From 5eefe2ed73f7289dd8c0351c30450711ae9d42cf Mon Sep 17 00:00:00 2001 From: Dima Krasner Date: Sat, 26 Mar 2022 17:51:19 +0300 Subject: [PATCH 1/2] Add support for TLS streams --- .gitmodules | 6 + docs/ssl.md | 9 + examples/httpd.b6b | 22 ++- meson_options.txt | 3 +- src/b6b_ssl.c | 457 +++++++++++++++++++++++++++++++++++++++++++ src/curl | 1 + src/gen_ca_certs.sh | 43 ++++ src/mbedtls | 1 + src/mbedtls-config.h | 45 +++++ src/meson.build | 109 ++++++++++- 10 files changed, 690 insertions(+), 6 deletions(-) create mode 100644 docs/ssl.md create mode 100644 src/b6b_ssl.c create mode 160000 src/curl create mode 100755 src/gen_ca_certs.sh create mode 160000 src/mbedtls create mode 100644 src/mbedtls-config.h diff --git a/.gitmodules b/.gitmodules index 7160521..3f091f6 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,3 +7,9 @@ [submodule "subprojects/lolibc"] path = subprojects/lolibc url = http://github.com/dimkr/lolibc +[submodule "src/mbedtls"] + path = src/mbedtls + url = https://github.com/ARMmbed/mbedtls +[submodule "src/curl"] + path = src/curl + url = https://github.com/curl/curl diff --git a/docs/ssl.md b/docs/ssl.md new file mode 100644 index 0000000..d510849 --- /dev/null +++ b/docs/ssl.md @@ -0,0 +1,9 @@ + {$ssl.client 3 localhost 0} + +*ssl.client* creates a TLS client stream, using the file descriptor of a TCP client stream. The optional third argument determines whether or not certificate validation is enabled. + +**If the third argument is omitted**, certificate validation is enabled. + + {$ssl.server server.crt server.key} + +*ssl.server* creates a TLS server. diff --git a/examples/httpd.b6b b/examples/httpd.b6b index 2b14104..d16101c 100755 --- a/examples/httpd.b6b +++ b/examples/httpd.b6b @@ -3,7 +3,7 @@ {# This file is part of b6b. - Copyright 2017, 2018 Dima Krasner + Copyright 2017, 2018, 2022 Dima Krasner Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -206,7 +206,19 @@ {$return} }} - {$http.loop add $client $on_request {} $on_error} + {$proc _ { + {$try { + {$local ssl_client [$ssl_server accept [$. fd]]} + {$http.loop add $ssl_client $on_request {} $on_error} + } { + {$http.loop remove $.} + {$. close} + }} + } $client} + + {$spawn { + {$_} + }} }} }} @@ -214,11 +226,13 @@ {$global http.banner [$choice $http.banners]} }} -{$if [$!= [$list.len $@] 4] { - {$stderr writeln {Usage: httpd addr port backlog}} +{$if [$!= [$list.len $@] 6] { + {$stderr writeln {Usage: httpd addr port backlog cert key}} {$exit 1} }} +{$global ssl_server [$ssl.server $4 $5]} + {$http.loop add [$signal $SIGTERM $SIGINT] $on_term {} {}} {$http.loop add [$inet.server tcp $1 $2 $3] $on_clients {} {}} {# periodically change the server banner} diff --git a/meson_options.txt b/meson_options.txt index 8c488f7..3cf6c74 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -1,6 +1,6 @@ # This file is part of b6b. # -# Copyright 2017 Dima Krasner +# Copyright 2017, 2022 Dima Krasner # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,3 +19,4 @@ option('with_miniz', type: 'boolean') option('with_linenoise', type: 'boolean') option('with_valgrind', type: 'boolean', value: false) option('optimistic_alloc', type: 'boolean') +option('with_mbedtls', type: 'boolean') diff --git a/src/b6b_ssl.c b/src/b6b_ssl.c new file mode 100644 index 0000000..e1161ee --- /dev/null +++ b/src/b6b_ssl.c @@ -0,0 +1,457 @@ +/* + * This file is part of b6b. + * + * Copyright 2022 Dima Krasner + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include + +struct b6b_ssl_socket { + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + mbedtls_x509_crt cert; + struct b6b_obj *fdo; + int fd; +}; + +struct b6b_ssl_server { + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + mbedtls_x509_crt cert; + mbedtls_pk_context pk; +}; + +struct b6b_ssl_handshake_data { + struct pollfd pfd; + int ret; +}; + +static ssize_t b6b_ssl_peeksz(struct b6b_interp *interp, void *priv) +{ + const struct b6b_ssl_socket *ssl = (const struct b6b_ssl_socket *)priv; + + return b6b_fd_peeksz(interp, (void *)(intptr_t)ssl->fd); +} + +static ssize_t b6b_ssl_read(struct b6b_interp *interp, + void *priv, + unsigned char *buf, + const size_t len, + int *eof, + int *again) +{ + struct b6b_ssl_socket *ssl = (struct b6b_ssl_socket *)priv; + int out; + + out = mbedtls_ssl_read(&ssl->ssl, buf, len); + if (out < 0) { + if ((out == MBEDTLS_ERR_SSL_WANT_READ) || + (out == MBEDTLS_ERR_SSL_WANT_WRITE)) + return 0; + + out = -1; + } else if (out == 0) + *eof = 0; + + return (ssize_t)out; +} + +static ssize_t b6b_ssl_write(struct b6b_interp *interp, + void *priv, + const unsigned char *buf, + const size_t len) +{ + struct b6b_ssl_socket *ssl = (struct b6b_ssl_socket *)priv; + int out; + + out = mbedtls_ssl_write(&ssl->ssl, buf, len); + if (out < 0) { + if ((out == MBEDTLS_ERR_SSL_WANT_READ) || + (out == MBEDTLS_ERR_SSL_WANT_WRITE)) + return 0; + + out = -1; + } + + return (ssize_t)out; +} + +static void b6b_ssl_close(void *priv) +{ + struct b6b_ssl_socket *ssl = (struct b6b_ssl_socket *)priv; + + mbedtls_x509_crt_free(&ssl->cert); + mbedtls_ssl_free(&ssl->ssl); + mbedtls_ssl_config_free(&ssl->conf); + mbedtls_ctr_drbg_free(&ssl->ctr_drbg); + mbedtls_entropy_free(&ssl->entropy); + + b6b_unref(ssl->fdo); + free(priv); +} + +static struct b6b_obj *b6b_ssl_peer(struct b6b_interp *interp, void *priv) +{ + return b6b_ref(interp->null); +} + +static int b6b_ssl_fd(void *priv) +{ + const struct b6b_ssl_socket *ssl = (const struct b6b_ssl_socket *)priv; + + return ssl->fd; +} + +static const struct b6b_strm_ops b6b_ssl_client_ops = { + .peeksz = b6b_ssl_peeksz, + .read = b6b_ssl_read, + .write = b6b_ssl_write, + .peer = b6b_ssl_peer, + .fd = b6b_ssl_fd, + .close = b6b_ssl_close +}; + +extern const unsigned char *b6b_ca_certs; +extern const size_t b6b_ca_certs_len; + +static int b6b_ssl_do_recv(void *ctx, unsigned char *buf, size_t len) +{ + int fd = (int)(intptr_t)ctx; + ssize_t