Refactor tls code to support ucspi-tls

 That includes:
 - new architecture: the tls binary is now a child of the app
instead of the other way around
 - the sbearssl_run engine now takes a post-handshake callback.
This allows s6-tlsc and s6-tlsd to only exec into the app when
the handshake succeeds (which was already the case with libressl).
 - new binaries s6-tlsc-io and s6-tlsd-io encapsulate the crypto
code; they init and run the engine, connecting to 4 already open
fds (stdin/stdout = network, argv[1] and argv[2] = local)
 - s6-tlsc is now a simple wrapper around s6-tlsc-io
 - s6-tlsd is now a simple wrapper around s6-tlsd-io
 - new binary: s6-ucspitlsd, which is also a wrapper around
s6-tlsd-io, but differently: the parent execs the app which should
be ucspi-tls-aware, the child waits for a command from the parent
and execs into s6-tlsd-io if it receives it.

2 files changed, 23 insertions, 9 deletions

diff --git a/src/include/s6-networking/sbearssl.h b/src/include/s6-networking/sbearssl.h
index ab94d75..9fb8792 100644
--- a/src/include/s6-networking/sbearssl.h
+++ b/src/include/s6-networking/sbearssl.h
@@ -5,7 +5,10 @@
 
 #include <sys/types.h>
 #include <stdint.h>
+
 #include <bearssl.h>
+
+#include <skalibs/gccattributes.h>
 #include <skalibs/buffer.h>
 #include <skalibs/stralloc.h>
 #include <skalibs/genalloc.h>
@@ -202,12 +205,21 @@ extern char const *sbearssl_error_str (int) ;
 
  /* Engine */
 
-extern int sbearssl_run (br_ssl_engine_context *, int *, pid_t, unsigned int, uint32_t, tain_t const *) ;
+typedef struct sbearssl_handshake_cb_context_s sbearssl_handshake_cb_context_t, *sbearssl_handshake_cb_context_t_ref ;
+struct sbearssl_handshake_cb_context_s
+{
+  unsigned int notif ;
+} ;
+
+typedef int sbearssl_handshake_cb_t (br_ssl_engine_context *, sbearssl_handshake_cb_context_t *) ;
+typedef sbearssl_handshake_cb_t *sbearssl_handshake_cb_t_ref ;
+
+extern void sbearssl_run (br_ssl_engine_context *, int *, tain_t const *, uint32_t, unsigned int, sbearssl_handshake_cb_t_ref, sbearssl_handshake_cb_context_t *) gccattr_noreturn ;
 
 
- /* s6-tlsc and s6-tlsd implementations */
+ /* s6-tlsc-io and s6-tlsd-io implementations */
 
-extern int sbearssl_s6tlsc (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int, char const *, int *) ;
-extern int sbearssl_s6tlsd (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int) ;
+extern void sbearssl_client_init_and_run (int *, tain_t const *, uint32_t, uint32_t, unsigned int, char const *, sbearssl_handshake_cb_t_ref, unsigned int) gccattr_noreturn ;
+extern void sbearssl_server_init_and_run (int *, tain_t const *, uint32_t, uint32_t, unsigned int, sbearssl_handshake_cb_t_ref, unsigned int) gccattr_noreturn ;
 
 #endif
diff --git a/src/include/s6-networking/stls.h b/src/include/s6-networking/stls.h
index 963e7a1..76acdd8 100644
--- a/src/include/s6-networking/stls.h
+++ b/src/include/s6-networking/stls.h
@@ -3,9 +3,11 @@
 #ifndef STLS_H
 #define STLS_H
 
-#include <sys/types.h>
 #include <stdint.h>
+
 #include <tls.h>
+
+#include <skalibs/gccattributes.h>
 #include <skalibs/tai.h>
 
 #define STLS_BUFSIZE (16384 + 325 + 1)
@@ -13,12 +15,12 @@
 
  /* Engine */
 
-extern int stls_run (struct tls *, int *, pid_t, unsigned int, uint32_t, tain_t const *) ;
+extern void stls_run (struct tls *, int *, tain_t const *, uint32_t, unsigned int) gccattr_noreturn ;
 
 
- /* s6-tlsc and s6-tlsd implementations */
+ /* s6-tlsc-io and s6-tlsd-io */
 
-extern int stls_s6tlsc (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int, char const *, int *) ;
-extern int stls_s6tlsd (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int) ;
+struct tls *stls_client_init_and_handshake (int const *, uint32_t, char const *) ;
+struct tls *stls_server_init_and_handshake (int const *, uint32_t) ;
 
 #endif