Lines Matching defs:ssl
66 #include <openssl/ssl.h>
121 SSL *ssl; /* OpenSSL object for listening to connection requests */
167 static int psk_tls_server_name_call_back(SSL *ssl, int *sd, void *arg);
169 static int psk_tls_client_hello_call_back(SSL *ssl, int *al, void *arg);
463 coap_dtls_generate_cookie(SSL *ssl,
467 (coap_dtls_context_t *)SSL_CTX_get_app_data(SSL_get_SSL_CTX(ssl));
468 coap_ssl_data *data = (coap_ssl_data *)BIO_get_data(SSL_get_rbio(ssl));
481 coap_dtls_verify_cookie(SSL *ssl,
486 if (coap_dtls_generate_cookie(ssl, hmac, &len) &&
495 coap_dtls_psk_client_callback(SSL *ssl,
509 c_session = (coap_session_t *)SSL_get_app_data(ssl);
580 SSL *ssl,
590 c_session = (coap_session_t *)SSL_get_app_data(ssl);
644 coap_dtls_info_callback(const SSL *ssl, int where, int ret) {
645 coap_session_t *session = (coap_session_t *)SSL_get_app_data(ssl);
658 coap_session_str(session), pstr, SSL_state_string_long(ssl));
678 coap_session_str(session), pstr, SSL_state_string_long(ssl));
686 int err = SSL_get_error(ssl, ret);
692 coap_session_str(session), pstr, SSL_state_string_long(ssl));
702 if (where == SSL_CB_HANDSHAKE_START && SSL_get_state(ssl) == TLS_ST_OK)
960 if (!o_context->dtls.ssl) {
962 o_context->dtls.ssl = SSL_new(o_context->dtls.ctx);
963 if (!o_context->dtls.ssl)
967 SSL_free(o_context->dtls.ssl);
968 o_context->dtls.ssl = NULL;
971 SSL_set_bio(o_context->dtls.ssl, bio, bio);
972 SSL_set_app_data(o_context->dtls.ssl, NULL);
973 SSL_set_options(o_context->dtls.ssl, SSL_OP_COOKIE_EXCHANGE);
974 SSL_set_mtu(o_context->dtls.ssl, COAP_DEFAULT_MTU);
993 if (!o_context->dtls.ssl) {
995 o_context->dtls.ssl = SSL_new(o_context->dtls.ctx);
996 if (!o_context->dtls.ssl)
1000 SSL_free(o_context->dtls.ssl);
1001 o_context->dtls.ssl = NULL;
1004 SSL_set_bio(o_context->dtls.ssl, bio, bio);
1005 SSL_set_app_data(o_context->dtls.ssl, NULL);
1006 SSL_set_options(o_context->dtls.ssl, SSL_OP_COOKIE_EXCHANGE);
1007 SSL_set_mtu(o_context->dtls.ssl, COAP_DEFAULT_MTU);
1060 server_alpn_callback(SSL *ssl COAP_UNUSED,
1474 setup_pki_ssl(SSL *ssl,
1485 if (!(SSL_use_certificate_file(ssl,
1503 if (!(SSL_use_PrivateKey_file(ssl,
1524 SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1530 SSL_set_client_CA_list(ssl, cert_names);
1566 if (!cert || !SSL_use_certificate(ssl, cert)) {
1590 if (!pkey || !SSL_use_PrivateKey(ssl, pkey)) {
1612 SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1621 SSL_add_client_CA(ssl, x);
1632 if (!(SSL_use_certificate_ASN1(ssl,
1651 if (!(SSL_use_PrivateKey_ASN1(pkey_type, ssl,
1673 SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1676 if (!x509 || !SSL_add_client_CA(ssl, x509)) {
1734 if (!SSL_use_PrivateKey(ssl, pkey)) {
1744 if (!(SSL_use_PrivateKey_file(ssl,
1774 if (!SSL_use_certificate(ssl, x509)) {
1784 if (!(SSL_use_certificate_file(ssl,
1805 SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1816 if (!SSL_add_client_CA(ssl, x509)) {
1830 SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1832 if (!x509 || !SSL_add_client_CA(ssl, x509)) {
1915 SSL *ssl = X509_STORE_CTX_get_ex_data(ctx,
1917 coap_session_t *session = SSL_get_app_data(ssl);
2016 tls_secret_call_back(SSL *ssl,
2028 session = (coap_session_t *)SSL_get_app_data(ssl);
2055 SSL_set_verify(ssl,
2061 SSL_set_verify(ssl, SSL_VERIFY_NONE, tls_verify_call_back);
2066 SSL_set_verify_depth(ssl, setup_data->cert_chain_verify_depth + 2);
2074 SSL_set1_param(ssl, param);
2079 if (!setup_data->additional_tls_setup_call_back(ssl, setup_data))
2097 SSL_set_cipher_list(ssl, COAP_OPENSSL_PSK_CIPHERS);
2098 SSL_set_psk_server_callback(ssl, coap_dtls_psk_server_callback);
