Implement handshake timeout for libtls backend

5 files changed, 41 insertions, 4 deletions

diff --git a/src/stls/deps-lib/stls b/src/stls/deps-lib/stls
index 615ce3b..b7b94ec 100644
--- a/src/stls/deps-lib/stls
+++ b/src/stls/deps-lib/stls
@@ -1,7 +1,9 @@
 stls_drop.o
+stls_handshake.o
 stls_run.o
 stls_client_init_and_handshake.o
 stls_server_init_and_handshake.o
 stls_send_environment.o
 ${CRYPTO_LIB}
 -lskarnet
+${TIMER_LIB}
diff --git a/src/stls/stls-internal.h b/src/stls/stls-internal.h
index afe7a80..ef004ea 100644
--- a/src/stls/stls-internal.h
+++ b/src/stls/stls-internal.h
@@ -3,6 +3,11 @@
 #ifndef STLS_INTERNAL_H
 #define STLS_INTERNAL_H
 
+#include <tls.h>
+
+#include <skalibs/tai.h>
+
 extern void stls_drop (void) ;
+extern void stls_handshake (struct tls *, tain_t const *) ;
 
 #endif
diff --git a/src/stls/stls_client_init_and_handshake.c b/src/stls/stls_client_init_and_handshake.c
index fdea482..7e0bc13 100644
--- a/src/stls/stls_client_init_and_handshake.c
+++ b/src/stls/stls_client_init_and_handshake.c
@@ -12,7 +12,7 @@
 #define diecfg(cfg, s) strerr_diefu3x(96, (s), ": ", tls_config_error(cfg))
 #define diectx(e, ctx, s) strerr_diefu3x(e, (s), ": ", tls_error(ctx))
 
-struct tls *stls_client_init_and_handshake (int const *fds, uint32_t preoptions, char const *servername)
+struct tls *stls_client_init_and_handshake (int const *fds, tain_t const *tto, uint32_t preoptions, char const *servername)
 {
   struct tls *ctx ;
   struct tls_config *cfg ;
@@ -76,6 +76,6 @@ struct tls *stls_client_init_and_handshake (int const *fds, uint32_t preoptions,
   if (tls_connect_fds(ctx, fds[0], fds[1], servername) < 0)
     diectx(97, ctx, "tls_connect_fds") ;
   tls_config_free(cfg) ;
-  if (tls_handshake(ctx) < 0) diectx(97, ctx, "tls_handshake") ;
+  stls_handshake(ctx, tto) ;
   return ctx ;
 }
diff --git a/src/stls/stls_handshake.c b/src/stls/stls_handshake.c
new file mode 100644
index 0000000..989a167
--- /dev/null
+++ b/src/stls/stls_handshake.c
@@ -0,0 +1,30 @@
+/* ISC license. */
+
+#include <signal.h>
+#include <unistd.h>
+
+#include <tls.h>
+
+#include <skalibs/alarm.h>
+#include <skalibs/strerr2.h>
+
+#include "stls-internal.h"
+
+#define diectx(e, ctx, s) strerr_diefu3x(e, (s), ": ", tls_error(ctx))
+
+static void alrm_handler (int sig)
+{
+  strerr_dief1x(98, "handshake timed out") ;
+}
+
+void stls_handshake (struct tls *ctx, tain_t const *tto)
+{
+  struct sigaction saold ;
+  struct sigaction sanew = { .sa_handler = &alrm_handler, .sa_flags = SA_RESTART, .sa_sigaction = 0 } ;
+  sigfillset(&sanew.sa_mask) ;
+  if (sigaction(SIGALRM, &sanew, &saold) < 0) strerr_diefu1sys(111, "sigaction") ;
+  if (!alarm_timeout(tto)) strerr_diefu1sys(111, "set an alarm") ;
+  if (tls_handshake(ctx) < 0) diectx(97, ctx, "tls_handshake") ;
+  alarm_disable() ;
+  sigaction(SIGALRM, &saold, 0) ;
+}
diff --git a/src/stls/stls_server_init_and_handshake.c b/src/stls/stls_server_init_and_handshake.c
index e6869be..4a5b2ff 100644
--- a/src/stls/stls_server_init_and_handshake.c
+++ b/src/stls/stls_server_init_and_handshake.c
@@ -12,7 +12,7 @@
 #define diecfg(cfg, s) strerr_diefu3x(96, (s), ": ", tls_config_error(cfg))
 #define diectx(e, ctx, s) strerr_diefu3x(e, (s), ": ", tls_error(ctx))
 
-struct tls *stls_server_init_and_handshake (int const *fds, uint32_t preoptions)
+struct tls *stls_server_init_and_handshake (int const *fds, tain_t const *tto, uint32_t preoptions)
 {
   struct tls *ctx = 0 ;
   struct tls *sctx ;
@@ -77,6 +77,6 @@ struct tls *stls_server_init_and_handshake (int const *fds, uint32_t preoptions)
   if (tls_accept_fds(sctx, &ctx, fds[0], fds[1]) < 0)
     diectx(97, sctx, "tls_accept_fds") ;
   tls_free(sctx) ;
-  if (tls_handshake(ctx) < 0) diectx(97, ctx, "tls_handshake") ;
+  stls_handshake(ctx, tto) ;
   return ctx ;
 }