iodine 0.7.16 → 0.7.17

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4813b7d2deb5b0dede2e40d240e295f10cdcef94effb743eeb0293317e84fc3e
-  data.tar.gz: 4fb3632e530571ad598c50f42e3eca989aca0425c00df041d590ca26fdcc2b8e
+  metadata.gz: 909a4b34102fd6e636eab59eccf82deaf315bcc50131ee9f4d476f249df2fe2a
+  data.tar.gz: dded0a5249df8dcd0854198ea6df03661e40b69ddcba35d0bd693c1a6acf6cb2
 SHA512:
-  metadata.gz: d632268e49abf09a61e7eaa0d8905f9c4bef2f303784d4d3eca0fd9a6bc29952b28eb7c9709ab34d95324b0bdbdc866a98c0520d9df5cc560b3afba83f5e940f
-  data.tar.gz: 28c9fa08377cad5fba31cda50186598839abe336f85c882efea480c4bed467e1e10e0df5c18fe72ef48e97ed2b92c4bdf68264373169cfeeb82a82788ee6b966
+  metadata.gz: 9cdaf95feee9f8de5daedf472a3bd5318931c1aa1b5a5ccc95178e62053ba6e97e021f856ec863e586f22d0b760dee1a66a6204c1cd71267545f164cd9ce378f
+  data.tar.gz: 24d6b5d326fd11cb69beeb215bfc80b4f062d269d3734bc78710654c5444d370346793da2f18c6dba955f53f9754063206399d9de1aef5d76d04299a8ee29aeb

data/.travis.yml

@@ -7,9 +7,9 @@ before_install:
   - bundle install
 rvm:
   - 2.6.0
-  - 2.5.0
-  - 2.4.0
-  - 2.3.1
+  - 2.5.3
+  - 2.4.5
+  - 2.3.8
   - 2.2.2
 notifications:
   email: false
@@ -22,6 +22,7 @@ addons:
     packages:
       - gcc-4.9
       - gcc-5
+      - clang
 script:
   - echo CFLAGS = $CFLAGS
   - echo cflags = $cflags
@@ -34,5 +35,5 @@ script:
   - find pkg/iodine-*.gem -exec gem install -V {} +
   - gem uninstall -x iodine
   - export CFLAGS="-Wall"
-  - export CC=gcc-5
+  - export CC="gcc-5"
   - find pkg/iodine-*.gem -exec gem install -V {} +

data/.yardopts

@@ -0,0 +1,8 @@
+--no-private
+--markup markdown
+-
+LIMITS.md
+CHANGELOG.md
+LICENSE.txt
+SPEC-WebSocket-Draft.md
+SPEC-PubSub-Draft.md

data/CHANGELOG.md

@@ -6,6 +6,32 @@ Please notice that this change log contains changes for upcoming releases as wel
 
 ## Changes:
 
+#### Change log v.0.7.17
+
+**Security**: (`fio`) improved security against hash flooding attacks.
+
+**Update**: (`iodine`) SSL/TLS support!
+
+**Update**: (`iodine`) WebSocket client connections are now supported using `Iodine.connect` (both `ws://` and `wss://`)!
+
+**Deprecation**: (`iodine`) deprecated `DEFAULT_HTTP_ARGS` in favor of `DEFAULT_SETTEINGS`.
+
+**Deprecation**: (`iodine`) deprecated `Iodine.listen2http` in favor of `Iodine.listen service: :http`.
+
+**Fix**: (`iodine` / `pubsub`) fixed possible issue with global subscriptions (non-connection bound subscriptions).
+
+**Fix**: (`Iodine::Mustache`) fixed support for named argument, documentation and loading template from memory (rather than file) when creating a new `Iodine::Mustache` object.
+
+**Fix**: (`redis`) fixed an issue where destroying the Redis engine and exiting pre-maturely, could cause a segmentation fault during cleanup.
+
+**Fix**: (`iodine`, `fio`) fixed logging message when listening to Unix Sockets.
+
+**Fix**: (`iodine`) fixed CLI argument recognition for WebSocket message limits and HTTP header limits. Typos in the CLI argument names prevented the CLI from effecting the default values.
+
+**Fix**: (`fio`) fixed unaligned memory access in SipHash implementation and added secret randomization for each application restart.
+
+**Optimization**: (`iodine`) caching common header names to decrease Ruby memory allocations per request.
+
 #### Change log v.0.7.16
 
 **Security**: (`fio`) security fixes from the facil.io core library (updated to 0.7.0.beta6).

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 Boaz Segev
+Copyright (c) 2015-2019 Boaz Segev
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/LIMITS.md

@@ -2,6 +2,12 @@
 
 I will, at some point, document these... here's the key points:
 
+## SSL/TLS
+
+* TLS support requires OpenSSL 1.1.0 and above. On Heroku, this requires `heroku-18`.
+
+* Iodine supports TLS 1.2 and above (depending on the OpenSSL version used).
+
 ## HTTP limits
 
 * Uploads are adjustable and limited to ~50Mib by default.

data/README.md

@@ -9,17 +9,20 @@
 
 I believe that network concerns should be separated from application concerns - application developers really shouldn't need to worry about the transport layer.
 
-And I know that these network concerns are more than just about the web server. Which is why iodine is more than just an HTTP server.
+And I know that these network concerns are more than just about the web server, which is why iodine is more than just an HTTP server.
 
 Iodine is a fast concurrent web server for real-time Ruby applications, but it's also so much more. Iodine includes native support for:
 
-* WebSockets and EventSource (SSE);
+* HTTP, WebSockets and EventSource (SSE) Services (server);
+* WebSocket connections (server / client);
 * Pub/Sub (with optional Redis Pub/Sub scaling);
 * Static file service (with automatic `gzip` support for pre-compressed versions);
 * HTTP/1.1 keep-alive and pipelining;
 * Asynchronous event scheduling and timers;
 * Hot Restart (using the USR1 signal);
-* Client connectivity (attach client sockets to make them evented);
+* TLS 1.2 and above (Requires OpenSSL >= 1.1.0);
+* TCP/IP server and client connectivity;
+* Unix Socket server and client connectivity;
 * Custom protocol authoring;
 * Optimized Logging to `stderr`.
 * [Sequel](https://github.com/jeremyevans/sequel) and ActiveRecord forking protection.
@@ -210,7 +213,7 @@ Iodine.subscribe(:chat) {|ch, msg| puts msg if Iodine.master? }
 # By default, Pub/Sub performs in process cluster mode.
 Iodine.workers = 4
 # # in irb:
-Iodine.listen2http public: "www/public", app: APP
+Iodine.listen service: :http, public: "www/public", handler: APP
 Iodine.start
 # # or in config.ru
 run APP
@@ -311,6 +314,73 @@ With iodine, there's no need to worry.
 
 Iodine provides built-in `fork` handling for both ActiveRecord and [Sequel](https://github.com/jeremyevans/sequel), in order to protect against these possible errors.
 
+### Client Support
+
+Iodine supports raw (TCP/IP and Unix Sockets) client connections as well as WebSocket connections.
+
+This can be utilized for communicating across micro services or taking advantage of persistent connection APIs such as ActionCable APIs, socket.io APIs etc'.
+
+Here is an example WebSocket client that will connect to the [WebSocket.org echo test service](https://www.websocket.org/echo.html) and send a number of pre-programmed messages.
+
+```ruby
+require 'iodine'
+
+# The client class
+class EchoClient
+
+  def on_open(connection)
+    @messages = [ "Hello World!",
+      "I'm alive and sending messages",
+      "I also receive messages",
+      "now that we all know this...",
+      "I can stop.",
+      "Goodbye." ]
+    send_one_message(connection)
+  end
+
+  def on_message(connection, message)
+    puts "Received: #{message}"
+    send_one_message(connection)
+  end
+
+  def on_close(connection)
+    # in this example, we stop iodine once the client is closed
+    puts "* Client closed."
+    Iodine.stop
+  end
+
+  # We use this method to pop messages from the queue and send them
+  #
+  # When the queue is empty, we disconnect the client.
+  def send_one_message(connection)
+    msg = @messages.shift
+    if(msg)
+      connection.write msg
+    else
+      connection.close
+    end
+  end
+end
+
+Iodine.threads = 1
+Iodine.connect url: "wss://echo.websocket.org", handler: EchoClient.new, ping: 40
+Iodine.start
+```
+
+### TLS 1.2 support
+
+>  Requires OpenSSL >= `1.1.0`. On Heroku, requires `heroku-18`.
+
+Iodine supports secure connections fore TLS version 1.2 and up (depending on the OpenSSL version).
+
+A self signed certificate is available using the `-tls` flag from the command-line.
+
+PEM encoded certificates (which is probably the most common format) can be loaded from the command-line (`-tls-cert` and `-tls-key`) or dynamically (using `Iodine::TLS`).
+
+The TLS API is simplified but powerful, supporting the ALPN extension and peer verification (which client connections really should leverage).
+
+When enabling peer verification for server connections (using `Iodine::TLS#trust`), clients will be required to submit a trusted certificate in order to connect to the server.
+
 ### TCP/IP (raw) sockets
 
