Update TLCP/TLS1.2 state machine

2026-06-19 19:33:38 +08:00 · 2026-06-12 13:39:42 +08:00
parent 6f42fdf31f
commit 473498ad93
6 changed files with 370 additions and 156 deletions
--- a/tools/tlcp_client.c
+++ b/tools/tlcp_client.c
@@ -54,6 +54,53 @@ static const char *help =
 "\n";


+static int set_socket_nonblocking(tls_socket_t sock)
+{
+#ifdef WIN32
+	u_long mode = 1;
+	if (ioctlsocket(sock, FIONBIO, &mode) != 0) {
+		error_print();
+		return -1;
+	}
+#else
+	int flags;
+	if ((flags = fcntl(sock, F_GETFL)) < 0
+		|| fcntl(sock, F_SETFL, flags | O_NONBLOCK) < 0) {
+		error_print();
+		return -1;
+	}
+#endif
+	return 1;
+}
+
+static int do_handshake_select(TLS_CONNECT *conn)
+{
+	int ret;
+	fd_set rfds;
+	fd_set wfds;
+
+	for (;;) {
+		ret = tls_do_handshake(conn);
+		if (ret == 1) {
+			return 1;
+		}
+		FD_ZERO(&rfds);
+		FD_ZERO(&wfds);
+		if (ret == TLS_ERROR_RECV_AGAIN) {
+			FD_SET(conn->sock, &rfds);
+		} else if (ret == TLS_ERROR_SEND_AGAIN) {
+			FD_SET(conn->sock, &wfds);
+		} else {
+			error_print();
+			return -1;
+		}
+		if (select((int)(conn->sock + 1), &rfds, &wfds, NULL, NULL) < 0) {
+			error_print();
+			return -1;
+		}
+	}
+}
+
 int tlcp_client_main(int argc, char *argv[])
 {
 	int ret = -1;
@@ -317,7 +364,12 @@ bad:
 		goto end;
 	}

-	if (tls_do_handshake(&conn) != 1) {
+	if (set_socket_nonblocking(sock) != 1) {
+		error_print();
+		goto end;
+	}
+
+	if (do_handshake_select(&conn) != 1) {
 		fprintf(stderr, "%s: error\n", prog);
 		goto end;
 	}
@@ -359,6 +411,7 @@ bad:
 		for (;;) {
 			int rv;

+			len = sizeof(buf);
 			rv = tls_recv(&conn, (uint8_t *)buf, sizeof(buf), &len);

 			if (rv == 1) {
@@ -367,11 +420,26 @@ bad:
 			} else if (rv == 0) {
 				fprintf(stderr, "%s: TLCP connection is closed by remote host\n", prog);
 				goto end;
-			} else if (rv == -EAGAIN) {
-				// when timeout, tls_recv return -EAGAIN (-11)
-				tls_shutdown(&conn);
-				ret = 0;
-				goto end;
+			} else if (rv == -EAGAIN
+				|| rv == TLS_ERROR_RECV_AGAIN
+				|| rv == TLS_ERROR_SEND_AGAIN) {
+				fd_set fds;
+				struct timeval timeout;
+				int sel;
+
+				timeout.tv_sec = TIMEOUT_SECONDS;
+				timeout.tv_usec = 0;
+				FD_ZERO(&fds);
+				FD_SET(conn.sock, &fds);
+				sel = select(conn.sock + 1, &fds, NULL, NULL, &timeout);
+				if (sel < 0) {
+					fprintf(stderr, "%s: select error\n", prog);
+					goto end;
+				} else if (sel == 0) {
+					tls_shutdown(&conn);
+					ret = 0;
+					goto end;
+				}
 			} else {
 				fprintf(stderr, "%s: tls_recv error\n", prog);
 				goto end;
@@ -432,6 +500,7 @@ bad:
 		if (FD_ISSET(conn.sock, &fds)) {
 			int rv;

+			len = sizeof(buf);
 			rv = tls_recv(&conn, (uint8_t *)buf, sizeof(buf), &len);

 			if (rv == 1) {
@@ -440,10 +509,10 @@ bad:
 			} else if (rv == 0) {
 				fprintf(stderr, "Connection closed by remote host\n");
 				goto end;
-			} else if (rv == -EAGAIN) {
-				// should not happen
-				error_print();
-				goto end;
+			} else if (rv == -EAGAIN
+				|| rv == TLS_ERROR_RECV_AGAIN
+				|| rv == TLS_ERROR_SEND_AGAIN) {
+				continue;
 			} else {
 				error_print();
 				fprintf(stderr, "%s: tls_recv error\n", prog);