mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-07-03 17:58:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add SSL to redbean

Browse source 
Your redbean can now interoperate with clients that require TLS crypto.
This is accomplished using a protocol polyglot that lets us distinguish
between HTTP and HTTPS regardless of the port number. Certificates will
be generated automatically, if none are supplied by the user. Footprint
increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb

- Add lseek() polyfills for ZIP executable
- Automatically polyfill /tmp/FOO paths on NT
- Fix readdir() / ftw() / nftw() bugs on Windows
- Introduce -B flag for slower SSL that's stronger
- Remove mbedtls features Cosmopolitan doesn't need
- Have base64 decoder support the uri-safe alternative
- Remove Truncated HMAC because it's forbidden by the IETF
- Add all the mbedtls test suites and make them go 3x faster
- Support opendir() / readdir() / closedir() on ZIP executable
- Use Everest for ECDHE-ECDSA because it's so good it's so good
- Add tinier implementation of sha1 since it's not worth the rom
- Add chi-square monte-carlo mean correlation tests for getrandom()
- Source entropy on Windows from the proper interface everyone uses

We're continuing to outperform NGINX and other servers on raw message
throughput. Using SSL means that instead of 1,000,000 qps you can get
around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL
handshakes, since redbean can do 2,627 per second and NGINX does 4.3k

Right now, the SSL UX story works best if you give your redbean a key
signing key since that can be easily generated by openssl using a one
liner then redbean will do all the things that are impossibly hard to
do like signing ecdsa and rsa certificates that'll work in chrome. We
should integrate the let's encrypt acme protocol in the future.

Live Demo: https://redbean.justine.lol/
Root Cert: https://redbean.justine.lol/redbean1.crt
This commit is contained in:
Justine Tunney 2021-06-24 12:31:26 -07:00
parent 1beeb7a829
commit cc1920749e
1032 changed files with 152673 additions and 69310 deletions
Download patch file Download diff file Expand all files Collapse all files

12
net/http/decodebase64.c
View file

@ -16,6 +16,7 @@
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/macros.internal.h"
#include "libc/mem/mem.h"
#include "libc/str/str.h"
#include "net/http/escape.h"
@ -23,10 +24,10 @@
static const signed char kBase64[256] = {
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, // 0x00
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, // 0x10
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, // 0x20
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, 62, -1, 63, // 0x20
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -2, -1, -1, // 0x30
-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, // 0x40
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, // 0x50
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, 63, // 0x50
-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, // 0x60
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, // 0x70
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, // 0x80
@ -42,6 +43,11 @@ static const signed char kBase64[256] = {
/**
* Decodes base64 ascii representation to binary.
*
* This supports the following alphabets:
*
* - ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
* - ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_
*
* @param data is input value
* @param size if -1 implies strlen
* @param out_size if non-NULL receives output length
@ -53,7 +59,7 @@ char *DecodeBase64(const char *data, size_t size, size_t *out_size) {
int a, b, c, d, w;
const char *p, *pe;
if (size == -1) size = data ? strlen(data) : 0;
if ((r = malloc(size / 4 * 3 + 1))) {
if ((r = malloc(ROUNDUP(size, 4) / 4 * 3 + 1))) {
q = r;
p = data;
pe = p + size;

2
net/http/headerhassubstring.c
View file

@ -30,7 +30,7 @@
* @param n is byte length of s where -1 implies strlen
* @return true if substring present
*/
bool HeaderHas(struct HttpRequest *m, const char *b, int h, const char *s,
bool HeaderHas(struct HttpMessage *m, const char *b, int h, const char *s,
size_t n) {
size_t i;
assert(0 <= h && h < kHttpHeadersMax);