 Upgrading to a custom protocol (i.e., in order to implement your own WebSocket protocol with special extensions) is available when neither WebSockets nor SSE connection upgrades were requested. In the following (terminal) example, we'll use an echo server without direct socket echo:
@@ -333,7 +403,7 @@ APP = Proc.new do |env|
   end
 end
 # # in irb:
-Iodine.listen2http public: "www/public", app: APP
+Iodine.listen service: :http, public: "www/public", handler: APP
 Iodine.threads = 1
 Iodine.start
 # # or in config.ru
@@ -421,6 +491,12 @@ Iodine is written in C and allows some compile-time customizations, such as:
 
 * `FIO_MAX_SOCK_CAPACITY` - limits iodine's maximum client capacity. Defaults to 131,072 clients.
 
+* `FIO_USE_RISKY_HASH` - replaces SipHash with RiskyHash for iodine's internal hash maps.
+ 
+    Since iodine hash maps have internal protection against collisions and hash flooding attacks, it's possible for iodine to leverage RiskyHash, which is faster than SipHash.
+
+    By default, SipHash will be used. This is a community related choice, since the community seems to believe a hash function should protect the hash map rather than it being enough for a hash map implementation to be attack resistance.
+
 * `HTTP_MAX_HEADER_COUNT` - limits the number of headers the HTTP server will accept before disconnecting a client (security). Defaults to 128 headers (permissive).
 
 * `HTTP_MAX_HEADER_LENGTH` - limits the number of bytes allowed for a single header (pre-allocated memory per connection + security). Defaults to 8Kb per header line (normal).
@@ -431,6 +507,8 @@ Iodine is written in C and allows some compile-time customizations, such as:
 
 * `FIO_LOG_LENGTH_LIMIT` - sets the limit on iodine's logging messages (uses stack memory, so limits must be reasonable. Defaults to 2048.
 
+* `FIO_TLS_PRINT_SECRET` - if true, the OpenSSL master key will be printed as debug message level log. Use only for testing (with WireShark etc'), never in production! Default: false.
+
 These options can be used, for example, like so:
 
 ```bash
@@ -467,14 +545,14 @@ def run_server
 end
 ```
 
-In pure Ruby (without using C extensions or Java), it's possible to do the same by using `select`... and although `select` has some issues, it works well for lighter loads.
+In pure Ruby (without using C extensions or Java), it's possible to do the same by using `select`... and although `select` has some issues, it could work well for lighter loads.
 
 The server events are fairly fast and fragmented (longer code is fragmented across multiple events), so one thread is enough to run the server including it's static file service and everything... 
 
 ...but single threaded mode should probably be avoided.
 
 
-It's very common that the application's code will run slower and require external resources (i.e., databases, a custom pub/sub service, etc'). This slow code could "starve" the server, which is patiently waiting to run it's tasks on the same thread.
+It's very common that the application's code will run slower and require external resources (i.e., databases, a custom pub/sub service, etc'). This slow code could "starve" the server, which is patiently waiting to run it's short tasks on the same thread.
 
 The thread pool is there to help slow user code.
 