out; + + out = recv(fd, buf, len % INT_MAX, 0); + if (out < 0) { + if (errno == EAGAIN) + return MBEDTLS_ERR_SSL_WANT_READ; + + return MBEDTLS_ERR_NET_RECV_FAILED; + } + + return (int)out; +} + +static int b6b_ssl_do_send(void *ctx, const unsigned char *buf, size_t len) +{ + int fd = (int)(intptr_t)ctx; + ssize_t out; + + out = send(fd, buf, len % INT_MAX, MSG_NOSIGNAL); + if (out < 0) { + if (errno == EAGAIN) + return MBEDTLS_ERR_SSL_WANT_WRITE; + + return MBEDTLS_ERR_NET_SEND_FAILED; + } + + return (int)out; +} + +static void b6b_ssl_handshake_poll(void *arg) +{ + struct b6b_ssl_handshake_data *data = (struct b6b_ssl_handshake_data *)arg; + + data->ret = poll(&data->pfd, 1, -1); +} + +static struct b6b_obj *b6b_ssl_handshake(struct b6b_interp *interp, + struct b6b_ssl_socket *ssl, + const struct mbedtls_ssl_config *conf, + struct b6b_obj *fd) +{ + struct b6b_ssl_handshake_data data; + int err; + + if (mbedtls_ssl_setup(&ssl->ssl, conf) != 0) + return NULL; + + mbedtls_ssl_set_bio(&ssl->ssl, + (void *)(intptr_t)fd->i, + b6b_ssl_do_send, + b6b_ssl_do_recv, + NULL); + + data.pfd.fd = fd->i; + + do { + err = mbedtls_ssl_handshake(&ssl->ssl); + if (err == 0) + break; + + data.pfd.events = POLLIN | POLLRDHUP; + data.pfd.revents = 0; + + if (err == MBEDTLS_ERR_SSL_WANT_WRITE) + data.pfd.events |= POLLOUT; + else if (err != MBEDTLS_ERR_SSL_WANT_READ) + return NULL; + + b6b_offload(interp, b6b_ssl_handshake_poll, &data); + if ((data.ret <= 0) || (data.pfd.revents & ~(POLLIN | POLLOUT))) + return NULL; + } while (1); + + return b6b_strm_fmt(interp, &b6b_ssl_client_ops, ssl, "ssl"); +} + +static enum b6b_res b6b_ssl_proc_client(struct b6b_interp *interp, + struct b6b_obj *args) +{ + struct b6b_obj *fd, *hostname, *verifyo, *o; + struct b6b_ssl_socket *ssl; + int verify = 1; + + switch (b6b_proc_get_args(interp, + args, + "ois|o", + NULL, + &fd, + &hostname, + &verifyo)) { + case 4: + verify = b6b_obj_istrue(verifyo); + break; + + case 3: + break; + + default: + return B6B_ERR; + } + + ssl = (struct b6b_ssl_socket *)malloc(sizeof(*ssl)); + if (!b6b_allocated(ssl)) + return B6B_ERR; + + ssl->fdo = b6b_ref(fd); + + mbedtls_ssl_init(&ssl->ssl); + mbedtls_ssl_config_init(&ssl->conf); + mbedtls_x509_crt_init(&ssl->cert); + mbedtls_ctr_drbg_init(&ssl->ctr_drbg); + mbedtls_entropy_init(&ssl->entropy); + + if (mbedtls_ctr_drbg_seed(&ssl->ctr_drbg, + mbedtls_entropy_func, + &ssl->entropy, + NULL, + 0) != 0) { + b6b_ssl_close(ssl); + return B6B_ERR; + } + + if (verify && + (mbedtls_x509_crt_parse(&ssl->cert, + b6b_ca_certs, + b6b_ca_certs_len) != 0)) { + b6b_ssl_close(ssl); + return B6B_ERR; + } + + if (mbedtls_ssl_config_defaults(&ssl->conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT) != 0) { + b6b_ssl_close(ssl); + return B6B_ERR; + } + + if (verify) + mbedtls_ssl_conf_ca_chain(&ssl->conf, &ssl->cert, NULL); + else + mbedtls_ssl_conf_authmode(&ssl->conf, MBEDTLS_SSL_VERIFY_NONE); + + mbedtls_ssl_conf_rng(&ssl->conf, mbedtls_ctr_drbg_random, &ssl->ctr_drbg); + + if (mbedtls_ssl_set_hostname(&ssl->ssl, hostname->s) != 0) { + b6b_ssl_close(ssl); + return B6B_ERR; + } + + o = b6b_ssl_handshake(interp, ssl, &ssl->conf, fd); + if (!o) { + b6b_ssl_close(ssl); + return B6B_ERR; + } + + ssl->fd = fd->i; + + return b6b_return(interp, o); +} + +static enum b6b_res b6b_ssl_server_accept(struct b6b_interp *interp, + struct b6b_ssl_server *server, + struct b6b_obj *fd) +{ + struct b6b_obj *o; + struct b6b_ssl_socket *ssl; + + ssl = (struct b6b_ssl_socket *)malloc(sizeof(*ssl)); + if (!b6b_allocated(ssl)) + return B6B_ERR; + + ssl->fdo = b6b_ref(fd); + + mbedtls_ssl_init(&ssl->ssl); + mbedtls_ssl_config_init(&ssl->conf); + mbedtls_x509_crt_init(&ssl->cert); + mbedtls_ctr_drbg_init(&ssl->ctr_drbg); + mbedtls_entropy_init(&ssl->entropy); + + o = b6b_ssl_handshake(interp, ssl, &server->conf, fd); + if (!o) { + b6b_ssl_close(ssl); + return B6B_ERR; + } + + ssl->fd = fd->i; + + return b6b_return(interp, o); +} + +static enum b6b_res b6b_ssl_server_proc(struct b6b_interp *interp, + struct b6b_obj *args) +{ + struct b6b_obj *o, *op, *fd; + unsigned int argc; + + argc = b6b_proc_get_args(interp, args, "os|i", &o, &op, &fd); + if (argc < 2) + return B6B_ERR; + + if ((argc == 3) && (strcmp(op->s, "accept") == 0)) + return b6b_ssl_server_accept(interp, + (struct b6b_ssl_server *)o->priv, + fd); + + b6b_return_fmt(interp, "bad ssl.server op: %s", op->s); + return B6B_ERR; +} + +static void b6b_ssl_server_close(struct b6b_ssl_server *server) +{ + mbedtls_x509_crt_free(&server->cert); + mbedtls_ssl_config_free(&server->conf); + mbedtls_ctr_drbg_free(&server->ctr_drbg); + mbedtls_entropy_free(&server->entropy); + mbedtls_pk_free(&server->pk); + + free(server); +} + +static void b6b_ssl_server_del(void *priv) +{ + b6b_ssl_server_close((struct b6b_ssl_server *)priv); +} + +static enum b6b_res b6b_ssl_proc_server(struct b6b_interp *interp, + struct b6b_obj *args) +{ + struct b6b_obj *cert, *pk, *o; + struct b6b_ssl_server *server; + + if (!b6b_proc_get_args(interp, args, "oss", NULL, &cert, &pk)) + return B6B_ERR; + + server = (struct b6b_ssl_server *)malloc(sizeof(*server)); + if (!b6b_allocated(server)) + return B6B_ERR; + + mbedtls_ssl_config_init(&server->conf); + mbedtls_x509_crt_init(&server->cert); + mbedtls_ctr_drbg_init(&server->ctr_drbg); + mbedtls_pk_init(&server->pk); + + mbedtls_entropy_init(&server->entropy); + if (mbedtls_ctr_drbg_seed(&server->ctr_drbg, + mbedtls_entropy_func, + &server->entropy, + NULL, + 0) != 0) { + b6b_ssl_server_close(server); + return B6B_ERR; + } + + if ((mbedtls_x509_crt_parse_file(&server->cert, cert->s) != 0) || + (mbedtls_pk_parse_keyfile(&server->pk, + pk->s, + "", + mbedtls_ctr_drbg_random, + &server->ctr_drbg) != 0)) { + b6b_ssl_server_close(server); + return B6B_ERR; + } + + if (mbedtls_ssl_config_defaults(&server->conf, + MBEDTLS_SSL_IS_SERVER, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT) != 