graceful EOF, instead of treating it as an error as it should be. + if (this.ssl_bio.?.socket_recv_error) |err| { + this.ssl_bio.?.socket_recv_error = null; + return err; } - return len; + + return result; } - pub fn read(this: *SSL, buf_: []u8, offset: u64) !u64 { - var buf = buf_[offset..]; - var len: usize = 0; - while (buf.len > 0) { - this.ssl_bio.?.read_buf_len = buf.len; - len = this.ssl.read(buf) catch |err| { - switch (err) { - error.WantWrite => { - this.ssl_bio.?.enqueueSend(); - - if (extremely_verbose) { - Output.prettyErrorln( - "error: {s}: \n Read Wait: {s}\n Send Wait: {s}", - .{ - @errorName(err), - @tagName(this.ssl_bio.?.read_wait), - @tagName(this.ssl_bio.?.send_wait), - }, - ); - Output.flush(); + fn doHandshakeLoop( + this: *SSL, + ) HandshakeError!void { + while (true) { + var state = this.next_handshake_state; + this.next_handshake_state = HandshakeState.none; + switch (state) { + .handshake => { + this.doHandshake() catch |err| { + if (err != error.WouldBlock) { + this.handshake_result = err; } + return err; + }; + }, + .complete => { + this.doHandshakeComplete(); + }, + else => unreachable, + } + if (this.next_handshake_state == .none) return; + } + } - suspend { - this.read_frame = @frame().*; - this.ssl_bio.?.pushPendingFrame(&this.read_frame); - } - continue; - }, - error.WantRead => { - // this.ssl_bio.enqueueSend(); - - if (extremely_verbose) { - Output.prettyErrorln( - "error: {s}: \n Read Wait: {s}\n Send Wait: {s}", - .{ - @errorName(err), - @tagName(this.ssl_bio.?.read_wait), - @tagName(this.ssl_bio.?.send_wait), - }, - ); - Output.flush(); - } + fn onHandshakeIOComplete(this: *SSL) HandshakeError!void { + this.doHandshakeLoop() catch |err| { + if (err == error.WouldBlock) { + return; + } + this.in_confirm_handshake = false; + this.connect_frame.maybeResume(); + return; + }; + this.connect_frame.maybeResume(); + } + + fn doHandshakeComplete(this: *SSL) void { + if (this.in_confirm_handshake) { + this.next_handshake_state = .none; + return; + } + + this.completed_connect = true; + this.next_handshake_state = .none; + this.doPeek(); + } + + fn doPeek(this: *SSL) void { + if (!this.completed_connect) { + return; + } + + if (this.peek_complete) { + return; + } + + var byte: u8 = 0; + var rv = boring.SSL_peek(this.ssl, &byte, 1); + var ssl_error = boring.SSL_get_error(this.ssl, rv); + switch (ssl_error) { + boring.SSL_ERROR_WANT_READ, boring.SSL_ERROR_WANT_WRITE => {}, + else => { + this.peek_complete = true; + }, + } + } + + fn doHandshake(this: *SSL) HandshakeError!void { + const rv = boring.SSL_do_handshake(this.ssl); + if (rv <= 0) { + const ssl_error = boring.SSL_get_error(this.ssl, rv); + + switch (ssl_error) { + boring.SSL_ERROR_WANT_PRIVATE_KEY_OPERATION, boring.SSL_ERROR_WANT_X509_LOOKUP => { + this.next_handshake_state = HandshakeState.handshake; + return error.ClientCertNeeded; + }, + boring.SSL_ERROR_WANT_CERTIFICATE_VERIFY => { + this.next_handshake_state = HandshakeState.handshake; + return error.ClientCertNeeded; + }, + boring.SSL_ERROR_WANT_READ, boring.SSL_ERROR_WANT_WRITE => { + this.next_handshake_state = HandshakeState.handshake; + return error.WouldBlock; + }, + else => return error.OpenSSLError, + } + } + + this.next_handshake_state = HandshakeState.complete; + } + + pub fn write(this: *SSL, buffer_: []const u8) usize { + return this.unencrypted_bytes_to_send.?.writeAll(buffer_).written; + } - suspend { - this.read_frame = @frame().*; - this.ssl_bio.?.pushPendingFrame(&this.read_frame); + pub fn send(this: *SSL) anyerror!usize { + this.unencrypted_bytes_to_send.?.sent = 0; + this.pending_write_buffer = this.unencrypted_bytes_to_send.?.buf[this.unencrypted_bytes_to_send.?.sent..this.unencrypted_bytes_to_send.?.used]; + while (true) { + const sent = this.doPayloadWrite() catch |err| { + if (err == error.WantRead or err == error.WantWrite) { + if (err == error.WantWrite) { + if (this.first_post_handshake_write and boring.SSL_is_init_finished(this.ssl) != 0 and this.pending_write_buffer.len == 0) { + this.first_post_handshake_write = false; + + if (boring.SSL_version(this.ssl) == boring.TLS1_3_VERSION) { + std.debug.assert(boring.SSL_key_update(this.ssl, boring.SSL_KEY_UPDATE_REQUESTED) == 0); + continue; + } } - continue; - }, - else => return err, + } + + this.pending_write_result = 0; + suspend { + this.send_frame.set(@frame()); + } + const result = this.pending_write_result; + this.pending_write_result = 0; + this.unencrypted_bytes_to_send.?.used = 0; + if (result) |res| { + return res; + } else |er| { + return er; + } + } + if (extremely_verbose) { + Output.prettyErrorln("SSL error: {s}", .{@errorName(err)}); + Output.flush(); } - unreachable; + return err; }; + this.unencrypted_bytes_to_send.?.sent += sent; + + if (this.unencrypted_bytes_to_send.?.sent == this.unencrypted_bytes_to_send.?.used) { + this.unencrypted_bytes_to_send.?.used = 0; + this.unencrypted_bytes_to_send.?.sent = 0; + } - break; + return sent; } + } + + fn readIfReady(this: *SSL, buf: []u8) anyerror!u32 { + return this.doPayloadRead(buf) catch |err| { + return err; + }; + } - return len; + pub fn read(this: *SSL, buf_: []u8, offset: u64) !u32 { + var buf = buf_[offset..]; + + return this.readIfReady(buf) catch |err| { + if (err == error.WouldBlock) { + this.pending_read_result = 0; + this.pending_read_buffer = buf; + + suspend { + this.read_frame.set(@frame()); + } + const result = this.pending_read_result; + this.pending_read_result = 0; + this.pending_read_buffer = &[_]u8{}; + + return result; + } + return err; + }; } pub inline fn init(allocator: std.mem.Allocator, io: *AsyncIO) !SSL { @@ -493,8 +728,8 @@ pub const SSL = struct { if (this.ssl_bio) |bio| { _ = boring.BIO_set_data(bio.bio, null); - bio.pending_frame = AsyncBIO.PendingFrame.init(); bio.socket_fd = 0; + bio.onReady = null; bio.release(); this.ssl_bio = null; } @@ -506,7 +741,7 @@ pub const SSL = struct { this.handshake_complete = false; - if (this.read_bio) |bio| { + if (this.unencrypted_bytes_to_send) |bio| { var next_ = bio.next; while (next_) |next| { next.release(); @@ -514,7 +749,7 @@ pub const SSL = struct { } bio.release(); - this.read_bio = null; + this.unencrypted_bytes_to_send = null; } } }; |