@@ -505,6 +583,8 @@ Iodine allows custom TCP/IP server authoring, for those cases where we need raw
 Here's a short and sweet echo server - No HTTP, just use `telnet`:
 
 ```ruby
+USE_TLS = false
+
 require 'iodine'
 
 # an echo protocol with asynchronous notifications.
@@ -526,8 +606,10 @@ class EchoProtocol
   end
 end
 
+tls = USE_TLS ? Iodine::TLS.new("localhost") : nil
+
 # listen on port 3000 for the echo protocol.
-Iodine.listen(port: "3000") { EchoProtocol.new }
+Iodine.listen(port: "3000", tls: tls) { EchoProtocol.new }
 Iodine.threads = 1
 Iodine.workers = 1
 Iodine.start
@@ -603,13 +685,11 @@ Iodine.start
 
 ### Why not EventMachine?
 
-You can go ahead and use EventMachine if you like. They're doing amazing work on that one and it's been used a lot in Ruby-land... really, tons of good developers and people on that project.
-
-EventMachine also offers some really great optimization features and it was vastly improved upon in the last few years (When I started Iodine, it was far more annoying to work with).
+EventMachine attempts to give the developer access to the network layer while Iodine attempts to abstract the network layer away and offer the developer a distraction free platform.
 
-But there's a distinct approach difference for me. EventMachine attempts to give the developer access to the network layer while Iodine attempts to abstract the network layer away.
+You can go ahead and use EventMachine if you like. They're doing amazing work on that one and it's been used a lot in Ruby-land... really, tons of good developers and people on that project.
 
-Besides, you're here - why not take iodine out for a spin and see for yourself?
+But why not take iodine out for a spin and see for yourself?
 
 ## Can I contribute?
 

data/examples/tcp_client.rb

@@ -0,0 +1,66 @@
+#! ruby
+
+# A raw TCP/IP client example using iodine.
+#
+# The client will connect to a remote server and send a simple HTTP/1.1 GET request.
+#
+# Once some data was recieved, a delayed closure and shutdown signal will be sent to iodine.
+
+# use a secure connection?
+USE_TLS = true
+
+# remote server details
+$port = USE_TLS ? 443 : 80
+$address = "google.com"
+
+
+# require iodine
+require 'iodine'
+
+# Iodine runtime settings
+Iodine.threads = 1
+Iodine.workers = 1
+Iodine.verbosity = 3 # warnings only
+
+
+# a client callback handler
+module Client
+
+  def self.on_open(client)
+    # Set a connection timeout
+    client.timeout = 10
+    # subscribe to the chat channel.
+    puts "* Sending request..."
+    client.write "GET / HTTP/1.1\r\nHost: #{$address}\r\n\r\n"
+  end
+
+  def self.on_message(client, data)
+    # publish the data we received
+    STDOUT.write data
+    # close the client after a second... we're not really parsing anything, so it's a guess.
+    Iodine.run_after(1000) { client.close }
+  end
+
+  def self.on_close(client)
+    # stop iodine
+    Iodine.stop
+    puts "Done."
+  end
+
+  # returns the callback object (self).
+  def self.call
+    self
+  end
+end
+
+
+
+if(USE_TLS)
+  tls = Iodine::TLS.new
+  tls.on_protocol("http/1.1") { Client }
+end
+# we use can both the `handler` keyword or a block, anything that answers #call.
+Iodine.connect(address: $address, port: $port, handler: Client, tls: tls)
+
+# start the iodine reactor
+Iodine.start

data/examples/x-sendfile.ru

@@ -0,0 +1,14 @@
+app = proc do |env|
+  request = Rack::Request.new(env)
+  if request.path_info == '/source'.freeze
+    [200, { 'X-Sendfile' => File.expand_path(__FILE__), 'Content-Type' => 'text/plain'}, []]
+  elsif request.path_info == '/file'.freeze
+    [200, { 'X-Header' => 'This was a Rack::Sendfile response sent as text.' }, File.open(__FILE__)]
+  else
+    [200, { 'Content-Type' => 'text/html',
+            'Content-Length' => request.path_info.length.to_s },
+     [request.path_info]]
+ end
+end
+
+run app

data/exe/iodine

@@ -20,7 +20,7 @@ module Iodine
 
       def self.get_app_opts
         app, opt = nil, nil
-        filename = Iodine::DEFAULT_HTTP_ARGS[:filename_]
+        filename = Iodine::DEFAULT_SETTINGS[:filename_]
         if filename
           app, opt = try_file filename
           app, opt = try_file "#{filename}.ru" unless opt
@@ -34,7 +34,7 @@ module Iodine
 
         unless opt
           puts "WARNING: Ruby application not found#{ filename ? " - missing both #{filename} and config.ru" : " - missing config.ru"}."
-          if Iodine::DEFAULT_HTTP_ARGS[:public]
+          if Iodine::DEFAULT_SETTINGS[:public]
             puts "         Running only static file service."
             opt = ::Rack::Server::Options.new.parse!([])
           else
@@ -67,7 +67,7 @@ module Iodine
 
       def self.call
         app, opt = get_app_opts
-        perform_warmup if Iodine::DEFAULT_HTTP_ARGS[:warmup_]
+        perform_warmup if Iodine::DEFAULT_SETTINGS[:warmup_]
         Iodine::Rack.run(app, opt)
       end
     end

data/ext/iodine/extconf.rb

@@ -29,6 +29,27 @@ else
   puts 'using an unknown (old?) compiler... who knows if this will work out... we hope.'
 end
 
+
+# Test for OpenSSL version equal to 1.0.0 or greater.
+unless ENV['NO_SSL']
+  begin
+    require 'openssl'
+  rescue LoadError
+  else
+    if have_library('crypto') && have_library('ssl')
+      puts "Detected OpenSSL library, testing for version."
+      if try_compile("\#include <openssl/ssl.h>\r\#if OPENSSL_VERSION_NUMBER < 0x10100000L\r\#error \"OpenSSL version too small\"\r\#endif\rint main(void) { SSL_library_init(); }")
+      # if ((OpenSSL::OPENSSL_VERSION_NUMBER >> 24) > 16) || (((OpenSSL::OPENSSL_VERSION_NUMBER >> 24) == 16) && (((OpenSSL::OPENSSL_VERSION_NUMBER >> 16) & 255) >= 16))
+        $defs << "-DHAVE_OPENSSL"
+        puts "Confirmed OpenSSL to be version 1.1.0 or above (#{OpenSSL::OPENSSL_LIBRARY_VERSION})...\n* Compiling with HAVE_OPENSSL."
+      else
+        puts "FAILED: OpenSSL version not supported (#{OpenSSL::OPENSSL_LIBRARY_VERSION} is too old)."
+      end
+    end
+  end
+end
+# $defs << "-DFIO_USE_RISKY_HASH"
+
 RbConfig::MAKEFILE_CONFIG['CFLAGS'] = $CFLAGS = "-std=c11 -DFIO_PRINT_STATE=0 #{$CFLAGS} #{$CFLAGS == ENV['CFLAGS'] ? "" : ENV['CFLAGS']}"
 RbConfig::MAKEFILE_CONFIG['CC'] = $CC = ENV['CC'] if ENV['CC']
 RbConfig::MAKEFILE_CONFIG['CPP'] = $CPP = ENV['CPP'] if ENV['CPP']

data/ext/iodine/fio.c

@@ -1,5 +1,5 @@
 /* *****************************************************************************
-Copyright: Boaz Segev, 2018
+Copyright: Boaz Segev, 2018-2019
 License: MIT
 
 Feel free to copy, use and enjoy according to the license provided.
@@ -80,6 +80,10 @@ Feel free to copy, use and enjoy according to the license provided.
 #define __thread _Thread_value
 #endif
 
+#ifndef FIO_TLS_WEAK
+#define FIO_TLS_WEAK __attribute__((weak))
+#endif
+
 /* *****************************************************************************
 Event deferring (declarations)
 ***************************************************************************** */
@@ -447,6 +451,47 @@ fio_str_info_s fio_peer_addr(intptr_t uuid) {
                           .capa = 0};
 }
 
+/**
+ * Writes the local machine address (qualified host name) to the buffer.
+ *
+ * Returns the amount of data written (excluding the NUL byte).
+ *
+ * `limit` is the maximum number of bytes in the buffer, including the NUL byte.
+ *
+ * If the returned value == limit - 1, the result might have been truncated.
+ *
+ * If 0 is returned, an erro might have occured (see `errno`) and the contents
+ * of `dest` is undefined.
+ */
+size_t fio_local_addr(char *dest, size_t limit) {
