Lines Matching refs:context
665 static void tls_session_store(struct tls_context *context, in tls_session_store() argument
673 if (!context->options.cache_enabled) { in tls_session_store()
680 ret = mbedtls_ssl_get_session(&context->ssl, &session); in tls_session_store()
682 NET_ERR("Failed to obtain session for %p", context); in tls_session_store()
688 NET_ERR("Failed to save session for %p", context); in tls_session_store()
695 static void tls_session_restore(struct tls_context *context, in tls_session_restore() argument
703 if (!context->options.cache_enabled) { in tls_session_restore()
712 NET_DBG("Session not found for %p", context); in tls_session_restore()
716 ret = mbedtls_ssl_set_session(&context->ssl, &session); in tls_session_restore()
718 NET_ERR("Failed to set session for %p", context); in tls_session_restore()
822 static bool dtls_is_peer_addr_valid(struct tls_context *context, in dtls_is_peer_addr_valid() argument
826 if (context->dtls_peer_addrlen != addrlen) { in dtls_is_peer_addr_valid()
830 return peer_addr_cmp(&context->dtls_peer_addr, peer_addr); in dtls_is_peer_addr_valid()
833 static void dtls_peer_address_set(struct tls_context *context, in dtls_peer_address_set() argument
837 if (addrlen <= sizeof(context->dtls_peer_addr)) { in dtls_peer_address_set()
838 memcpy(&context->dtls_peer_addr, peer_addr, addrlen); in dtls_peer_address_set()
839 context->dtls_peer_addrlen = addrlen; in dtls_peer_address_set()
843 static void dtls_peer_address_get(struct tls_context *context, in dtls_peer_address_get() argument
847 socklen_t len = MIN(context->dtls_peer_addrlen, *addrlen); in dtls_peer_address_get()
849 memcpy(peer_addr, &context->dtls_peer_addr, len); in dtls_peer_address_get()
1162 static int tls_mbedtls_reset(struct tls_context *context) in tls_mbedtls_reset() argument
1166 ret = mbedtls_ssl_session_reset(&context->ssl); in tls_mbedtls_reset()
1171 k_sem_reset(&context->tls_established); in tls_mbedtls_reset()
1179 if (context->options.role == MBEDTLS_SSL_IS_SERVER) { in tls_mbedtls_reset()
1180 (void)memset(&context->dtls_peer_addr, 0, in tls_mbedtls_reset()
1181 sizeof(context->dtls_peer_addr)); in tls_mbedtls_reset()
1182 context->dtls_peer_addrlen = 0; in tls_mbedtls_reset()
1189 static int tls_mbedtls_handshake(struct tls_context *context, in tls_mbedtls_handshake() argument
1195 context->handshake_in_progress = true; in tls_mbedtls_handshake()
1199 while ((ret = mbedtls_ssl_handshake(&context->ssl)) != 0) { in tls_mbedtls_handshake()
1217 if (context->type == SOCK_DGRAM) { in tls_mbedtls_handshake()
1219 dtls_get_remaining_timeout(context); in tls_mbedtls_handshake()
1232 ret = wait_for_reason(context->sock, timeout_ms, ret); in tls_mbedtls_handshake()
1239 ret = tls_mbedtls_reset(context); in tls_mbedtls_handshake()
1252 ret = tls_mbedtls_reset(context); in tls_mbedtls_handshake()
1255 context->error = ETIMEDOUT; in tls_mbedtls_handshake()
1264 ret = tls_mbedtls_reset(context); in tls_mbedtls_handshake()
1266 context->error = ECONNABORTED; in tls_mbedtls_handshake()
1274 context->error = ECONNABORTED; in tls_mbedtls_handshake()
1280 k_sem_give(&context->tls_established); in tls_mbedtls_handshake()
1283 context->handshake_in_progress = false; in tls_mbedtls_handshake()
1288 static int tls_mbedtls_init(struct tls_context *context, bool is_server) in tls_mbedtls_init() argument
1294 type = (context->type == SOCK_STREAM) ? in tls_mbedtls_init()
1299 mbedtls_ssl_set_bio(&context->ssl, context, in tls_mbedtls_init()