0) { + b6b_ssl_server_close(server); + return B6B_ERR; + } + + mbedtls_ssl_conf_rng(&server->conf, + mbedtls_ctr_drbg_random, + &server->ctr_drbg); + + if (mbedtls_ssl_conf_own_cert(&server->conf, + &server->cert, + &server->pk) != 0) { + b6b_ssl_server_close(server); + return B6B_ERR; + } + + o = b6b_str_fmt("ssl.server:%"PRIxPTR, (uintptr_t)server); + if (!b6b_allocated(o)) { + b6b_ssl_server_close(server); + return B6B_ERR; + } + + o->priv = server; + o->proc = b6b_ssl_server_proc; + o->del = b6b_ssl_server_del; + + return b6b_return(interp, o); +} + +static const struct b6b_ext_obj b6b_ssl[] = { + { + .name = "ssl.client", + .type = B6B_TYPE_STR, + .val.s = "ssl.client", + .proc = b6b_ssl_proc_client + }, + { + .name = "ssl.server", + .type = B6B_TYPE_STR, + .val.s = "ssl.server", + .proc = b6b_ssl_proc_server + } +}; +__b6b_ext(b6b_ssl); diff --git a/src/curl b/src/curl new file mode 160000 index 0000000..801bd51 --- /dev/null +++ b/src/curl @@ -0,0 +1 @@ +Subproject commit 801bd5138ce31aa0d906fa4e2eabfc599d74e793 diff --git a/src/gen_ca_certs.sh b/src/gen_ca_certs.sh new file mode 100755 index 0000000..50fe961 --- /dev/null +++ b/src/gen_ca_certs.sh @@ -0,0 +1,43 @@ +#!/bin/sh -e + +# This file is part of b6b. +# +# Copyright 2022 Dima Krasner +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +cd $2 + +perl $1 -q cert.pem > /dev/null +rm -f certdata.txt + +cat << EOF > b6b_ca_certs.c +#include + +static const unsigned char arr[] = \\ +EOF + +grep -v -e ^# -e '^$' cert.pem | +while read x +do + echo " \"$x\\n\" \\" +done >> b6b_ca_certs.c + +cat << EOF >> b6b_ca_certs.c +; + +const unsigned char *b6b_ca_certs = arr; +const size_t b6b_ca_certs_len = sizeof(arr); +EOF + +rm -f cert.pem diff --git a/src/mbedtls b/src/mbedtls new file mode 160000 index 0000000..d65aeb3 --- /dev/null +++ b/src/mbedtls @@ -0,0 +1 @@ +Subproject commit d65aeb37349ad1a50e0f6c9b694d4b5290d60e49 diff --git a/src/mbedtls-config.h b/src/mbedtls-config.h new file mode 100644 index 0000000..440109f --- /dev/null +++ b/src/mbedtls-config.h @@ -0,0 +1,45 @@ +#define MBEDTLS_AES_FEWER_TABLES +#undef MBEDTLS_CIPHER_MODE_CBC +#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +#undef MBEDTLS_SELF_TEST +#undef MBEDTLS_SSL_ALL_ALERT_MESSAGES +#undef MBEDTLS_SSL_CBC_RECORD_SPLITTING +#undef MBEDTLS_SSL_RENEGOTIATION +#undef MBEDTLS_SSL_PROTO_TLS1 +#undef MBEDTLS_SSL_PROTO_TLS1_1 +#undef MBEDTLS_SSL_PROTO_DTLS +#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY +#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +#undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT +#undef MBEDTLS_SSL_SESSION_TICKETS +#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY +#undef MBEDTLS_VERSION_FEATURES +#undef MBEDTLS_AESNI_C +#undef MBEDTLS_ARC4_C +#undef MBEDTLS_BLOWFISH_C +#undef MBEDTLS_CAMELLIA_C +#undef MBEDTLS_ARIA_C +#undef MBEDTLS_CCM_C +#undef MBEDTLS_CHACHA20_C +#undef MBEDTLS_CHACHAPOLY_C +#undef