pelikan-net: multiple TLS/SSL implementations

Refactors the pelikan-net crate to allow building without TLS/SSL, or with BoringSSL and/or OpenSSL and TLS/SSL providers.
pelikan-io · Apr 4, 2024 · c0ea97d · c0ea97d
1 parent f2f936b
commit c0ea97d
Show file tree

Hide file tree

Showing 13 changed files with 1,412 additions and 458 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -51,7 +51,6 @@ clap = "4.4.6"
 clocksource = "0.8.1"
 crossbeam-channel = "0.5.8"
 datatier = { path = "./src/storage/datatier", version = "0.1.0"}
-foreign-types-shared = "0.3.1"
 httparse = "1.8.0"
 libc = "0.2.149"
 log = "0.4.20"
@@ -60,8 +59,10 @@ metriken = "0.3.3"
 metrohash = "1.0.6"
 mio = "0.8.8"
 nom = "7.1.3"
+openssl = "0.10.64"
+openssl-sys = "0.9.102"
 parking_lot = "0.12.1"
-pelikan-net = { path = "./src/net", version = "0.1.0" }
+pelikan-net = { path = "./src/net", version = "0.2.0" }
 phf = "0.11.2"
 proc-macro2 = "1.0.69"
 quote = "1.0.33"

diff --git a/src/common/Cargo.toml b/src/common/Cargo.toml
@@ -13,6 +13,6 @@ license = { workspace = true }
 boring = { workspace = true }
 clocksource = { workspace = true }
 metriken = { workspace = true }
-pelikan-net = { workspace = true }
+pelikan-net = { workspace = true, features = ["boringssl"] }
 ringlog = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
diff --git a/src/common/src/ssl.rs b/src/common/src/ssl.rs
@@ -22,7 +22,7 @@ pub trait TlsConfig {
 /// `TlsTcpAcceptor` wrapped in an option, where the `None` variant indicates
 /// that TLS should not be used.
 pub fn tls_acceptor(config: &dyn TlsConfig) -> Result<Option<TlsTcpAcceptor>, IoError> {
-    let mut builder = TlsTcpAcceptor::mozilla_intermediate_v5()?;
+    let mut builder = TlsTcpAcceptor::builder();
 
     // we use xor here to check if we have an under-specified tls configuration
     if config.private_key().is_some()

diff --git a/src/net/Cargo.toml b/src/net/Cargo.toml
@@ -2,17 +2,25 @@
 name = "pelikan-net"
 description = "Pelikan project's networking abstractions for non-blocking event loops"
 authors = ["Brian Martin <[email protected]>"]
-version = "0.1.0"
+version = "0.2.0"
 
 edition = { workspace = true }
 homepage = { workspace = true }
 repository = { workspace = true }
 license = { workspace = true }
 
 [dependencies]
-boring = { workspace = true }
-boring-sys = { workspace = true }
-foreign-types-shared = { workspace = true }
+boring = { workspace = true, optional = true }
+boring-sys = { workspace = true, optional = true }
+foreign-types-shared_03 = { package = "foreign-types-shared", version = "0.3.1" }
+foreign-types-shared_01 = { package = "foreign-types-shared", version = "0.1.1" }
 libc = { workspace = true }
 metriken = { workspace = true }
 mio = { workspace = true, features = ["os-poll", "net"] }
+openssl = { workspace = true, optional = true }
+openssl-sys = { workspace = true, optional = true }
+
+[features]
+default = ["boringssl"]
+boringssl = ["boring", "boring-sys"]
+openssl = ["dep:openssl", "openssl-sys", "openssl/vendored"]
diff --git a/src/net/src/connector.rs b/src/net/src/connector.rs
@@ -10,6 +10,7 @@ pub struct Connector {
 
 enum ConnectorType {
     Tcp(TcpConnector),
+    #[cfg(any(feature = "boringssl", feature = "openssl"))]
     TlsTcp(TlsTcpConnector),
 }
 