46
net/http/http.h
View file

@ -99,27 +99,32 @@
#if !(__ASSEMBLER__ + __LINKER__ + 0)
COSMOPOLITAN_C_START_
struct HttpRequestSlice {
struct HttpSlice {
short a, b;
};
struct HttpRequest {
int i, a;
struct HttpHeader {
struct HttpSlice k;
struct HttpSlice v;
};
struct HttpHeaders {
unsigned n;
struct HttpHeader *p;
};
struct HttpMessage {
int i, a, status;
unsigned char t;
unsigned char method;
unsigned char version;
struct HttpRequestSlice k;
struct HttpRequestSlice uri;
struct HttpRequestSlice scratch;
struct HttpRequestSlice headers[kHttpHeadersMax];
struct HttpRequestSlice xmethod;
struct HttpRequestHeaders {
unsigned n;
struct HttpRequestHeader {
struct HttpRequestSlice k;
struct HttpRequestSlice v;
} * p;
} xheaders;
struct HttpSlice k;
struct HttpSlice uri;
struct HttpSlice scratch;
struct HttpSlice message;
struct HttpSlice headers[kHttpHeadersMax];
struct HttpSlice xmethod;
struct HttpHeaders xheaders;
};
extern const char kHttpToken[256];
@ -130,10 +135,13 @@ const char *GetHttpReason(int);
const char *GetHttpHeaderName(int);
int GetHttpHeader(const char *, size_t);
int GetHttpMethod(const char *, size_t);
void InitHttpRequest(struct HttpRequest *);
void DestroyHttpRequest(struct HttpRequest *);
int ParseHttpRequest(struct HttpRequest *, const char *, size_t);
bool HeaderHas(struct HttpRequest *, const char *, int, const char *, size_t);
void InitHttpRequest(struct HttpMessage *);
void DestroyHttpRequest(struct HttpMessage *);
int ParseHttpRequest(struct HttpMessage *, const char *, size_t);
void InitHttpResponse(struct HttpMessage *);
void DestroyHttpResponse(struct HttpMessage *);
int ParseHttpResponse(struct HttpMessage *, const char *, size_t);
bool HeaderHas(struct HttpMessage *, const char *, int, const char *, size_t);
int64_t ParseContentLength(const char *, size_t);
char *FormatHttpDateTime(char[hasatleast 30], struct tm *);
bool ParseHttpRange(const char *, size_t, long, long *, long *);

8
net/http/parsehttprequest.c
View file

@ -35,14 +35,14 @@ enum { START, METHOD, URI, VERSION, HKEY, HSEP, HVAL, CR1, LF1, LF2 };
/**
* Initializes HTTP request parser.
*/
void InitHttpRequest(struct HttpRequest *r) {
void InitHttpRequest(struct HttpMessage *r) {
memset(r, 0, sizeof(*r));
}
/**
* Destroys HTTP request parser.
*/
void DestroyHttpRequest(struct HttpRequest *r) {
void DestroyHttpRequest(struct HttpMessage *r) {
if (r->xheaders.p) {
free(r->xheaders.p);
r->xheaders.p = NULL;
@ -83,9 +83,9 @@ void DestroyHttpRequest(struct HttpRequest *r) {
* @see HTTP/1.1 RFC2616 RFC2068
* @see HTTP/1.0 RFC1945
*/
int ParseHttpRequest(struct HttpRequest *r, const char *p, size_t n) {
int ParseHttpRequest(struct HttpMessage *r, const char *p, size_t n) {
int c, h, i;
struct HttpRequestHeader *x;
struct HttpHeader *x;
for (n = MIN(n, LIMIT); r->i < n; ++r->i) {
c = p[r->i] & 0xff;
switch (r->t) {