+  if (gethostname(dest, limit))
+    return 0;
+
+  struct addrinfo hints, *info;
+  memset(&hints, 0, sizeof hints);
+  hints.ai_family = AF_UNSPEC;     // don't care IPv4 or IPv6
+  hints.ai_socktype = SOCK_STREAM; // TCP stream sockets
+  hints.ai_flags = AI_CANONNAME;   // get cannonical name
+
+  if (getaddrinfo(dest, "http", &hints, &info) != 0)
+    return 0;
+
+  for (struct addrinfo *pos = info; pos; pos = pos->ai_next) {
+    if (pos->ai_canonname) {
+      size_t len = strlen(pos->ai_canonname);
+      if (len >= limit)
+        len = limit - 1;
+      memcpy(dest, pos->ai_canonname, len);
+      dest[len] = 0;
+      freeaddrinfo(info);
+      return len;
+    }
+  }
+
+  freeaddrinfo(info);
+  return 0;
+}
+
 /* *****************************************************************************
 UUID attachments (linking objects to the UUID's lifetime)
 ***************************************************************************** */
@@ -1792,10 +1837,11 @@ static size_t fio_poll(void) {
       // left in the buffer... not that the edge case matters.
       if (events[i].flags & (EV_EOF | EV_ERROR)) {
         // errors are hendled as disconnections (on_close)
-        // fprintf(stderr, "%p: %s\n", events[i].udata,
-        //         (events[i].flags & EV_EOF)
-        //             ? "EV_EOF"
-        //             : (events[i].flags & EV_ERROR) ? "EV_ERROR" : "WTF?");
+        // FIO_LOG_DEBUG("%p: %s\n", events[i].udata,
+        //               (events[i].flags & EV_EOF)
+        //                   ? "EV_EOF"
+        //                   : (events[i].flags & EV_ERROR) ? "EV_ERROR" :
+        //                   "WTF?");
         // uuid_data(events[i].udata).open = 0;
         fio_force_close_in_poll(fd2uuid(events[i].udata));
       }
@@ -2021,7 +2067,6 @@ static void mock_ping(intptr_t uuid, fio_protocol_s *protocol) {
 }
 static void mock_ping2(intptr_t uuid, fio_protocol_s *protocol) {
   (void)protocol;
-
   touchfd(fio_uuid2fd(uuid));
   if (uuid_data(uuid).timeout == 255)
     return;
@@ -2172,6 +2217,8 @@ Forcing / Suspending IO events
 ***************************************************************************** */
 
 void fio_force_event(intptr_t uuid, enum fio_io_event ev) {
+  if (!uuid_is_valid(uuid))
+    return;
   switch (ev) {
   case FIO_EVENT_ON_DATA:
     fio_trylock(&uuid_data(uuid).scheduled);
@@ -2816,6 +2863,7 @@ void fio_force_close(intptr_t uuid) {
     errno = EBADF;
     return;
   }
+  // FIO_LOG_DEBUG("fio_force_close called for uuid %p", (void *)uuid);
   /* make sure the close marker is set */
   if (!uuid_data(uuid).close)
     uuid_data(uuid).close = 1;
@@ -3099,6 +3147,8 @@ static int fio_attach__internal(void *uuid_, void *protocol_) {
     }
     prt_meta(protocol) = (protocol_metadata_s){.rsv = 0};
   }
+  if (!uuid_is_valid(uuid))
+    goto invalid_uuid_unlocked;
   fio_lock(&uuid_data(uuid).protocol_lock);
   if (!uuid_is_valid(uuid)) {
     goto invalid_uuid;
@@ -3125,6 +3175,8 @@ static int fio_attach__internal(void *uuid_, void *protocol_) {
 
 invalid_uuid:
   fio_unlock(&uuid_data(uuid).protocol_lock);
+invalid_uuid_unlocked:
+  // FIO_LOG_DEBUG("fio_attach failed for invalid uuid %p", (void *)uuid);
   if (protocol)
     fio_defer_push_task(deferred_on_close, (void *)uuid, protocol);
   if (uuid == -1)
@@ -3491,6 +3543,7 @@ static void __attribute__((constructor)) fio_lib_init(void) {
 #endif
   fio_data->parent = getpid();
   fio_data->connection_count = 0;
+  fio_mark_time();
 
   for (ssize_t i = 0; i < capa; ++i) {
     fio_clear_fd(i, 0);
@@ -4211,6 +4264,100 @@ Section Start Marker
 
 
 
+                       SSL/TLS Weak Symbols for TLS Support
+
+
+
+
+
+
+
+
+***************************************************************************** */
+
+/**
+ * Returns the number of registered ALPN protocol names.
+ *
+ * This could be used when deciding if protocol selection should be delegated to
+ * the ALPN mechanism, or whether a protocol should be immediately assigned.
+ *
+ * If no ALPN protocols are registered, zero (0) is returned.
+ */
+uintptr_t FIO_TLS_WEAK fio_tls_alpn_count(void *tls) {
+  return 0;
+  (void)tls;
+}
+
+/**
+ * Establishes an SSL/TLS connection as an SSL/TLS Server, using the specified
+ * context / settings object.
+ *
+ * The `uuid` should be a socket UUID that is already connected to a peer (i.e.,
+ * the result of `fio_accept`).
+ *
+ * The `udata` is an opaque user data pointer that is passed along to the
+ * protocol selected (if any protocols were added using `fio_tls_alpn_add`).
+ */
+void FIO_TLS_WEAK fio_tls_accept(intptr_t uuid, void *tls, void *udata) {
+  FIO_LOG_FATAL("No supported SSL/TLS library available.");
+  exit(-1);
+  return;
+  (void)uuid;
+  (void)tls;
+  (void)udata;
+}
+
+/**
+ * Establishes an SSL/TLS connection as an SSL/TLS Client, using the specified
+ * context / settings object.
+ *
+ * The `uuid` should be a socket UUID that is already connected to a peer (i.e.,
+ * one received by a `fio_connect` specified callback `on_connect`).
+ *
+ * The `udata` is an opaque user data pointer that is passed along to the
+ * protocol selected (if any protocols were added using `fio_tls_alpn_add`).
+ */
+void FIO_TLS_WEAK fio_tls_connect(intptr_t uuid, void *tls, void *udata) {
+  FIO_LOG_FATAL("No supported SSL/TLS library available.");
+  exit(-1);
+  return;
+  (void)uuid;
+  (void)tls;
+  (void)udata;
+}
+
+/**
+ * Increase the reference count for the TLS object.
+ *
+ * Decrease with `fio_tls_destroy`.
+ */
+void FIO_TLS_WEAK fio_tls_dup(void *tls) {
+  FIO_LOG_FATAL("No supported SSL/TLS library available.");
+  exit(-1);
+  return;
+  (void)tls;
+}
+
+/**
+ * Destroys the SSL/TLS context / settings object and frees any related
+ * resources / memory.
+ */
+void FIO_TLS_WEAK fio_tls_destroy(void *tls) {
+  FIO_LOG_FATAL("No supported SSL/TLS library available.");
+  exit(-1);
+  return;
+  (void)tls;
+}
+
+/* *****************************************************************************
+Section Start Marker
+
+
+
+
+
+
+
 
 
 
@@ -4253,10 +4400,13 @@ typedef struct {
   char *addr;
   size_t port_len;
   size_t addr_len;
+  void *tls;
 } fio_listen_protocol_s;
 
 static void fio_listen_cleanup_task(void *pr_) {
   fio_listen_protocol_s *pr = pr_;
+  if (pr->tls)
+    fio_tls_destroy(pr->tls);
   if (pr->on_finish) {
     pr->on_finish(pr->uuid, pr->udata);
   }
@@ -4297,6 +4447,27 @@ static void fio_listen_on_data(intptr_t uuid, fio_protocol_s *pr_) {
   }
 }
 
+static void fio_listen_on_data_tls(intptr_t uuid, fio_protocol_s *pr_) {
+  fio_listen_protocol_s *pr = (fio_listen_protocol_s *)pr_;
+  for (int i = 0; i < 4; ++i) {
+    intptr_t client = fio_accept(uuid);
+    if (client == -1)
+      return;
+    fio_tls_accept(client, pr->tls, pr->udata);
+    pr->on_open(client, pr->udata);
+  }
+}
+
+static void fio_listen_on_data_tls_alpn(intptr_t uuid, fio_protocol_s *pr_) {
+  fio_listen_protocol_s *pr = (fio_listen_protocol_s *)pr_;
+  for (int i = 0; i < 4; ++i) {
+    intptr_t client = fio_accept(uuid);
+    if (client == -1)
+      return;
+    fio_tls_accept(client, pr->tls, pr->udata);
+  }
+}
+
 /* stub for editor - unused */
 void fio_listen____(void);
 /**
@@ -4306,7 +4477,8 @@ void fio_listen____(void);
  */
 intptr_t fio_listen FIO_IGNORE_MACRO(struct fio_listen_args args) {
   // ...
-  if (!args.on_open || (!args.address && !args.port)) {
+  if ((!args.on_open && (!args.tls || !fio_tls_alpn_count(args.tls))) ||
+      (!args.address && !args.port)) {
     errno = EINVAL;