1303 mbedtls_ssl_set_bio(&context->ssl, context, in tls_mbedtls_init()
1310 ret = mbedtls_ssl_config_defaults(&context->config, role, type, in tls_mbedtls_init()
1319 tls_set_max_frag_len(&context->config, context->type); in tls_mbedtls_init()
1322 mbedtls_ssl_conf_legacy_renegotiation(&context->config, in tls_mbedtls_init()
1324 mbedtls_ssl_conf_renegotiation(&context->config, in tls_mbedtls_init()
1331 mbedtls_ssl_set_timer_cb(&context->ssl, in tls_mbedtls_init()
1332 &context->dtls_timing, in tls_mbedtls_init()
1335 mbedtls_ssl_conf_handshake_timeout(&context->config, in tls_mbedtls_init()
1336 context->options.dtls_handshake_timeout_min, in tls_mbedtls_init()
1337 context->options.dtls_handshake_timeout_max); in tls_mbedtls_init()
1340 if (context->options.dtls_cid.enabled) { in tls_mbedtls_init()
1342 &context->config, in tls_mbedtls_init()
1343 context->options.dtls_cid.cid_len, in tls_mbedtls_init()
1353 ret = mbedtls_ssl_cookie_setup(&context->cookie, in tls_mbedtls_init()
1360 mbedtls_ssl_conf_dtls_cookies(&context->config, in tls_mbedtls_init()
1363 &context->cookie); in tls_mbedtls_init()
1366 &context->config, in tls_mbedtls_init()
1377 if (!is_server && !context->options.is_hostname_set) { in tls_mbedtls_init()
1378 mbedtls_ssl_set_hostname(&context->ssl, ""); in tls_mbedtls_init()
1385 if (context->options.verify_level != -1) { in tls_mbedtls_init()
1386 mbedtls_ssl_conf_authmode(&context->config, in tls_mbedtls_init()
1387 context->options.verify_level); in tls_mbedtls_init()
1390 mbedtls_ssl_conf_rng(&context->config, in tls_mbedtls_init()
1394 ret = tls_mbedtls_set_credentials(context); in tls_mbedtls_init()
1399 if (context->options.ciphersuites[0] != 0) { in tls_mbedtls_init()
1402 mbedtls_ssl_conf_ciphersuites(&context->config, in tls_mbedtls_init()
1403 context->options.ciphersuites); in tls_mbedtls_init()
1407 if (ALPN_MAX_PROTOCOLS && context->options.alpn_list[0] != NULL) { in tls_mbedtls_init()
1408 ret = mbedtls_ssl_conf_alpn_protocols(&context->config, in tls_mbedtls_init()
1409 context->options.alpn_list); in tls_mbedtls_init()
1417 if (is_server && context->options.cache_enabled) { in tls_mbedtls_init()
1418 mbedtls_ssl_conf_session_cache(&context->config, &server_cache, in tls_mbedtls_init()
1425 mbedtls_ssl_conf_early_data(&context->config, MBEDTLS_SSL_EARLY_DATA_ENABLED); in tls_mbedtls_init()
1428 ret = mbedtls_ssl_setup(&context->ssl, in tls_mbedtls_init()
1429 &context->config); in tls_mbedtls_init()
1439 if (context->options.dtls_cid.enabled) { in tls_mbedtls_init()
1440 ret = mbedtls_ssl_set_cid(&context->ssl, MBEDTLS_SSL_CID_ENABLED, in tls_mbedtls_init()
1441 context->options.dtls_cid.cid, in tls_mbedtls_init()
1442 context->options.dtls_cid.cid_len); in tls_mbedtls_init()
1450 context->is_initialized = true; in tls_mbedtls_init()
1455 static int tls_opt_sec_tag_list_set(struct tls_context *context, in tls_opt_sec_tag_list_set() argument
1470 ARRAY_SIZE(context->options.sec_tag_list.sec_tags)) { in tls_opt_sec_tag_list_set()
1474 memcpy(context->options.sec_tag_list.sec_tags, optval, optlen); in tls_opt_sec_tag_list_set()
1475 context->options.sec_tag_list.sec_tag_count = sec_tag_cnt; in tls_opt_sec_tag_list_set()
1480 static int sock_opt_protocol_get(struct tls_context *context, in sock_opt_protocol_get() argument
1483 int protocol = (int)context->tls_version; in sock_opt_protocol_get()
1494 static int tls_opt_sec_tag_list_get(struct tls_context *context, in tls_opt_sec_tag_list_get() argument
1503 len = MIN(context->options.sec_tag_list.sec_tag_count * in tls_opt_sec_tag_list_get()