2112 tls_server_name_call_back(SSL *ssl,
2118 if (!ssl) {
2124 coap_session_t *session = (coap_session_t *)SSL_get_app_data(ssl);
2127 const char *sni = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
2184 SSL_set_SSL_CTX(ssl, context->sni_entry_list[i].ctx);
2185 SSL_clear_options(ssl, 0xFFFFFFFFL);
2186 SSL_set_options(ssl, SSL_CTX_get_options(context->sni_entry_list[i].ctx));
2193 SSL_set_session_secret_cb(ssl, tls_secret_call_back, arg);
2208 psk_tls_server_name_call_back(SSL *ssl,
2214 if (!ssl) {
2220 coap_session_t *c_session = (coap_session_t *)SSL_get_app_data(ssl);
2223 const char *sni = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
2284 SSL_set_SSL_CTX(ssl, o_context->psk_sni_entry_list[i].ctx);
2285 SSL_clear_options(ssl, 0xFFFFFFFFL);
2286 SSL_set_options(ssl,
2293 SSL_use_psk_identity_hint(ssl, lhint);
2300 SSL_set_session_secret_cb(ssl, tls_secret_call_back, arg);
2316 tls_client_hello_call_back(SSL *ssl,
2327 if (!ssl) {
2331 session = (coap_session_t *)SSL_get_app_data(ssl);
2350 size_t len = SSL_client_hello_get0_ciphers(ssl, &out);
2354 if (len && SSL_bytes_to_cipher_list(ssl, out, len,
2355 SSL_client_hello_isv2(ssl),
2381 SSL_set_psk_server_callback(ssl, coap_dtls_psk_server_callback);
2384 if (!setup_data->additional_tls_setup_call_back(ssl, setup_data))
2397 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_client_certificate_type,
2432 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &out, &outlen) &&
2474 setup_pki_ssl(ssl, &sni_setup_data, COAP_DTLS_ROLE_SERVER);
2476 setup_pki_ssl(ssl, setup_data, COAP_DTLS_ROLE_SERVER);
2483 SSL_set_verify(ssl,
2489 SSL_set_verify(ssl, SSL_VERIFY_NONE, tls_verify_call_back);
2494 SSL_set_verify_depth(ssl, setup_data->cert_chain_verify_depth + 2);
2502 SSL_set1_param(ssl, param);
2507 if (!setup_data->additional_tls_setup_call_back(ssl, setup_data))
2521 psk_tls_client_hello_call_back(SSL *ssl,
2531 if (!ssl)
2533 c_session = (coap_session_t *)SSL_get_app_data(ssl);
2552 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &out, &outlen) &&
2619 SSL_use_psk_identity_hint(ssl, lhint);
2721 if (!context->dtls.ssl) {
2723 context->dtls.ssl = SSL_new(context->dtls.ctx);
2724 if (!context->dtls.ssl)
2728 SSL_free(context->dtls.ssl);
2729 context->dtls.ssl = NULL;
2732 SSL_set_bio(context->dtls.ssl, bio, bio);
2733 SSL_set_app_data(context->dtls.ssl, NULL);
2734 SSL_set_options(context->dtls.ssl, SSL_OP_COOKIE_EXCHANGE);
2735 SSL_set_mtu(context->dtls.ssl, COAP_DEFAULT_MTU);
2780 if (context->dtls.ssl)
2781 SSL_free(context->dtls.ssl);
2819 SSL *nssl = NULL, *ssl = NULL;
2835 ssl = dtls->ssl;
2836 dtls->ssl = nssl;
2838 SSL_set_app_data(ssl, session);
2840 data = (coap_ssl_data *)BIO_get_data(SSL_get_rbio(ssl));
2851 SSL_use_psk_identity_hint(ssl, hint);
2858 r = SSL_accept(ssl);
2860 int err = SSL_get_error(ssl, r);
2866 SSL_free(ssl);
2870 return ssl;
2881 setup_client_ssl_session(coap_session_t *session, SSL *ssl
2891 SSL_set_tlsext_host_name(ssl, setup_data->client_sni) != 1) {
2895 SSL_set_psk_client_callback(ssl, coap_dtls_psk_client_callback);
2897 SSL_set_psk_server_callback(ssl, coap_dtls_psk_server_callback);
2899 SSL_set_cipher_list(ssl, COAP_OPENSSL_PSK_CIPHERS);
2902 SSL_set_max_proto_version(ssl, DTLS1_2_VERSION);
2906 SSL_set_max_proto_version(ssl, TLS1_2_VERSION);
2914 if (!setup_pki_ssl(ssl, setup_data, COAP_DTLS_ROLE_CLIENT))
2919 SSL_set_alpn_protos(ssl, coap_alpn, sizeof(coap_alpn));
2924 SSL_set_tlsext_host_name(ssl, setup_data->client_sni) != 1) {
2934 SSL_set1_param(ssl, param);
2940 SSL_set_verify(ssl,
2946 SSL_set_verify(ssl, SSL_VERIFY_NONE, tls_verify_call_back);