     goto error;
   }
@@ -4315,8 +4487,19 @@ intptr_t fio_listen FIO_IGNORE_MACRO(struct fio_listen_args args) {
   size_t port_len = 0;
   if (args.address)
     addr_len = strlen(args.address);
-  if (args.port)
+  if (args.port) {
     port_len = strlen(args.port);
+    char *tmp = (char *)args.port;
+    if (!fio_atol(&tmp)) {
+      port_len = 0;
+      args.port = NULL;
+    }
+    if (*tmp) {
+      /* port format was invalid, should be only numerals */
+      errno = EINVAL;
+      goto error;
+    }
+  }
   const intptr_t uuid = fio_socket(args.address, args.port, 1);
   if (uuid == -1)
     goto error;
@@ -4324,18 +4507,26 @@ intptr_t fio_listen FIO_IGNORE_MACRO(struct fio_listen_args args) {
   fio_listen_protocol_s *pr = malloc(sizeof(*pr) + addr_len + port_len +
                                      ((addr_len + port_len) ? 2 : 0));
   FIO_ASSERT_ALLOC(pr);
+
+  if (args.tls)
+    fio_tls_dup(args.tls);
+
   *pr = (fio_listen_protocol_s){
       .pr =
           {
               .on_close = fio_listen_on_close,
               .ping = mock_ping_eternal,
-              .on_data = fio_listen_on_data,
+              .on_data = (args.tls ? (fio_tls_alpn_count(args.tls)
+                                          ? fio_listen_on_data_tls_alpn
+                                          : fio_listen_on_data_tls)
+                                   : fio_listen_on_data),
           },
       .uuid = uuid,
       .udata = args.udata,
       .on_open = args.on_open,
       .on_start = args.on_start,
       .on_finish = args.on_finish,
+      .tls = args.tls,
       .addr_len = addr_len,
       .port_len = port_len,
       .addr = (char *)(pr + 1),
@@ -4411,6 +4602,7 @@ typedef struct {
   fio_protocol_s pr;
   intptr_t uuid;
   void *udata;
+  void *tls;
   void (*on_connect)(intptr_t uuid, void *udata);
   void (*on_fail)(intptr_t uuid, void *udata);
 } fio_connect_protocol_s;
@@ -4419,12 +4611,16 @@ static void fio_connect_on_close(intptr_t uuid, fio_protocol_s *pr_) {
   fio_connect_protocol_s *pr = (fio_connect_protocol_s *)pr_;
   if (pr->on_fail)
     pr->on_fail(uuid, pr->udata);
+  if (pr->tls)
+    fio_tls_destroy(pr->tls);
   fio_free(pr);
   (void)uuid;
 }
 
 static void fio_connect_on_ready(intptr_t uuid, fio_protocol_s *pr_) {
   fio_connect_protocol_s *pr = (fio_connect_protocol_s *)pr_;
+  if (pr->pr.on_ready == mock_on_ev)
+    return; /* Don't call on_connect more than once */
   pr->pr.on_ready = mock_on_ev;
   pr->on_fail = NULL;
   pr->on_connect(uuid, pr->udata);
@@ -4432,8 +4628,35 @@ static void fio_connect_on_ready(intptr_t uuid, fio_protocol_s *pr_) {
   (void)uuid;
 }
 
+static void fio_connect_on_ready_tls(intptr_t uuid, fio_protocol_s *pr_) {
+  fio_connect_protocol_s *pr = (fio_connect_protocol_s *)pr_;
+  if (pr->pr.on_ready == mock_on_ev)
+    return; /* Don't call on_connect more than once */
+  pr->pr.on_ready = mock_on_ev;
+  pr->on_fail = NULL;
+  fio_tls_connect(uuid, pr->tls, pr->udata);
+  pr->on_connect(uuid, pr->udata);
+  fio_poll_add(fio_uuid2fd(uuid));
+  (void)uuid;
+}
+
+static void fio_connect_on_ready_tls_alpn(intptr_t uuid, fio_protocol_s *pr_) {
+  fio_connect_protocol_s *pr = (fio_connect_protocol_s *)pr_;
+  if (pr->pr.on_ready == mock_on_ev)
+    return; /* Don't call on_connect more than once */
+  pr->pr.on_ready = mock_on_ev;
+  pr->on_fail = NULL;
+  fio_tls_connect(uuid, pr->tls, pr->udata);
+  fio_poll_add(fio_uuid2fd(uuid));
+  (void)uuid;
+}
+
+/* stub for sublime text function navigation */
+intptr_t fio_connect___(struct fio_connect_args args);
+
 intptr_t fio_connect FIO_IGNORE_MACRO(struct fio_connect_args args) {
-  if (!args.on_connect || (!args.address && !args.port)) {
+  if ((!args.on_connect && (!args.tls || !fio_tls_alpn_count(args.tls))) ||
+      (!args.address && !args.port)) {
     errno = EINVAL;
     goto error;
   }
@@ -4444,13 +4667,21 @@ intptr_t fio_connect FIO_IGNORE_MACRO(struct fio_connect_args args) {
 
   fio_connect_protocol_s *pr = fio_malloc(sizeof(*pr));
   FIO_ASSERT_ALLOC(pr);
+
+  if (args.tls)
+    fio_tls_dup(args.tls);
+
   *pr = (fio_connect_protocol_s){
       .pr =
           {
-              .on_ready = fio_connect_on_ready,
+              .on_ready = (args.tls ? (fio_tls_alpn_count(args.tls)
+                                           ? fio_connect_on_ready_tls_alpn
+                                           : fio_connect_on_ready_tls)
+                                    : fio_connect_on_ready),
               .on_close = fio_connect_on_close,
           },
       .uuid = uuid,
+      .tls = args.tls,
       .udata = args.udata,
       .on_connect = args.on_connect,
       .on_fail = args.on_fail,
@@ -4463,6 +4694,253 @@ error:
   return -1;
 }
 
+/* *****************************************************************************
+URL address parsing
+***************************************************************************** */
+
+/**
+ * Parses the URI returning it's components and their lengths (no decoding
+ * performed, doesn't accept decoded URIs).
+ *
+ * The returned string are NOT NUL terminated, they are merely locations within
+ * the original string.
+ *
+ * This function expects any of the following formats:
+ *
+ * * `/complete_path?query#target`
+ *
+ *   i.e.: /index.html?page=1#list
+ *
+ * * `host:port/complete_path?query#target`
+ *
+ *   i.e.:
+ *      example.com/index.html
+ *      example.com:8080/index.html
+ *
+ * * `schema://user:password@host:port/path?query#target`
+ *
+ *   i.e.: http://example.com/index.html?page=1#list
+ *
+ * Invalid formats might produce unexpected results. No error testing performed.
+ */
+fio_url_s fio_url_parse(const char *url, size_t length) {
+  /*
+  Intention:
+  [schema://][user[:]][password[@]][host.com[:/]][:port/][/path][?quary][#target]
+  */
+  const char *end = url + length;
+  const char *pos = url;
+  fio_url_s r = {.scheme = {.data = (char *)url}};
+  if (length == 0) {
+    goto finish;
+  }
+
+  if (pos[0] == '/') {
+    /* start at path */
+    goto start_path;
+  }
+
+  while (pos < end && pos[0] != ':' && pos[0] != '/' && pos[0] != '@' &&
+         pos[0] != '#' && pos[0] != '?')
+    ++pos;
+
+  if (pos == end) {
+    /* was only host (path starts with '/') */
+    r.host = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+    goto finish;
+  }
+  switch (pos[0]) {
+  case '@':
+    /* username@[host] */
+    r.user = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+    ++pos;
+    goto start_host;
+  case '/':
+    /* host[/path] */
+    r.host = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+    goto start_path;
+  case '?':
+    /* host?[query] */
+    r.host = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+    ++pos;
+    goto start_query;
+  case '#':
+    /* host#[target] */
+    r.host = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+    ++pos;
+    goto start_target;
+  case ':':
+    if (pos + 2 <= end && pos[1] == '/' && pos[2] == '/') {
+      /* scheme:// */
+      r.scheme.len = pos - url;
+      pos += 3;
+    } else {
+      /* username:[password] OR */
+      /* host:[port] */
+      r.user = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+      ++pos;
+      goto start_password;
+    }
+    break;
+  }
+
+  // start_username:
+  url = pos;
+  while (pos < end && pos[0] != ':' && pos[0] != '/' && pos[0] != '@'
+         /* && pos[0] != '#' && pos[0] != '?' */)
+    ++pos;
+
+  if (pos >= end) { /* scheme://host */
+    r.host = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+    goto finish;