1506 memcpy(optval, context->options.sec_tag_list.sec_tags, len); in tls_opt_sec_tag_list_get()
1512 static int tls_opt_hostname_set(struct tls_context *context, in tls_opt_hostname_set() argument
1518 if (mbedtls_ssl_set_hostname(&context->ssl, optval) != 0) { in tls_opt_hostname_set()
1525 context->options.is_hostname_set = true; in tls_opt_hostname_set()
1530 static int tls_opt_ciphersuite_list_set(struct tls_context *context, in tls_opt_ciphersuite_list_set() argument
1546 if (cipher_cnt + 1 > ARRAY_SIZE(context->options.ciphersuites)) { in tls_opt_ciphersuite_list_set()
1550 memcpy(context->options.ciphersuites, optval, optlen); in tls_opt_ciphersuite_list_set()
1551 context->options.ciphersuites[cipher_cnt] = 0; in tls_opt_ciphersuite_list_set()
1553 mbedtls_ssl_conf_ciphersuites(&context->config, in tls_opt_ciphersuite_list_set()
1554 context->options.ciphersuites); in tls_opt_ciphersuite_list_set()
1558 static int tls_opt_ciphersuite_list_get(struct tls_context *context, in tls_opt_ciphersuite_list_get() argument
1569 if (context->options.ciphersuites[0] == 0) { in tls_opt_ciphersuite_list_get()
1573 selected_ciphers = context->options.ciphersuites; in tls_opt_ciphersuite_list_get()
1590 static int tls_opt_ciphersuite_used_get(struct tls_context *context, in tls_opt_ciphersuite_used_get() argument
1599 ciph = mbedtls_ssl_get_ciphersuite(&context->ssl); in tls_opt_ciphersuite_used_get()
1609 static int tls_opt_alpn_list_set(struct tls_context *context, in tls_opt_alpn_list_set() argument
1628 if (alpn_cnt + 1 > ARRAY_SIZE(context->options.alpn_list)) { in tls_opt_alpn_list_set()
1632 memcpy(context->options.alpn_list, optval, optlen); in tls_opt_alpn_list_set()
1633 context->options.alpn_list[alpn_cnt] = NULL; in tls_opt_alpn_list_set()
1639 static int tls_opt_dtls_handshake_timeout_get(struct tls_context *context, in tls_opt_dtls_handshake_timeout_get() argument
1650 *val = context->options.dtls_handshake_timeout_max; in tls_opt_dtls_handshake_timeout_get()
1652 *val = context->options.dtls_handshake_timeout_min; in tls_opt_dtls_handshake_timeout_get()
1658 static int tls_opt_dtls_handshake_timeout_set(struct tls_context *context, in tls_opt_dtls_handshake_timeout_set() argument
1676 context->options.dtls_handshake_timeout_max = *val; in tls_opt_dtls_handshake_timeout_set()
1678 context->options.dtls_handshake_timeout_min = *val; in tls_opt_dtls_handshake_timeout_set()
1684 mbedtls_ssl_conf_handshake_timeout(&context->config, in tls_opt_dtls_handshake_timeout_set()
1685 context->options.dtls_handshake_timeout_min, in tls_opt_dtls_handshake_timeout_set()
1686 context->options.dtls_handshake_timeout_max); in tls_opt_dtls_handshake_timeout_set()
1691 static int tls_opt_dtls_connection_id_set(struct tls_context *context, in tls_opt_dtls_connection_id_set() argument
1709 context->options.dtls_cid.enabled = false; in tls_opt_dtls_connection_id_set()
1710 context->options.dtls_cid.cid_len = 0; in tls_opt_dtls_connection_id_set()
1713 context->options.dtls_cid.enabled = true; in tls_opt_dtls_connection_id_set()
1714 context->options.dtls_cid.cid_len = 0; in tls_opt_dtls_connection_id_set()
1717 context->options.dtls_cid.enabled = true; in tls_opt_dtls_connection_id_set()
1718 if (context->options.dtls_cid.cid_len == 0) { in tls_opt_dtls_connection_id_set()
1721 sys_csrand_get(context->options.dtls_cid.cid, in tls_opt_dtls_connection_id_set()
1724 sys_rand_get(context->options.dtls_cid.cid, in tls_opt_dtls_connection_id_set()