MBEDTLS_RIPEMD160_C +#undef MBEDTLS_DEBUG_C +#undef MBEDTLS_DES_C +#undef MBEDTLS_ERROR_C +#undef MBEDTLS_MD5_C +#undef MBEDTLS_NET_C +#undef MBEDTLS_PADLOCK_C +#undef MBEDTLS_PEM_WRITE_C +#undef MBEDTLS_PK_WRITE_C +#undef MBEDTLS_VERSION_C +#undef MBEDTLS_X509_CREATE_C +#undef MBEDTLS_X509_CRT_WRITE_C +#undef MBEDTLS_X509_CSR_WRITE_C +#undef MBEDTLS_XTEA_C +#undef MBEDTLS_PSA_ITS_FILE_C \ No newline at end of file diff --git a/src/meson.build b/src/meson.build index 985fe9e..591be31 100644 --- a/src/meson.build +++ b/src/meson.build @@ -1,6 +1,6 @@ # This file is part of b6b. # -# Copyright 2017, 2020 Dima Krasner +# Copyright 2017, 2020, 2022 Dima Krasner # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -85,6 +85,113 @@ if libffi.found() endif endif +if get_option('with_mbedtls') + mbedtls_includes = include_directories('mbedtls/include') + mbedtls_cflags = ['-DMBEDTLS_USER_CONFIG_FILE="@0@/mbedtls-config.h"'.format(meson.current_source_dir())] + + libmbedtls = static_library('mbedtls', + 'mbedtls/library/debug.c', + 'mbedtls/library/net_sockets.c', + 'mbedtls/library/ssl_cache.c', + 'mbedtls/library/ssl_ciphersuites.c', + 'mbedtls/library/ssl_cli.c', + 'mbedtls/library/ssl_cookie.c', + 'mbedtls/library/ssl_srv.c', + 'mbedtls/library/ssl_ticket.c', + 'mbedtls/library/ssl_tls.c', + 'mbedtls/library/ssl_msg.c', + include_directories: mbedtls_includes, + c_args: mbedtls_cflags) + mbedtls = declare_dependency(link_with: libmbedtls) + + libmbedx509 = static_library('mbedx509', + 'mbedtls/library/x509.c', + 'mbedtls/library/x509_create.c', + 'mbedtls/library/x509_crl.c', + 'mbedtls/library/x509_crt.c', + 'mbedtls/library/x509_csr.c', + 'mbedtls/library/x509write_crt.c', + 'mbedtls/library/x509write_csr.c', + include_directories: mbedtls_includes, + c_args: mbedtls_cflags) + mbedx509 = declare_dependency(link_with: libmbedx509) + + libmbedcrypto = static_library('mbedcrypto', + 'mbedtls/library/aes.c', + 'mbedtls/library/aesni.c', + 'mbedtls/library/aria.c', + 'mbedtls/library/asn1parse.c', + 'mbedtls/library/asn1write.c', + 'mbedtls/library/base64.c', + 'mbedtls/library/bignum.c', + 'mbedtls/library/camellia.c', + 'mbedtls/library/ccm.c', + 'mbedtls/library/chacha20.c', + 'mbedtls/library/chachapoly.c', + 'mbedtls/library/cipher.c', + 'mbedtls/library/cipher_wrap.c', + 'mbedtls/library/cmac.c', + 'mbedtls/library/constant_time.c', + 'mbedtls/library/ctr_drbg.c', + 'mbedtls/library/des.c', + 'mbedtls/library/dhm.c', + 'mbedtls/library/ecdh.c', + 'mbedtls/library/ecdsa.c', + 'mbedtls/library/ecjpake.c', + 'mbedtls/library/ecp.c', + 'mbedtls/library/ecp_curves.c', + 'mbedtls/library/entropy.c', + 'mbedtls/library/entropy_poll.c', + 'mbedtls/library/error.c', + 'mbedtls/library/gcm.c', + 'mbedtls/library/hkdf.c', + 'mbedtls/library/hmac_drbg.c', + 'mbedtls/library/md.c', + 'mbedtls/library/md5.c', + 'mbedtls/library/memory_buffer_alloc.c', + 'mbedtls/library/nist_kw.c', + 'mbedtls/library/oid.c', + 