Address comments from copilot

Author: AlexLanzano

docs/draft/timeout.md

@@ -11,6 +11,9 @@ posixTimeoutContext posixCtx = {0};
 posixTimeoutConfig  posixCfg = {.timeoutUs = WH_SEC_TO_USEC(5)};
 whTimeoutCb         timeoutCbTable = POSIX_TIMEOUT_CB;
 
+/* NOTE: The callback table, platform context, and expiredCtx must remain valid
+ * for the lifetime of the whCommClient/whTimeout instance. Do not use stack
+ * locals that go out of scope while the client is still in use. */
 whTimeoutConfig timeoutCfg = {
     .cb         = &timeoutCbTable,     /* platform callback table */
     .context    = &posixCtx,           /* platform context */

port/posix/posix_timeout.c

@@ -20,21 +20,33 @@
  * port/posix/posix_timeout.c
  *
  * POSIX implementation of the wolfHSM timeout abstraction.
- * Uses posixGetTime() from posix_time.h for time measurement.
+ * Uses CLOCK_MONOTONIC for time measurement.
  */
 
 #include "wolfhsm/wh_settings.h"
 
 #ifdef WOLFHSM_CFG_ENABLE_TIMEOUT
 
 #include <stddef.h>
+#include <time.h>
 
 #include "wolfhsm/wh_error.h"
 #include "wolfhsm/wh_timeout.h"
 
-#include "port/posix/posix_time.h"
 #include "port/posix/posix_timeout.h"
 
+/* Use CLOCK_MONOTONIC for timeout measurement to avoid issues with wall-clock
+ * adjustments (NTP, manual changes, etc.) that could cause spurious expirations
+ * or overly long timeouts. */
+static uint64_t _getMonotonicTimeUs(void)
+{
+    struct timespec ts;
+    if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0) {
+        return 0;
+    }
+    return (uint64_t)ts.tv_sec * 1000000ULL + (uint64_t)(ts.tv_nsec / 1000);
+}
+
 int posixTimeout_Init(void* context, const void* config)
 {
     posixTimeoutContext*      ctx = (posixTimeoutContext*)context;
@@ -107,7 +119,7 @@ int posixTimeout_Start(void* context)
         return WH_ERROR_NOTREADY;
     }
 
-    ctx->startUs = posixGetTime();
+    ctx->startUs = _getMonotonicTimeUs();
     ctx->started = 1;
 
     return WH_ERROR_OK;
@@ -150,7 +162,7 @@ int posixTimeout_Expired(void* context, int* expired)
         return WH_ERROR_OK;
     }
 
-    nowUs    = posixGetTime();
+    nowUs    = _getMonotonicTimeUs();
     *expired = ((nowUs - ctx->startUs) >= ctx->timeoutUs) ? 1 : 0;
 
     return WH_ERROR_OK;

port/posix/posix_timeout.h

@@ -20,7 +20,7 @@
  * port/posix/posix_timeout.h
  *
  * POSIX implementation of the wolfHSM timeout abstraction.
- * Uses posixGetTime() for time measurement.
+ * Uses CLOCK_MONOTONIC for time measurement.
  */
 
 #ifndef PORT_POSIX_POSIX_TIMEOUT_H_

src/wh_comm.c

@@ -189,9 +189,13 @@ int wh_CommClient_RecvResponse(whCommClient* context,
     }
 #ifdef WOLFHSM_CFG_ENABLE_TIMEOUT
     else if (rc == WH_ERROR_NOTREADY) {
-        if (wh_Timeout_Expired(&context->respTimeout)) {
+        int expired = wh_Timeout_Expired(&context->respTimeout);
+        if (expired > 0) {
             rc = WH_ERROR_TIMEOUT;
         }
+        else if (expired < 0) {
+            rc = expired;
+        }
     }
 #endif
     return rc;

test/Makefile

@@ -36,7 +36,7 @@ DEF += -DWOLFHSM_CFG_TEST_POSIX
 ARCHFLAGS ?=
 
 # Enable extra C compiler warnings
-CFLAGS_EXTRA = -Werror -Wall -Wextra -g
+CFLAGS_EXTRA = -Werror -Wall -Wextra
 # Place functions / data into separate sections to allow unused code removal
 CFLAGS_EXTRA += -ffunction-sections -fdata-sections
 

wolfhsm/wh_timeout.h

@@ -40,7 +40,7 @@
 #include <stdint.h>
 
 /* Time conversion macros */
-#define WH_MSEC_TO_USEC(usec) ((usec) * (1000ULL))
+#define WH_MSEC_TO_USEC(ms) ((ms) * (1000ULL))
 #define WH_SEC_TO_USEC(sec) ((sec) * (1000000ULL))
 #define WH_MIN_TO_USEC(min) ((min) * (WH_SEC_TO_USEC(60)))