@@ -18,6 +19,7 @@ impl Connector {
     pub fn connect<A: ToSocketAddrs>(&self, addr: A) -> Result<Stream> {
         match &self.inner {
             ConnectorType::Tcp(connector) => Ok(Stream::from(connector.connect(addr)?)),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             ConnectorType::TlsTcp(connector) => Ok(Stream::from(connector.connect(addr)?)),
         }
     }
@@ -31,6 +33,7 @@ impl From<TcpConnector> for Connector {
     }
 }
 
+#[cfg(any(feature = "boringssl", feature = "openssl"))]
 impl From<TlsTcpConnector> for Connector {
     fn from(other: TlsTcpConnector) -> Self {
         Self {

diff --git a/src/net/src/lib.rs b/src/net/src/lib.rs
@@ -6,12 +6,16 @@ mod connector;
 mod listener;
 mod stream;
 mod tcp;
+
+#[cfg(any(feature = "boringssl", feature = "openssl"))]
 mod tls_tcp;
 
 pub use connector::*;
 pub use listener::*;
 pub use stream::*;
 pub use tcp::*;
+
+#[cfg(any(feature = "boringssl", feature = "openssl"))]
 pub use tls_tcp::*;
 
 pub mod event {
@@ -24,9 +28,7 @@ use core::fmt::Debug;
 use core::ops::Deref;
 use std::io::{Error, ErrorKind, Read, Write};
 use std::net::{SocketAddr, ToSocketAddrs};
-use std::path::{Path, PathBuf};
 
-use foreign_types_shared::{ForeignType, ForeignTypeRef};
 use metriken::*;
 
 type Result<T> = std::io::Result<T>;

diff --git a/src/net/src/listener.rs b/src/net/src/listener.rs
@@ -10,6 +10,7 @@ pub struct Listener {
 
 enum ListenerType {
     Plain(TcpListener),
+    #[cfg(any(feature = "boringssl", feature = "openssl"))]
     Tls((TcpListener, TlsTcpAcceptor)),
 }
 
@@ -21,6 +22,7 @@ impl From<TcpListener> for Listener {
     }
 }
 
+#[cfg(any(feature = "boringssl", feature = "openssl"))]
 impl From<(TcpListener, TlsTcpAcceptor)> for Listener {
     fn from(other: (TcpListener, TlsTcpAcceptor)) -> Self {
         Self {
@@ -51,6 +53,7 @@ impl Listener {
                 let (stream, _addr) = listener.accept()?;
                 Ok(Stream::from(stream))
             }
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             ListenerType::Tls((listener, acceptor)) => {
                 let (stream, _addr) = listener.accept()?;
                 let stream = acceptor.accept(stream)?;
@@ -62,6 +65,7 @@ impl Listener {
     pub fn local_addr(&self) -> Result<SocketAddr> {
         match &self.inner {
             ListenerType::Plain(listener) => listener.local_addr(),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             ListenerType::Tls((listener, _acceptor)) => listener.local_addr(),
         }
     }
@@ -76,6 +80,7 @@ impl event::Source for Listener {
     ) -> Result<()> {
         match &mut self.inner {
             ListenerType::Plain(listener) => listener.register(registry, token, interests),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             ListenerType::Tls((listener, _acceptor)) => {
                 listener.register(registry, token, interests)
             }
@@ -90,6 +95,7 @@ impl event::Source for Listener {
     ) -> Result<()> {
         match &mut self.inner {
             ListenerType::Plain(listener) => listener.reregister(registry, token, interests),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             ListenerType::Tls((listener, _acceptor)) => {
                 listener.reregister(registry, token, interests)
             }
@@ -99,6 +105,7 @@ impl event::Source for Listener {
     fn deregister(&mut self, registry: &mio::Registry) -> Result<()> {
         match &mut self.inner {
             ListenerType::Plain(listener) => listener.deregister(registry),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             ListenerType::Tls((listener, _acceptor)) => listener.deregister(registry),
         }
     }

