Make: Remove mbedtls (#97)

Co-authored-by: Ash Vardanian <[email protected]>

CMakeLists.txt

@@ -107,7 +107,8 @@ include_directories(${cxxopts_SOURCE_DIR}/include)
 # export CPATH=/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/
 FetchContent_Declare(
     picohttpparser
-    GIT_REPOSITORY https://github.com/unum-cloud/picohttpparser.git
+    #GIT_REPOSITORY https://github.com/unum-cloud/picohttpparser.git
+    GIT_REPOSITORY https://github.com/MarkReedZ/picohttpparser.git
     GIT_SHALLOW 1
 )
 FetchContent_MakeAvailable(picohttpparser)
@@ -123,21 +124,6 @@ FetchContent_MakeAvailable(tb64)
 include_directories(${tb64_SOURCE_DIR})
 set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 
-FetchContent_Declare(
-    mbedtls
-    GIT_REPOSITORY https://github.com/Mbed-TLS/mbedtls/
-    GIT_TAG v3.4.0
-    CMAKE_ARGS
-    -DENABLE_PROGRAMS=OFF
-    -DENABLE_TESTING=OFF
-    -DUSE_SHARED_MBEDTLS_LIBRARY=OFF
-    -DUSE_STATIC_MBEDTLS_LIBRARY=ON
-)
-
-FetchContent_MakeAvailable(mbedtls)
-include_directories(${mbedtls_SOURCE_DIR}/include)
-set(mbedtls_LIBS mbedtls mbedcrypto mbedx509)
-
 # LibUring
 if(LINUX)
     set(URING_DIR ${CMAKE_BINARY_DIR}/_deps/liburing-ep)
@@ -168,7 +154,7 @@ find_package(Threads REQUIRED)
 include_directories(include/ src/)
 
 add_library(ucall_server_posix src/engine_posix.cpp)
-target_link_libraries(ucall_server_posix simdjson::simdjson Threads::Threads ${mbedtls_LIBS})
+target_link_libraries(ucall_server_posix simdjson::simdjson Threads::Threads )
 set(PYTHON_BACKEND ucall_server_posix)
 
 add_executable(ucall_example_login_posix examples/login/ucall_server.cpp)

src/engine_posix.cpp

@@ -38,13 +38,6 @@
 #include <charconv> // `std::to_chars`
 #include <chrono>   // `std::chrono`
 
-#include "mbedtls/config.h"
-#include <mbedtls/ctr_drbg.h>
-#include <mbedtls/entropy.h>
-#include <mbedtls/net_sockets.h>
-#include <mbedtls/ssl.h>
-#include <mbedtls/ssl_cache.h>
-
 #include "ucall/ucall.h"
 
 #include "helpers/log.hpp"
@@ -59,80 +52,11 @@ using time_point_t = std::chrono::time_point<time_clock_t>;
 
 static constexpr std::size_t initial_buffer_size_k = ram_page_size_k * 4;
 
-struct ucall_ssl_context_t {
-
-    ~ucall_ssl_context_t() noexcept {
-        mbedtls_x509_crt_free(&srvcert);
-        mbedtls_pk_free(&pkey);
-        mbedtls_ssl_free(&ssl);
-        mbedtls_ssl_config_free(&conf);
-        mbedtls_ssl_cache_free(&cache);
-        mbedtls_ctr_drbg_free(&ctr_drbg);
-        mbedtls_entropy_free(&entropy);
-    }
-
-    int init(const char* pk_path, const char** crts_path, size_t crts_cnt) {
-        mbedtls_ssl_init(&ssl);
-        mbedtls_ssl_config_init(&conf);
-        mbedtls_ssl_cache_init(&cache);
-        mbedtls_x509_crt_init(&srvcert);
-        mbedtls_pk_init(&pkey);
-        mbedtls_entropy_init(&entropy);
-        mbedtls_ctr_drbg_init(&ctr_drbg);
-        int ret = 0;
-
-        // Seed the RNG
-        if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0)) != 0)
-            // TODO Use personalization string. Required or Optional ?
-            return ret;
-
-        // Load Private Key
-        if ((ret = mbedtls_pk_parse_keyfile(&pkey, pk_path, NULL, NULL, &ctr_drbg)) != 0)
-            // TODO Use Password. Required or Optional ?
-            return ret;
-
-        // Load Certificates
-        for (size_t i = 0; i < crts_cnt; ++i)
-            if ((ret = mbedtls_x509_crt_parse_file(&srvcert, crts_path[i])) != 0)
-                // TODO Notify which certificate was invalid ?
-                return ret;
-
-        if ((ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM,
-                                               MBEDTLS_SSL_PRESET_DEFAULT)) != 0)
-            return ret;
-
-        mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
-
-        mbedtls_ssl_conf_session_cache(&conf, &cache, mbedtls_ssl_cache_get, mbedtls_ssl_cache_set);
-        mbedtls_ssl_conf_renegotiation(&conf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
-
-        mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
-        if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0)
-            return ret;
-
-        if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0)
-            return ret;
-
-        return 0;
-    }
-
-    mbedtls_ssl_context ssl{};
-    mbedtls_ssl_config conf{};
-    mbedtls_pk_context pkey{};
-    mbedtls_x509_crt srvcert{};
-    mbedtls_entropy_context entropy{};
-    mbedtls_ssl_cache_context cache{};
-    mbedtls_ctr_drbg_context ctr_drbg{};
-};
-
 struct engine_t {
-    ~engine_t() noexcept { delete ssl_ctx; }
+    ~engine_t() noexcept { }
 