+  }
+
+  switch (pos[0]) {
+  case '/':
+    /* scheme://host[/path] */
+    r.host = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+    goto start_path;
+  case '@':
+    /* scheme://username@[host]... */
+    r.user = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+    ++pos;
+    goto start_host;
+  case ':':
+    /* scheme://username:[password]@[host]... OR */
+    /* scheme://host:[port][/...] */
+    r.user = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+    ++pos;
+    break;
+  }
+
+start_password:
+  url = pos;
+  while (pos < end && pos[0] != '/' && pos[0] != '@')
+    ++pos;
+
+  if (pos >= end) {
+    /* was host:port */
+    r.port = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+    r.host = r.user;
+    r.user.len = 0;
+    goto finish;
+    ;
+  }
+
+  switch (pos[0]) {
+  case '/':
+    r.port = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+    r.host = r.user;
+    r.user.len = 0;
+    goto start_path;
+  case '@':
+    r.password = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+    ++pos;
+    break;
+  }
+
+start_host:
+  url = pos;
+  while (pos < end && pos[0] != '/' && pos[0] != ':' && pos[0] != '#' &&
+         pos[0] != '?')
+    ++pos;
+
+  r.host = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+  if (pos >= end) {
+    goto finish;
+  }
+  switch (pos[0]) {
+  case '/':
+    /* scheme://[...@]host[/path] */
+    goto start_path;
+  case '?':
+    /* scheme://[...@]host?[query] (bad)*/
+    ++pos;
+    goto start_query;
+  case '#':
+    /* scheme://[...@]host#[target] (bad)*/
+    ++pos;
+    goto start_target;
+    // case ':':
+    /* scheme://[...@]host:[port] */
+  }
+  ++pos;
+
+  // start_port:
+  url = pos;
+  while (pos < end && pos[0] != '/' && pos[0] != '#' && pos[0] != '?')
+    ++pos;
+
+  r.port = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+
+  if (pos >= end) {
+    /* scheme://[...@]host:port */
+    goto finish;
+  }
+  switch (pos[0]) {
+  case '?':
+    /* scheme://[...@]host:port?[query] (bad)*/
+    ++pos;
+    goto start_query;
+  case '#':
+    /* scheme://[...@]host:port#[target] (bad)*/
+    ++pos;
+    goto start_target;
+    // case '/':
+    /* scheme://[...@]host:port[/path] */
+  }
+
+start_path:
+  url = pos;
+  while (pos < end && pos[0] != '#' && pos[0] != '?')
+    ++pos;
+
+  r.path = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+
+  if (pos >= end) {
+    goto finish;
+  }
+  ++pos;
+  if (pos[-1] == '#')
+    goto start_target;
+
+start_query:
+  url = pos;
+  while (pos < end && pos[0] != '#')
+    ++pos;
+
+  r.query = (fio_str_info_s){.data = (char *)url, .len = pos - url};
+  ++pos;
+
+  if (pos >= end)
+    goto finish;
+
+start_target:
+  r.target = (fio_str_info_s){.data = (char *)pos, .len = end - pos};
+
+finish:
+
+  /* set any empty values to NULL */
+  if (!r.scheme.len)
+    r.scheme.data = NULL;
+  if (!r.user.len)
+    r.user.data = NULL;
+  if (!r.password.len)
+    r.password.data = NULL;
+  if (!r.host.len)
+    r.host.data = NULL;
+  if (!r.port.len)
+    r.port.data = NULL;
+  if (!r.path.len)
+    r.path.data = NULL;
+  if (!r.query.len)
+    r.query.data = NULL;
+  if (!r.target.len)
+    r.target.data = NULL;
+
+  return r;
+}
+
 /* *****************************************************************************
 Section Start Marker
 
@@ -4894,7 +5372,8 @@ static channel_s *fio_channel_dup_lock(fio_str_info_s name) {
       .parent = &fio_postoffice.pubsub,
       .ref = 8, /* avoid freeing stack memory */
   };
-  uint64_t hashed_name = fio_siphash(name.data, name.len);
+  uint64_t hashed_name = FIO_HASH_FN(
+      name.data, name.len, &fio_postoffice.pubsub, &fio_postoffice.pubsub);
   channel_s *ch_p =
       fio_filter_dup_lock_internal(&ch, hashed_name, &fio_postoffice.pubsub);
   if (fio_ls_embd_is_empty(&ch_p->subscriptions)) {
@@ -4913,7 +5392,8 @@ static channel_s *fio_channel_match_dup_lock(fio_str_info_s name,
       .match = match,
       .ref = 8, /* avoid freeing stack memory */
   };
-  uint64_t hashed_name = fio_siphash(name.data, name.len);
+  uint64_t hashed_name = FIO_HASH_FN(
+      name.data, name.len, &fio_postoffice.pubsub, &fio_postoffice.pubsub);
   channel_s *ch_p =
       fio_filter_dup_lock_internal(&ch, hashed_name, &fio_postoffice.patterns);
   if (fio_ls_embd_is_empty(&ch_p->subscriptions)) {
@@ -4980,7 +5460,8 @@ void fio_unsubscribe(subscription_s *s) {
   /* check if channel is done for */
   if (fio_ls_embd_is_empty(&ch->subscriptions)) {
     fio_collection_s *c = ch->parent;
-    uint64_t hashed = fio_siphash(ch->name, ch->name_len);
+    uint64_t hashed = FIO_HASH_FN(
+        ch->name, ch->name_len, &fio_postoffice.pubsub, &fio_postoffice.pubsub);
     /* lock collection */
     fio_lock(&c->lock);
     /* test again within lock */
@@ -5179,7 +5660,8 @@ static channel_s *fio_filter_find_dup(uint32_t filter) {
 /** Finds a pubsub channel, increasing it's reference count if it exists. */
 static channel_s *fio_channel_find_dup(fio_str_info_s name) {
   channel_s tmp = {.name = name.data, .name_len = name.len};
-  uint64_t hashed_name = fio_siphash(name.data, name.len);
+  uint64_t hashed_name = FIO_HASH_FN(
+      name.data, name.len, &fio_postoffice.pubsub, &fio_postoffice.pubsub);
   channel_s *ch =
       fio_channel_find_dup_internal(&tmp, hashed_name, &fio_postoffice.pubsub);
   return ch;
@@ -5645,7 +6127,11 @@ static void fio_cluster_server_handler(struct cluster_pr_s *pr) {
     fio_str_s tmp = FIO_STR_INIT_EXISTING(
         pr->msg->channel.data, pr->msg->channel.len, 0); // don't free
     fio_lock(&pr->lock);
-    fio_sub_hash_insert(&pr->pubsub, fio_str_hash(&tmp), tmp, s, NULL);
+    fio_sub_hash_insert(&pr->pubsub,
+                        FIO_HASH_FN(pr->msg->channel.data, pr->msg->channel.len,
+                                    &fio_postoffice.pubsub,
+                                    &fio_postoffice.pubsub),
+                        tmp, s, NULL);
     fio_unlock(&pr->lock);
     break;
   }
@@ -5653,7 +6139,11 @@ static void fio_cluster_server_handler(struct cluster_pr_s *pr) {
     fio_str_s tmp = FIO_STR_INIT_EXISTING(
         pr->msg->channel.data, pr->msg->channel.len, 0); // don't free
     fio_lock(&pr->lock);
-    fio_sub_hash_remove(&pr->pubsub, fio_str_hash(&tmp), tmp, NULL);
+    fio_sub_hash_remove(&pr->pubsub,
+                        FIO_HASH_FN(pr->msg->channel.data, pr->msg->channel.len,
+                                    &fio_postoffice.pubsub,
+                                    &fio_postoffice.pubsub),
+                        tmp, NULL);
     fio_unlock(&pr->lock);
     break;
   }
@@ -5666,7 +6156,11 @@ static void fio_cluster_server_handler(struct cluster_pr_s *pr) {
     fio_str_s tmp = FIO_STR_INIT_EXISTING(
         pr->msg->channel.data, pr->msg->channel.len, 0); // don't free
     fio_lock(&pr->lock);
-    fio_sub_hash_insert(&pr->patterns, fio_str_hash(&tmp), tmp, s, NULL);
+    fio_sub_hash_insert(&pr->patterns,
+                        FIO_HASH_FN(pr->msg->channel.data, pr->msg->channel.len,
+                                    &fio_postoffice.pubsub,
+                                    &fio_postoffice.pubsub),
+                        tmp, s, NULL);
     fio_unlock(&pr->lock);
     break;
   }
@@ -5675,7 +6169,11 @@ static void fio_cluster_server_handler(struct cluster_pr_s *pr) {
     fio_str_s tmp = FIO_STR_INIT_EXISTING(
         pr->msg->channel.data, pr->msg->channel.len, 0); // don't free
     fio_lock(&pr->lock);
-    fio_sub_hash_remove(&pr->patterns, fio_str_hash(&tmp), tmp, NULL);