'mbedtls/library/padlock.c', + 'mbedtls/library/pem.c', + 'mbedtls/library/pk.c', + 'mbedtls/library/pk_wrap.c', + 'mbedtls/library/pkcs12.c', + 'mbedtls/library/pkcs5.c', + 'mbedtls/library/pkparse.c', + 'mbedtls/library/pkwrite.c', + 'mbedtls/library/platform.c', + 'mbedtls/library/platform_util.c', + 'mbedtls/library/poly1305.c', + 'mbedtls/library/ripemd160.c', + 'mbedtls/library/rsa.c', + 'mbedtls/library/rsa_alt_helpers.c', + 'mbedtls/library/sha1.c', + 'mbedtls/library/sha256.c', + 'mbedtls/library/sha512.c', + 'mbedtls/library/threading.c', + 'mbedtls/library/timing.c', + 'mbedtls/library/version.c', + 'mbedtls/library/version_features.c', + include_directories: mbedtls_includes, + c_args: mbedtls_cflags) + mbedcrypto = declare_dependency(link_with: libmbedcrypto, include_directories: mbedtls_includes) + + b6b_deps += [mbedtls, mbedx509, mbedcrypto] + + ca_certs = custom_target('ca_certs', + input: 'gen_ca_certs.sh', + output: 'b6b_ca_certs.c', + command: [ + find_program('sh'), + '-e', + '@INPUT@', + join_paths(meson.current_source_dir(), 'curl', 'lib', 'mk-ca-bundle.pl'), + meson.current_build_dir() + ]) + + libb6b_srcs += ['b6b_ssl.c', ca_certs] +endif + libb6b = library('b6b', libb6b_srcs, include_directories: b6b_includes, From 635c5d3e864ea36f243d9630e2d53c65499c992a Mon Sep 17 00:00:00 2001 From: Dima Krasner Date: Sat, 26 Mar 2022 17:57:50 +0300 Subject: [PATCH 2/2] If all threads are blocked, busy wait until any of them is ready to run --- src/b6b_interp.c | 30 +----------------------------- 1 file changed, 1 insertion(+), 29 deletions(-) diff --git a/src/b6b_interp.c b/src/b6b_interp.c index 243bb0f..e63f04d 100644 --- a/src/b6b_interp.c +++ b/src/b6b_interp.c @@ -485,8 +485,6 @@ int b6b_offload(struct b6b_interp *interp, void (*fn)(void *), void *arg) { - struct b6b_thread *t; - int swap, pending = 0; struct b6b_offload_thread *offth = NULL; if (!b6b_threaded(interp)) @@ -519,31 +517,6 @@ int b6b_offload(struct b6b_interp *interp, if (!b6b_threaded(interp)) break; - /* check whether there is at least one thread that waits for us to - * complete the blocking operation and at least one thread which - * doesn't */ - pending = swap = 0; - b6b_thread_foreach(&interp->threads, t) { - if (t != interp->fg) { - if (b6b_thread_blocked(t)) { - pending = 1; - if (swap) - break; - } - else { - swap = 1; - if (pending) - break; - } - } - } - - /* if all other threads are blocked by us, we want to stop this - * polling loop since all they do is repeatedly calling - * b6b_yield() */ - if (!swap) - break; - /* if all other threads exited during the previous iterations of * this loop, we can (and should) block */ if (!b6b_yield(interp)) @@ -560,8 +533,7 @@ int b6b_offload(struct b6b_interp *interp, * the next statement of the current thread also calls * b6b_offload_start(), that thread will spend more time in its * b6b_offload_ready() loop */ - if (pending) - b6b_yield(interp); + b6b_yield(interp); } return 1;