     descriptor_t socket{};
 
-    /// @brief Establishes an SSL connection if SSL is enabled, otherwise the `ssl_ctx` is unused and uninitialized.
-    ucall_ssl_context_t* ssl_ctx = nullptr;
-
     /// @brief The file descriptor of the stateful connection over TCP.
     descriptor_t connection{};
     /// @brief A small memory buffer to store small requests.
@@ -169,13 +93,8 @@ void send_message(engine_t& engine, array_gt<char> const& message) noexcept {
     long idx = 0;
     long res = 0;
 
-    if (engine.ssl_ctx)
-        while (idx < len && (res = mbedtls_ssl_write(&engine.ssl_ctx->ssl, reinterpret_cast<uint8_t const*>(buf + idx),
-                                                     (len - idx))) > 0)
-            idx += res;
-    else
-        while (idx < len && (res = send(engine.connection, buf + idx, len - idx, 0)) > 0)
-            idx += res;
+    while (idx < len && (res = send(engine.connection, buf + idx, len - idx, 0)) > 0)
+        idx += res;
 
     if (res < 0) {
         if (errno == EMSGSIZE)
@@ -264,29 +183,12 @@ void forward_packet(engine_t& engine) noexcept {
     return forward_call_or_calls(engine);
 }
 
-int ssl_send(void* ctx, const unsigned char* buf, size_t len) {
-    mbedtls_net_context* conn = reinterpret_cast<mbedtls_net_context*>(ctx);
-    ssize_t ret = send(conn->fd, reinterpret_cast<char const*>(buf), len, 0);
-    return ret;
-}
-
-int ssl_recv(void* ctx, unsigned char* buf, size_t len) {
-    mbedtls_net_context* conn = reinterpret_cast<mbedtls_net_context*>(ctx);
-    ssize_t ret = recv(conn->fd, reinterpret_cast<char*>(buf), len, 0);
-    return ret;
-}
-
 int recv_all(engine_t& engine, char* buf, size_t len) {
     size_t idx = 0;
     int res = 0;
 
-    if (engine.ssl_ctx)
-        while (idx < len &&
-               (res = mbedtls_ssl_read(&engine.ssl_ctx->ssl, reinterpret_cast<uint8_t*>(buf + idx), (len - idx))) > 0)
-            idx += res;
-    else
-        while (idx < len && (res = recv(engine.connection, buf + idx, len - idx, 0)) > 0)
-            idx += res;
+    while (idx < len && (res = recv(engine.connection, buf + idx, len - idx, 0)) > 0)
+        idx += res;
 
     return idx;
 }
@@ -320,32 +222,14 @@ void ucall_take_call(ucall_server_t server, uint16_t) {
         return;
     }
 