+    fio_sub_hash_remove(&pr->patterns,
+                        FIO_HASH_FN(pr->msg->channel.data, pr->msg->channel.len,
+                                    &fio_postoffice.pubsub,
+                                    &fio_postoffice.pubsub),
+                        tmp, NULL);
     fio_unlock(&pr->lock);
     break;
   }
@@ -7005,23 +7503,6 @@ Section Start Marker
 
 ***************************************************************************** */
 
-/** 32Bit left rotation, inlined. */
-#define fio_lrot32(i, bits)                                                    \
-  (((uint32_t)(i) << (bits)) | ((uint32_t)(i) >> (32 - (bits))))
-/** 32Bit right rotation, inlined. */
-#define fio_rrot32(i, bits)                                                    \
-  (((uint32_t)(i) >> (bits)) | ((uint32_t)(i) << (32 - (bits))))
-/** 64Bit left rotation, inlined. */
-#define fio_lrot64(i, bits)                                                    \
-  (((uint64_t)(i) << (bits)) | ((uint64_t)(i) >> (64 - (bits))))
-/** 64Bit right rotation, inlined. */
-#define fio_rrot64(i, bits)                                                    \
-  (((uint64_t)(i) >> (bits)) | ((uint64_t)(i) << (64 - (bits))))
-/** unknown size element - left rotation, inlined. */
-#define fio_lrot(i, bits) (((i) << (bits)) | ((i) >> (sizeof((i)) - (bits))))
-/** unknown size element - right rotation, inlined. */
-#define fio_rrot(i, bits) (((i) >> (bits)) | ((i) << (sizeof((i)) - (bits))))
-
 /* *****************************************************************************
 SipHash
 ***************************************************************************** */
@@ -7033,13 +7514,13 @@ SipHash
 #endif
 
 static inline uint64_t fio_siphash_xy(const void *data, size_t len, size_t x,
-                                      size_t y) {
+                                      size_t y, uint64_t key1, uint64_t key2) {
   /* initialize the 4 words */
-  uint64_t v0 = (0x0706050403020100ULL ^ 0x736f6d6570736575ULL);
-  uint64_t v1 = (0x0f0e0d0c0b0a0908ULL ^ 0x646f72616e646f6dULL);
-  uint64_t v2 = (0x0706050403020100ULL ^ 0x6c7967656e657261ULL);
-  uint64_t v3 = (0x0f0e0d0c0b0a0908ULL ^ 0x7465646279746573ULL);
-  const uint64_t *w64 = data;
+  uint64_t v0 = (0x0706050403020100ULL ^ 0x736f6d6570736575ULL) ^ key1;
+  uint64_t v1 = (0x0f0e0d0c0b0a0908ULL ^ 0x646f72616e646f6dULL) ^ key2;
+  uint64_t v2 = (0x0706050403020100ULL ^ 0x6c7967656e657261ULL) ^ key1;
+  uint64_t v3 = (0x0f0e0d0c0b0a0908ULL ^ 0x7465646279746573ULL) ^ key2;
+  const uint8_t *w8 = data;
   uint8_t len_mod = len & 255;
   union {
     uint64_t i;
@@ -7061,19 +7542,18 @@ static inline uint64_t fio_siphash_xy(const void *data, size_t len, size_t x,
   } while (0);
 
   while (len >= 8) {
-    word.i = sip_local64(*w64);
+    word.i = sip_local64(fio_str2u64(w8));
     v3 ^= word.i;
     /* Sip Rounds */
     for (size_t i = 0; i < x; ++i) {
       hash_map_SipRound;
     }
     v0 ^= word.i;
-    w64 += 1;
+    w8 += 8;
     len -= 8;
   }
   word.i = 0;
   uint8_t *pos = word.str;
-  uint8_t *w8 = (void *)w64;
   switch (len) { /* fallthrough is intentional */
   case 7:
     pos[6] = w8[6];
@@ -7119,12 +7599,14 @@ static inline uint64_t fio_siphash_xy(const void *data, size_t len, size_t x,
   return v0;
 }
 
-uint64_t fio_siphash24(const void *data, size_t len) {
-  return fio_siphash_xy(data, len, 2, 4);
+uint64_t fio_siphash24(const void *data, size_t len, uint64_t key1,
+                       uint64_t key2) {
+  return fio_siphash_xy(data, len, 2, 4, key1, key2);
 }
 
-uint64_t fio_siphash13(const void *data, size_t len) {
-  return fio_siphash_xy(data, len, 1, 3);
+uint64_t fio_siphash13(const void *data, size_t len, uint64_t key1,
+                       uint64_t key2) {
+  return fio_siphash_xy(data, len, 1, 3, key1, key2);
 }
 
 /* *****************************************************************************
@@ -9122,7 +9604,7 @@ FIO_FUNC void fio_ary_test(void) {
 Set data-structure Testing
 ***************************************************************************** */
 
-#define FIO_SET_TEXT_COUNT 524288UL
+#define FIO_SET_TEST_COUNT 524288UL
 
 #define FIO_SET_NAME fio_set_test
 #define FIO_SET_OBJ_TYPE uintptr_t
@@ -9133,13 +9615,18 @@ Set data-structure Testing
 #define FIO_SET_OBJ_TYPE uintptr_t
 #include <fio.h>
 
+#define FIO_SET_NAME fio_set_attack
+#define FIO_SET_OBJ_COMPARE(a, b) ((a) == (b))
+#define FIO_SET_OBJ_TYPE uintptr_t
+#include <fio.h>
+
 FIO_FUNC void fio_set_test(void) {
   fio_set_test_s s = FIO_SET_INIT;
   fio_hash_test_s h = FIO_SET_INIT;
   fprintf(
       stderr,
       "=== Testing Core ordered Set (re-including fio.h with FIO_SET_NAME)\n");
-  fprintf(stderr, "* Inserting %lu items\n", FIO_SET_TEXT_COUNT);
+  fprintf(stderr, "* Inserting %lu items\n", FIO_SET_TEST_COUNT);
 
   FIO_ASSERT(fio_set_test_count(&s) == 0, "empty set should have zero objects");
   FIO_ASSERT(fio_set_test_capa(&s) == 0, "empty set should have no capacity");
@@ -9152,7 +9639,7 @@ FIO_FUNC void fio_set_test(void) {
   FIO_ASSERT(!fio_hash_test_last(&h).key && !fio_hash_test_last(&h).obj,
              "empty hash shouldn't have a last object");
 
-  for (uintptr_t i = 1; i < FIO_SET_TEXT_COUNT; ++i) {
+  for (uintptr_t i = 1; i < FIO_SET_TEST_COUNT; ++i) {
     fio_set_test_insert(&s, i, i);
     fio_hash_test_insert(&h, i, i, i + 1, NULL);
     FIO_ASSERT(fio_set_test_find(&s, i, i), "set find failed after insert");
@@ -9160,8 +9647,8 @@ FIO_FUNC void fio_set_test(void) {
     FIO_ASSERT(i == fio_set_test_find(&s, i, i), "set insertion != find");
     FIO_ASSERT(i + 1 == fio_hash_test_find(&h, i, i), "hash insertion != find");
   }
-  fprintf(stderr, "* Seeking %lu items\n", FIO_SET_TEXT_COUNT);
-  for (unsigned long i = 1; i < FIO_SET_TEXT_COUNT; ++i) {
+  fprintf(stderr, "* Seeking %lu items\n", FIO_SET_TEST_COUNT);
+  for (unsigned long i = 1; i < FIO_SET_TEST_COUNT; ++i) {
     FIO_ASSERT((i == fio_set_test_find(&s, i, i)),
                "set insertion != find (seek)");
     FIO_ASSERT((i + 1 == fio_hash_test_find(&h, i, i)),
@@ -9169,7 +9656,7 @@ FIO_FUNC void fio_set_test(void) {
   }
   {
     fprintf(stderr, "* Testing order for %lu items in set\n",
-            FIO_SET_TEXT_COUNT);
+            FIO_SET_TEST_COUNT);
     uintptr_t i = 1;
     FIO_SET_FOR_LOOP(&s, pos) {
       FIO_ASSERT(pos->obj == i, "object order mismatch %lu != %lu.",
@@ -9179,7 +9666,7 @@ FIO_FUNC void fio_set_test(void) {
   }
   {
     fprintf(stderr, "* Testing order for %lu items in hash\n",
-            FIO_SET_TEXT_COUNT);
+            FIO_SET_TEST_COUNT);
     uintptr_t i = 1;
     FIO_SET_FOR_LOOP(&h, pos) {
       FIO_ASSERT(pos->obj.obj == i + 1 && pos->obj.key == i,
@@ -9189,8 +9676,8 @@ FIO_FUNC void fio_set_test(void) {
     }
   }
 
-  fprintf(stderr, "* Removing odd items from %lu items\n", FIO_SET_TEXT_COUNT);
-  for (unsigned long i = 1; i < FIO_SET_TEXT_COUNT; i += 2) {
+  fprintf(stderr, "* Removing odd items from %lu items\n", FIO_SET_TEST_COUNT);
+  for (unsigned long i = 1; i < FIO_SET_TEST_COUNT; i += 2) {
     fio_set_test_remove(&s, i, i, NULL);
     fio_hash_test_remove(&h, i, i, NULL);
     FIO_ASSERT(!(fio_set_test_find(&s, i, i)),
@@ -9199,7 +9686,7 @@ FIO_FUNC void fio_set_test(void) {
                "Removal failed in hash (still exists).");
   }
   {
-    fprintf(stderr, "* Testing for %lu / 2 holes\n", FIO_SET_TEXT_COUNT);
+    fprintf(stderr, "* Testing for %lu / 2 holes\n", FIO_SET_TEST_COUNT);
     uintptr_t i = 1;
     FIO_SET_FOR_LOOP(&s, pos) {