187
net/http/parsehttpresponse.c Normal file
View file

@ -0,0 +1,187 @@
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi
Copyright 2021 Justine Alexandra Roberts Tunney
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/bits/bits.h"
#include "libc/limits.h"
#include "libc/macros.internal.h"
#include "libc/mem/mem.h"
#include "libc/str/str.h"
#include "libc/sysv/errfuns.h"
#include "net/http/http.h"
#define LIMIT (SHRT_MAX - 2)
enum { START, VERSION, STATUS, MESSAGE, HKEY, HSEP, HVAL, CR1, LF1, LF2 };
/**
* Initializes HTTP response parser.
*/
void InitHttpResponse(struct HttpMessage *r) {
memset(r, 0, sizeof(*r));
}
/**
* Destroys HTTP response parser.
*/
void DestroyHttpResponse(struct HttpMessage *r) {
if (r->xheaders.p) {
free(r->xheaders.p);
r->xheaders.p = NULL;
r->xheaders.n = 0;
}
}
/**
* Parses HTTP response.
*/
int ParseHttpResponse(struct HttpMessage *r, const char *p, size_t n) {
int c, h, i;
struct HttpHeader *x;
for (n = MIN(n, LIMIT); r->i < n; ++r->i) {
c = p[r->i] & 0xff;
switch (r->t) {
case START:
if (c == '\r' || c == '\n') break; /* RFC7230 § 3.5 */
if (c != 'H') return ebadmsg();
r->t = VERSION;
r->a = r->i;
break;
case VERSION:
if (c == ' ') {
if (r->i - r->a == 8 &&
(READ64BE(p + r->a) & 0xFFFFFFFFFF00FF00) == 0x485454502F002E00 &&
isdigit(p[r->a + 5]) && isdigit(p[r->a + 7])) {
r->version = (p[r->a + 5] - '0') * 10 + (p[r->a + 7] - '0');
r->t = STATUS;
} else {
return ebadmsg();
}
}
break;
case STATUS:
for (;;) {
if (c == ' ' || c == '\r' || c == '\n') {
if (r->status < 100) return ebadmsg();
if (c == ' ') {
r->a = r->i + 1;
r->t = MESSAGE;
} else {
r->t = c == '\r' ? CR1 : LF1;
}
break;
} else if ('0' <= c && c <= '9') {
r->status *= 10;
r->status += c - '0';
if (r->status > 999) return ebadmsg();
} else {
return ebadmsg();
}
if (++r->i == n) break;
c = p[r->i] & 0xff;
}
break;
case MESSAGE:
for (;;) {
if (c == '\r' || c == '\n') {
r->message.a = r->a;
r->message.b = r->i;
r->t = c == '\r' ? CR1 : LF1;
break;
} else if (c < 0x20 || (0x7F <= c && c < 0xA0)) {
return ebadmsg();
}
if (++r->i == n) break;
c = p[r->i] & 0xff;
}
break;
case CR1:
if (c != '\n') return ebadmsg();
r->t = LF1;
break;
case LF1:
if (c == '\r') {
r->t = LF2;
break;
} else if (c == '\n') {
return ++r->i;
} else if (!kHttpToken[c]) {
return ebadmsg(); /* RFC7230 § 3.2.4 */
}
r->k.a = r->i;
r->t = HKEY;
break;
case HKEY:
for (;;) {
if (c == ':') {
r->k.b = r->i;
r->t = HSEP;
break;
} else if (!kHttpToken[c]) {
return ebadmsg();
}
if (++r->i == n) break;
c = p[r->i] & 0xff;
}
break;
case HSEP:
if (c == ' ' || c == '\t') break;
r->a = r->i;
r->t = HVAL;
/* fallthrough */
case HVAL:
for (;;) {
if (c == '\r' || c == '\n') {
i = r->i;
while (i > r->a && (p[i - 1] == ' ' || p[i - 1] == '\t')) --i;
if ((h = GetHttpHeader(p + r->k.a, r->k.b - r->k.a)) != -1 &&
(!r->headers[h].a || !kHttpRepeatable[h])) {
r->headers[h].a = r->a;
r->headers[h].b = i;
} else if ((x = realloc(
r->xheaders.p,
(r->xheaders.n + 1) * sizeof(*r->xheaders.p)))) {
x[r->xheaders.n].k = r->k;
x[r->xheaders.n].v.a = r->a;
x[r->xheaders.n].v.b = i;
r->xheaders.p = x;
++r->xheaders.n;
}
r->t = c == '\r' ? CR1 : LF1;
break;
} else if ((c < 0x20 && c != '\t') || (0x7F <= c && c < 0xA0)) {
return ebadmsg();
}
if (++r->i == n) break;
c = p[r->i] & 0xff;
}
break;
case LF2:
if (c == '\n') {
return ++r->i;
}
return ebadmsg();
default:
unreachable;
}
}
if (r->i < LIMIT) {
return 0;
} else {
return ebadmsg();
}
}