1727 context->options.dtls_cid.cid_len = MBEDTLS_SSL_CID_OUT_LEN_MAX; in tls_opt_dtls_connection_id_set()
1740 static int tls_opt_dtls_connection_id_value_set(struct tls_context *context, in tls_opt_dtls_connection_id_value_set() argument
1753 context->options.dtls_cid.cid_len = optlen; in tls_opt_dtls_connection_id_value_set()
1754 memcpy(context->options.dtls_cid.cid, optval, optlen); in tls_opt_dtls_connection_id_value_set()
1762 static int tls_opt_dtls_connection_id_value_get(struct tls_context *context, in tls_opt_dtls_connection_id_value_get() argument
1767 if (*optlen < context->options.dtls_cid.cid_len) { in tls_opt_dtls_connection_id_value_get()
1771 *optlen = context->options.dtls_cid.cid_len; in tls_opt_dtls_connection_id_value_get()
1772 memcpy(optval, context->options.dtls_cid.cid, *optlen); in tls_opt_dtls_connection_id_value_get()
1780 static int tls_opt_dtls_peer_connection_id_value_get(struct tls_context *context, in tls_opt_dtls_peer_connection_id_value_get() argument
1788 if (!context->is_initialized) { in tls_opt_dtls_peer_connection_id_value_get()
1792 ret = mbedtls_ssl_get_peer_cid(&context->ssl, &enabled, optval, optlen); in tls_opt_dtls_peer_connection_id_value_get()
1802 static int tls_opt_dtls_connection_id_status_get(struct tls_context *context, in tls_opt_dtls_connection_id_status_get() argument
1817 if (!context->is_initialized) { in tls_opt_dtls_connection_id_status_get()
1821 ret = mbedtls_ssl_get_peer_cid(&context->ssl, &enabled, in tls_opt_dtls_connection_id_status_get()
1830 have_self_cid = (context->options.dtls_cid.cid_len != 0); in tls_opt_dtls_connection_id_status_get()
1833 if (!context->options.dtls_cid.enabled) { in tls_opt_dtls_connection_id_status_get()
1852 static int tls_opt_dtls_handshake_on_connect_set(struct tls_context *context, in tls_opt_dtls_handshake_on_connect_set() argument
1866 context->options.dtls_handshake_on_connect = (bool)*val; in tls_opt_dtls_handshake_on_connect_set()
1871 static int tls_opt_dtls_handshake_on_connect_get(struct tls_context *context, in tls_opt_dtls_handshake_on_connect_get() argument
1879 *(int *)optval = context->options.dtls_handshake_on_connect; in tls_opt_dtls_handshake_on_connect_get()
1885 static int tls_opt_alpn_list_get(struct tls_context *context, in tls_opt_alpn_list_get() argument
1888 const char **alpn_list = context->options.alpn_list; in tls_opt_alpn_list_get()
1914 static int tls_opt_session_cache_set(struct tls_context *context, in tls_opt_session_cache_set() argument
1927 context->options.cache_enabled = (*val == TLS_SESSION_CACHE_ENABLED); in tls_opt_session_cache_set()
1932 static int tls_opt_session_cache_get(struct tls_context *context, in tls_opt_session_cache_get() argument
1935 int cache_enabled = context->options.cache_enabled ? in tls_opt_session_cache_get()
1948 static int tls_opt_session_cache_purge_set(struct tls_context *context, in tls_opt_session_cache_purge_set() argument
1951 ARG_UNUSED(context); in tls_opt_session_cache_purge_set()
1960 static int tls_opt_peer_verify_set(struct tls_context *context, in tls_opt_peer_verify_set() argument
1981 context->options.verify_level = *peer_verify; in tls_opt_peer_verify_set()
1986 static int tls_opt_cert_nocopy_set(struct tls_context *context, in tls_opt_cert_nocopy_set() argument
2006 context->options.cert_nocopy = *cert_nocopy; in tls_opt_cert_nocopy_set()
2011 static int tls_opt_dtls_role_set(struct tls_context *context, in tls_opt_dtls_role_set() argument
2030 context->options.role = *role; in tls_opt_dtls_role_set()