-    mbedtls_net_context client_ctx;
-
-    if (engine.ssl_ctx) {
-        client_ctx.fd = connection_fd;
-        mbedtls_ssl_set_bio(&engine.ssl_ctx->ssl, &client_ctx, ssl_send, ssl_recv, NULL);
-        int ret = 0;
-        while ((ret = mbedtls_ssl_handshake(&engine.ssl_ctx->ssl)) != 0)
-            if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
-                mbedtls_net_free(&client_ctx);
-                mbedtls_ssl_session_reset(&engine.ssl_ctx->ssl);
-                return;
-            }
-    }
-
     // Wait until we have input.
     engine.connection = descriptor_t{connection_fd};
     engine.stats.added_connections++;
     engine.stats.closed_connections++;
     char* buffer_ptr = &engine.packet_buffer[0];
 
     size_t bytes_received = 0, bytes_expected = 0;
-    if (engine.ssl_ctx)
-        bytes_received =
-            mbedtls_ssl_read(&engine.ssl_ctx->ssl, reinterpret_cast<uint8_t*>(buffer_ptr), http_head_max_size_k);
-    else
-        bytes_received = recv(engine.connection, buffer_ptr, http_head_max_size_k, 0);
+    bytes_received = recv(engine.connection, buffer_ptr, http_head_max_size_k, 0);
 
     auto json_or_error = split_body_headers(std::string_view(buffer_ptr, bytes_received));
     if (auto error_ptr = std::get_if<default_error_t>(&json_or_error); error_ptr)
@@ -401,14 +285,6 @@ void ucall_take_call(ucall_server_t server, uint16_t) {
         buffer_ptr = nullptr;
     }
 
-    if (engine.ssl_ctx) {
-        int ret = 0;
-        while ((ret = mbedtls_ssl_close_notify(&engine.ssl_ctx->ssl)) < 0)
-            if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
-                break;
-
-        mbedtls_ssl_session_reset(&engine.ssl_ctx->ssl);
-    }
     shutdown(connection_fd, SHUT_WR);
     // If later on some UB is detected for client not recieving full data,
     // then it may be required to put a `recv` with timeout between `shutdown` and `close`
@@ -431,9 +307,6 @@ void ucall_init(ucall_config_t* config_inout, ucall_server_t* server_out) {
         config.max_callbacks = 128u;
     if (!config.hostname)
         config.hostname = "0.0.0.0";
-    if (config.use_ssl &&
-        !(config.ssl_private_key_path || config.ssl_certificates_paths || config.ssl_certificates_count))
-        return;
 
     // Some limitations are hard-coded for this non-concurrent implementation
     config.max_threads = 1u;
@@ -447,7 +320,6 @@ void ucall_init(ucall_config_t* config_inout, ucall_server_t* server_out) {
     engine_t* server_ptr = nullptr;
     array_gt<char> buffer;
     array_gt<named_callback_t> embedded_callbacks;
-    ucall_ssl_context_t* ssl_context = nullptr;
     sjd::parser parser;
 
     // By default, let's open TCP port for IPv4.
@@ -475,12 +347,6 @@ void ucall_init(ucall_config_t* config_inout, ucall_server_t* server_out) {
         goto cleanup;
     if (listen(socket_descriptor, config.queue_depth) < 0)
         goto cleanup;
-    if (config.use_ssl) {
-        ssl_context = new ucall_ssl_context_t();
-        if (ssl_context->init(config.ssl_private_key_path, config.ssl_certificates_paths,
-                              config.ssl_certificates_count) != 0)
-            goto cleanup;
-    }
     if (parser.allocate(ram_page_size_k, ram_page_size_k / 2) != sj::SUCCESS)
         goto cleanup;
 
@@ -493,7 +359,6 @@ void ucall_init(ucall_config_t* config_inout, ucall_server_t* server_out) {
     server_ptr->logs_file_descriptor = config.logs_file_descriptor;
     server_ptr->logs_format = config.logs_format ? std::string_view(config.logs_format) : std::string_view();
     server_ptr->log_last_time = time_clock_t::now();
-    server_ptr->ssl_ctx = ssl_context;
     *server_out = (ucall_server_t)server_ptr;
     return;
 
@@ -503,7 +368,6 @@ void ucall_init(ucall_config_t* config_inout, ucall_server_t* server_out) {
         close(socket_descriptor);
     std::free(server_ptr);
     *server_out = nullptr;
-    delete ssl_context;
 }
 
 void ucall_add_procedure(ucall_server_t server, ucall_str_t name, ucall_callback_t callback,
@@ -705,4 +569,4 @@ bool ucall_param_positional_str(ucall_call_t call, size_t position, ucall_str_t*
         return true;
     } else
         return false;
-}
+}