2950 SSL_set_verify_depth(ssl, setup_data->cert_chain_verify_depth + 1);
2959 SSL *ssl = NULL;
2965 ssl = SSL_new(dtls->ctx);
2966 if (!ssl)
2973 SSL_set_bio(ssl, bio, bio);
2974 SSL_set_app_data(ssl, session);
2975 SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);
2976 SSL_set_mtu(ssl, (long)session->mtu);
2978 if (!setup_client_ssl_session(session, ssl))
2983 r = SSL_connect(ssl);
2985 int ret = SSL_get_error(ssl, r);
2993 session->tls = ssl;
2994 return ssl;
2997 if (ssl)
2998 SSL_free(ssl);
3004 SSL *ssl = (SSL *)session->tls;
3005 if (ssl)
3006 SSL_set_mtu(ssl, (long)session->mtu);
3012 SSL *ssl = (SSL *)session->tls;
3013 if (ssl) {
3014 if (!SSL_in_init(ssl) && !(SSL_get_shutdown(ssl) & SSL_SENT_SHUTDOWN)) {
3015 int r = SSL_shutdown(ssl);
3017 r = SSL_shutdown(ssl);
3019 SSL_free(ssl);
3030 SSL *ssl = (SSL *)session->tls;
3032 assert(ssl != NULL);
3035 r = SSL_write(ssl, data, (int)data_len);
3038 int err = SSL_get_error(ssl, r);
3086 SSL *ssl = (SSL *)session->tls;
3089 assert(ssl != NULL && session->state == COAP_SESSION_STATE_HANDSHAKE);
3090 ssl_data = (coap_ssl_data *)BIO_get_data(SSL_get_rbio(ssl));
3100 SSL *ssl = (SSL *)session->tls;
3102 assert(ssl != NULL && session->state == COAP_SESSION_STATE_HANDSHAKE);
3104 (DTLSv1_handle_timeout(ssl) < 0)) {
3120 SSL_set_mtu(dtls->ssl, (long)session->mtu);
3121 ssl_data = (coap_ssl_data *)BIO_get_data(SSL_get_rbio(dtls->ssl));
3130 r = DTLSv1_listen(dtls->ssl, dtls->bio_addr);
3132 int err = SSL_get_error(dtls->ssl, r);
3154 SSL *ssl = (SSL *)session->tls;
3157 assert(ssl != NULL);
3159 int in_init = SSL_in_init(ssl);
3161 ssl_data = (coap_ssl_data *)BIO_get_data(SSL_get_rbio(ssl));
3172 r = SSL_read(ssl, pdu, (int)sizeof(pdu));
3177 int err = SSL_get_error(ssl, r);
3179 if (in_init && SSL_is_init_finished(ssl)) {
3181 coap_session_str(session), SSL_get_cipher_name(ssl));
3282 SSL *ssl = NULL;
3287 ssl = SSL_new(tls->ctx);
3288 if (!ssl)
3294 SSL_set_bio(ssl, bio, bio);
3295 SSL_set_app_data(ssl, session);
3297 if (!setup_client_ssl_session(session, ssl))
3300 r = SSL_connect(ssl);
3302 int ret = SSL_get_error(ssl, r);
3322 session->tls = ssl;
3323 if (SSL_is_init_finished(ssl)) {
3328 return ssl;
3331 if (ssl)
3332 SSL_free(ssl);
3341 SSL *ssl = NULL;
3346 ssl = SSL_new(tls->ctx);
3347 if (!ssl)
3353 SSL_set_bio(ssl, bio, bio);
3354 SSL_set_app_data(ssl, session);
3363 SSL_use_psk_identity_hint(ssl, hint);
3370 r = SSL_accept(ssl);
3372 int err = SSL_get_error(ssl, r);
3392 session->tls = ssl;
3393 if (SSL_is_init_finished(ssl)) {
3398 return ssl;
3401 if (ssl)
3402 SSL_free(ssl);
3409 SSL *ssl = (SSL *)session->tls;
3410 if (ssl) {
3411 if (!SSL_in_init(ssl) && !(SSL_get_shutdown(ssl) & SSL_SENT_SHUTDOWN)) {
3412 int r = SSL_shutdown(ssl);
3414 r = SSL_shutdown(ssl);
3416 SSL_free(ssl);
3430 SSL *ssl = (SSL *)session->tls;
3433 if (ssl == NULL)
3436 in_init = !SSL_is_init_finished(ssl);
3438 r = SSL_write(ssl, data, (int)data_len);
3441 int err = SSL_get_error(ssl, r);
3443 if (in_init && SSL_is_init_finished(ssl)) {
3445 coap_session_str(session), SSL_get_cipher_name(ssl));
3471 } else if (in_init && SSL_is_init_finished(ssl)) {
3473 coap_session_str(session), SSL_get_cipher_name(ssl));
3507 SSL *ssl = (SSL *)session->tls;
3510 if (ssl == NULL) {
3515 in_init = !SSL_is_init_finished(ssl);
3517 r = SSL_read(ssl, data, (int)data_len);
3519 int err = SSL_get_error(ssl, r);
3521 if (in_init && SSL_is_init_finished(ssl)) {
3523 coap_session_str(session), SSL_get_cipher_name(ssl));
3547 } else if (in_init && SSL_is_init_finished(ssl)) {
3549 coap_session_str(session), SSL_get_cipher_name(ssl));