       if (pos->hash == 0) {
@@ -9274,11 +9761,11 @@ FIO_FUNC void fio_set_test(void) {
                  "Re-removing a re-added item should update the item!");
     }
   }
-  fprintf(stderr, "* Compacting HashMap to %lu\n", FIO_SET_TEXT_COUNT >> 1);
+  fprintf(stderr, "* Compacting HashMap to %lu\n", FIO_SET_TEST_COUNT >> 1);
   fio_set_test_compact(&s);
   {
     fprintf(stderr, "* Testing that %lu items are continuous\n",
-            FIO_SET_TEXT_COUNT >> 1);
+            FIO_SET_TEST_COUNT >> 1);
     uintptr_t i = 0;
     FIO_SET_FOR_LOOP(&s, pos) {
       FIO_ASSERT(pos->hash != 0, "Found a hole after compact.");
@@ -9292,14 +9779,14 @@ FIO_FUNC void fio_set_test(void) {
   FIO_ASSERT(!s.map && !s.ordered && !s.pos && !s.capa,
              "HashMap not re-initialized after free.");
 
-  fio_set_test_capa_require(&s, FIO_SET_TEXT_COUNT);
+  fio_set_test_capa_require(&s, FIO_SET_TEST_COUNT);
 
   FIO_ASSERT(
-      s.map && s.ordered && !s.pos && s.capa >= FIO_SET_TEXT_COUNT,
+      s.map && s.ordered && !s.pos && s.capa >= FIO_SET_TEST_COUNT,
       "capa_require changes state in a bad way (%p, %p, %zu, %zu ?>= %zu)",
-      (void *)s.map, (void *)s.ordered, s.pos, s.capa, FIO_SET_TEXT_COUNT);
+      (void *)s.map, (void *)s.ordered, s.pos, s.capa, FIO_SET_TEST_COUNT);
 
-  for (unsigned long i = 1; i < FIO_SET_TEXT_COUNT; ++i) {
+  for (unsigned long i = 1; i < FIO_SET_TEST_COUNT; ++i) {
     fio_set_test_insert(&s, i, i);
     FIO_ASSERT(fio_set_test_find(&s, i, i),
                "find failed after insert (2nd round)");
@@ -9309,6 +9796,109 @@ FIO_FUNC void fio_set_test(void) {
                s.count);
   }
   fio_set_test_free(&s);
+  /* full/partial collision attack against set and test response */
+  if (1) {
+    fio_set_attack_s as = FIO_SET_INIT;
+    time_t start_ok = clock();
+    for (uintptr_t i = 0; i < FIO_SET_TEST_COUNT; ++i) {
+      fio_set_attack_insert(&as, i, i + 1);
+      FIO_ASSERT(fio_set_attack_find(&as, i, i + 1) == i + 1,
+                 "set attack verctor failed sanity test (seek != insert)");
+    }
+    time_t end_ok = clock();
+    FIO_ASSERT(fio_set_attack_count(&as) == FIO_SET_TEST_COUNT,
+               "set attack verctor failed sanity test (count error %zu != %zu)",
+               fio_set_attack_count(&as), FIO_SET_TEST_COUNT);
+    fio_set_attack_free(&as);
+
+    /* full collision attack */
+    time_t start_bad = clock();
+    for (uintptr_t i = 0; i < FIO_SET_TEST_COUNT; ++i) {
+      fio_set_attack_insert(&as, 1, i + 1);
+    }
+    time_t end_bad = clock();
+    FIO_ASSERT(fio_set_attack_count(&as) != FIO_SET_TEST_COUNT,
+               "set attack success! too many full-collisions inserts!");
+    FIO_LOG_DEBUG("set full-collision attack final count/capa = %zu / %zu",
+                  fio_set_attack_count(&as), fio_set_attack_capa(&as));
+    FIO_LOG_DEBUG("set full-collision attack timing impact (attack vs. normal) "
+                  "%zu vs. %zu",
+                  end_bad - start_bad, end_ok - start_ok);
+    fio_set_attack_free(&as);
+
+    /* partial collision attack */
+    start_bad = clock();
+    for (uintptr_t i = 0; i < FIO_SET_TEST_COUNT; ++i) {
+      fio_set_attack_insert(&as, ((i << 20) | 1), i + 1);
+    }
+    end_bad = clock();
+    FIO_ASSERT(fio_set_attack_count(&as) == FIO_SET_TEST_COUNT,
+               "partial collision resolusion failed, not enough inserts!");
+    FIO_LOG_DEBUG("set partial collision attack final count/capa = %zu / %zu",
+                  fio_set_attack_count(&as), fio_set_attack_capa(&as));
+    FIO_LOG_DEBUG("set partial collision attack timing impact (attack vs. "
+                  "normal) %zu vs. %zu",
+                  end_bad - start_bad, end_ok - start_ok);
+    fio_set_attack_free(&as);
+  }
+}
+
+/* *****************************************************************************
+Bad Hash (risky hash) tests
+***************************************************************************** */
+
+FIO_FUNC void fio_riskyhash_speed_test(void) {
+  /* test based on code from BearSSL with credit to Thomas Pornin */
+  uint8_t buffer[8192];
+  memset(buffer, 'T', sizeof(buffer));
+  /* warmup */
+  uint64_t hash = 0;
+  for (size_t i = 0; i < 4; i++) {
+    hash += fio_risky_hash(buffer, 8192, 1);
+    memcpy(buffer, &hash, sizeof(hash));
+  }
+  /* loop until test runs for more than 2 seconds */
+  for (uint64_t cycles = 8192;;) {
+    clock_t start, end;
+    start = clock();
+    for (size_t i = cycles; i > 0; i--) {
+      hash += fio_risky_hash(buffer, 8192, 1);
+      __asm__ volatile("" ::: "memory");
+    }
+    end = clock();
+    memcpy(buffer, &hash, sizeof(hash));
+    if ((end - start) >= (2 * CLOCKS_PER_SEC) ||
+        cycles >= ((uint64_t)1 << 62)) {
+      fprintf(stderr, "%-20s %8.2f MB/s\n", "fio_risky_hash",
+              (double)(sizeof(buffer) * cycles) /
+                  (((end - start) * 1000000.0 / CLOCKS_PER_SEC)));
+      break;
+    }
+    cycles <<= 2;
+  }
+}
+
+FIO_FUNC void fio_riskyhash_test(void) {
+  fprintf(stderr, "===================================\n");
+#if NODEBUG
+  fio_riskyhash_speed_test();
+#else
+  fprintf(stderr, "fio_risky_hash speed test skipped (debug mode is slow)\n");
+  fio_str_info_s str1 =
+      (fio_str_info_s){.data = "nothing_is_really_here1", .len = 23};
+  fio_str_info_s str2 =
+      (fio_str_info_s){.data = "nothing_is_really_here2", .len = 23};
+  fio_str_s copy = FIO_STR_INIT;
+  FIO_ASSERT(fio_risky_hash(str1.data, str1.len, 1) !=
+                 fio_risky_hash(str2.data, str2.len, 1),
+             "Different strings should have a different risky hash");
+  fio_str_write(&copy, str1.data, str1.len);
+  FIO_ASSERT(fio_risky_hash(str1.data, str1.len, 1) ==
+                 fio_risky_hash(fio_str_data(&copy), fio_str_len(&copy), 1),
+             "Same string values should have the same risky hash");
+  fio_str_free(&copy);
+  (void)fio_riskyhash_speed_test;
+#endif
 }
 
 /* *****************************************************************************
@@ -9322,7 +9912,7 @@ FIO_FUNC void fio_siphash_speed_test(void) {
   /* warmup */
   uint64_t hash = 0;
   for (size_t i = 0; i < 4; i++) {
-    hash += fio_siphash24(buffer, sizeof(buffer));
+    hash += fio_siphash24(buffer, sizeof(buffer), 0, 0);
     memcpy(buffer, &hash, sizeof(hash));
   }
   /* loop until test runs for more than 2 seconds */
@@ -9330,7 +9920,7 @@ FIO_FUNC void fio_siphash_speed_test(void) {
     clock_t start, end;
     start = clock();
     for (size_t i = cycles; i > 0; i--) {
-      hash += fio_siphash24(buffer, sizeof(buffer));
+      hash += fio_siphash24(buffer, sizeof(buffer), 0, 0);
       __asm__ volatile("" ::: "memory");
     }
     end = clock();
@@ -9349,7 +9939,7 @@ FIO_FUNC void fio_siphash_speed_test(void) {
     clock_t start, end;
     start = clock();
     for (size_t i = cycles; i > 0; i--) {
-      hash += fio_siphash13(buffer, sizeof(buffer));
+      hash += fio_siphash13(buffer, sizeof(buffer), 0, 0);
       __asm__ volatile("" ::: "memory");
     }
     end = clock();
@@ -9374,7 +9964,6 @@ FIO_FUNC void fio_siphash_test(void) {
   (void)fio_siphash_speed_test;
 #endif
 }
-
 /* *****************************************************************************
 SHA-1 tests
 ***************************************************************************** */
@@ -10362,6 +10951,7 @@ void fio_test(void) {
   fio_socket_test();
   fio_uuid_link_test();
   fio_cycle_test();
+  fio_riskyhash_test();
   fio_siphash_test();
   fio_sha1_test();
   fio_sha2_test();