diff --git a/src/net/src/stream.rs b/src/net/src/stream.rs
@@ -20,6 +20,8 @@ impl AsRawFd for Stream {
     fn as_raw_fd(&self) -> i32 {
         match &self.inner {
             StreamType::Tcp(s) => s.as_raw_fd(),
+
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => s.as_raw_fd(),
         }
     }
@@ -35,41 +37,47 @@ impl Stream {
                     Interest::READABLE
                 }
             }
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => s.interest(),
         }
     }
 
     pub fn is_established(&mut self) -> bool {
         match &mut self.inner {
             StreamType::Tcp(s) => s.is_established(),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => !s.is_handshaking(),
         }
     }
 
     pub fn is_handshaking(&self) -> bool {
         match &self.inner {
             StreamType::Tcp(_) => false,
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => s.is_handshaking(),
         }
     }
 
     pub fn do_handshake(&mut self) -> Result<()> {
         match &mut self.inner {
             StreamType::Tcp(_) => Ok(()),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => s.do_handshake(),
         }
     }
 
     pub fn set_nodelay(&mut self, nodelay: bool) -> Result<()> {
         match &mut self.inner {
             StreamType::Tcp(s) => s.set_nodelay(nodelay),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => s.set_nodelay(nodelay),
         }
     }
 
     pub fn shutdown(&mut self) -> Result<bool> {
         let result = match &mut self.inner {
             StreamType::Tcp(s) => s.shutdown(Shutdown::Both).map(|_| true),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => s.shutdown().map(|v| v == ShutdownResult::Received),
         };
 
@@ -92,6 +100,7 @@ impl Debug for Stream {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
         match &self.inner {
             StreamType::Tcp(s) => write!(f, "{s:?}"),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => write!(f, "{s:?}"),
         }
     }
@@ -105,6 +114,7 @@ impl From<TcpStream> for Stream {
     }
 }
 
+#[cfg(any(feature = "boringssl", feature = "openssl"))]
 impl From<TlsTcpStream> for Stream {
     fn from(other: TlsTcpStream) -> Self {
         Self {
@@ -117,6 +127,7 @@ impl Read for Stream {
     fn read(&mut self, buf: &mut [u8]) -> Result<usize> {
         match &mut self.inner {
             StreamType::Tcp(s) => s.read(buf),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => s.read(buf),
         }
     }
@@ -126,13 +137,15 @@ impl Write for Stream {
     fn write(&mut self, buf: &[u8]) -> Result<usize> {
         match &mut self.inner {
             StreamType::Tcp(s) => s.write(buf),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => s.write(buf),
         }
     }
 
     fn flush(&mut self) -> Result<()> {
         match &mut self.inner {
             StreamType::Tcp(s) => s.flush(),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => s.flush(),
         }
     }
@@ -142,6 +155,7 @@ impl event::Source for Stream {
     fn register(&mut self, registry: &Registry, token: Token, interest: Interest) -> Result<()> {
         match &mut self.inner {
             StreamType::Tcp(s) => s.register(registry, token, interest),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => s.register(registry, token, interest),
         }
     }
@@ -154,13 +168,15 @@ impl event::Source for Stream {
     ) -> Result<()> {
         match &mut self.inner {
             StreamType::Tcp(s) => s.reregister(registry, token, interest),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => s.reregister(registry, token, interest),
         }
     }
 
     fn deregister(&mut self, registry: &mio::Registry) -> Result<()> {
         match &mut self.inner {
             StreamType::Tcp(s) => s.deregister(registry),
+            #[cfg(any(feature = "boringssl", feature = "openssl"))]
             StreamType::TlsTcp(s) => s.deregister(registry),
         }
     }
@@ -171,5 +187,6 @@ impl event::Source for Stream {
 /// efficient than using a trait for dynamic dispatch.
 enum StreamType {
     Tcp(TcpStream),
+    #[cfg(any(feature = "boringssl", feature = "openssl"))]
     TlsTcp(TlsTcpStream),
 }
diff --git a/src/net/src/tcp.rs b/src/net/src/tcp.rs
@@ -5,8 +5,6 @@
 use crate::*;
 use std::os::unix::prelude::FromRawFd;
 
-pub use std::net::Shutdown;
-
 #[derive(PartialEq)]
 enum State {
     Connecting,