Unit tests were failing to build because random header was included by
kernel_includes.h. The problem is that rand32.h includes a generated
file that is either not generated or not included when building unit
tests. Also, it is better to limit the scope of this file to where it is
used.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When closing a listening socket the functions waiting on the
FIFO will be unblocked this will result in receiving a NULL child
context. If that is the case return an error instead of carrying on.
Return the same error code (EINVAL) that is returned on Linux when
calling shutdown on a blocked accept call.
Signed-off-by: Léonard Bise <leonard.bise@gmail.com>
Replace CONFIG_ENTROPY_NAME with DT_CHOSEN_ZEPHYR_ENTROPY_LABEL. We now
set zephyr,entropy in the chosen node of the device tree to the entropy
device.
This allows us to remove CONFIG_ENTROPY_NAME from dts_fixup.h. Also
remove any other stale ENTROPY related defines in dts_fixup.h files.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
TLS sockets did not increase refcount of a net_context running TCP,
which could lead to a crash upon TCP disconnection.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make ioctl handlers of `ZFD_IOCTL_POLL_PREPARE` and
`ZFD_IOCTL_POLL_UPDATE` return an error code instead of setting errno
variable.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The TCP code expects that we know when the socket has called accept()
in order to continue connection attempt.
Fixes#21335
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add an implementation for `sendmsg`, so secure sockets can be used
together with the WebSocket module to implement secure WebSockets
("wss").
Fixes#20431
Signed-off-by: Markus Fuchs <markus.fuchs@de.sauter-bc.com>
This reverts commit d70a854904.
The next commit fixes the original issue so this commit is no
longer needed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This is related to commit 1a6f4a6368 ("net: tcp: Accept
connections only in LISTENING state") which made the system
to only accept new connections if the application had called
accept(). Unfortunately the TLS accept was not fixed by that
commit so we were in wrong state when accepting TLS sockets.
This commit fixes that issue.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/fdtable.h to sys/fdtable.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move entropy.h to drivers/entropy.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
From POSIX.1-2017:
The getsockname() function shall retrieve the locally-bound name of the
specified socket, store this address in the sockaddr structure pointed
to by the address argument, and store the length of this address in the
object pointed to by the address_len argument.
The address_len argument points to a socklen_t object which on input
specifies the length of the supplied sockaddr structure, and on output
specifies the length of the stored address. If the actual length of the
address is greater than the length of the supplied sockaddr structure,
the stored address shall be truncated.
If the socket has not been bound to a local name, the value stored in
the object pointed to by address is unspecified.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Poll descriptor was not incremented in poll update function in case it
was reported as not ready. In result, poll could end up processing the
same poll descriptor for every fd requested to monitor.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Rework detection of EOF on a socket, so that it can be detected in a
poll prepare that socket is in in a EOF state and poll can return
immediately.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When DTLS client was added to `poll` before/during the handshake, it
could throw errors and in some circumstances (when polling thread was
cooperative and had higher or equal priority to the handshake thread)
could lead to a deadlock in the application.
Prevent that, by blocking on handshake semaphore instead of fifo. Poll
will start using fifo for data poll only after handshake is complete.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Instead of simple bool value, use a semaphore to notify that TLS
handshake is complete. This way, we can monitor this value with k_poll.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
As extend fdtable usage to more cases, there regularly arises a need
to forward ioctl/fcntl arguments to another ioctl vmethod, which is
complicated because it defined as taking variadic arguments. The only
portable solution is to convert variadic arguments to va_list at the
first point of entry from client code, and then pass va_list around.
To facilitate calling ioctl with variadic arguments from system code,
z_fdtable_call_ioctl() helper function is added.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This commit reworks socket poll implementation to support multiple
socket implementations.
To achieve that, two ioctl poll helper requests were added:
ZFD_IOCTL_POLL_PREPARE and ZFD_IOCTL_POLL_UPDATE. The poll
implementation calls ioctl with these requests for each socket
requested in the fds table.
The first request is responsible for preparing k_poll_event objects
for specific socket. It can request to skip waiting in k_poll by
returning EALREADY through errno.
The latter request is responsible for processing outcome of k_poll for
each socket. It can request to retry the k_poll by returning EAGAIN
through errno.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Implement extended socket vtable for TLS sockets, therefore allowing to
integrate the implementation with socket subsystem.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Remove network specific default and max log level setting
and start to use the zephyr logging values for those.
Remove LOG_MODULE_REGISTER() from net_core.h and place the
calls into .c files. This is done in order to avoid weird
compiler errors in some cases and to make the code look similar
as other subsystems.
Fixes#11343Fixes#11659
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
With FD table introduction, net_context can no longer be reached by
typecasting socket descriptor. Instead, file descriptor API have to be
used.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
ztls_setsockopt and ztls_getsockopt returned error codes instead of
setting errno in particular cases. This commit fixes it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Current TLS socket implementation assumed that PSK ID stored in
credential manager is NULL terminated. It's actually better to store
only the string content, as the string length is stored as well. This
approach is less confusing, when a user is not operating on C strings
but on a non-NULL terminated byte array.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
As the debugging print calls are async, all the strings that might
be overwritten must use log_strdup() which will create a copy
of the printable string.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
When no certificate-based ciphersuites are used, mbedTLS compiles out
hostname field and associated functions from its SSL context. This
resulted in compilation error when only PSK-based ciphersuites were
configured.
This commit resolves the issue by compiling-out hostname-related code
from secure sockets implementation on the same basis as mbedTLS does.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The return of memset is never checked. This patch explicitly ignore
the return to avoid MISRA-C violations.
The only directory excluded directory was ext/* since it contains
only imported code.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
sockets_tls subsystem uses entropy driver, yet it does not include
entropy header. This commit fixes this.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit contains several fixes for DTLS implementation, proposed in
a post-merge review of #9338.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Originally EFAULT was used to indicate NULL pointer error in TLS option
set/get functions. EINVAL was suggested to be more apropriate error code
for this case, hence replace it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Introduce non-blocking DTLS handshake, used during recv function call.
This prevents from blocking while waiting for initial handshake packet
on non-blocking sockets during receive.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make TLS poll function verify if decrypted data is available after
socket has notified activity with POLLIN flag. This prevents from giving
false notifications in case data was received on socket but was consumed
by mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Specify timeout value for mbedtls_ssl_read function for DTLS servers.
Adding this can prevent TLS context lockup in case blocking recv is used
and peer has shut down DTLS connection without closing it gracefully.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for DTLS recv/recvfrom function.
For DTLS client, recv function requires to have an already established
DTLS connection.
For DTLS servers, this function will try to establish DTLS connection
before receiving data. In case that DTLS handshake fails, recv function
will silently retry.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for DTLS send/sendto function.
For DTLS clients, send function will try to establish DTLS connection
before sending data. If DTLS handshake fails, it will return an error.
For DTLS servers, send function requires to have DTLS connection already
established.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
DTLS handshake can return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED, which
indicate that TLS session context should be reset.
Also, store information whether TLS connection has beed established.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add binary IO functions for DTLS connections.
dtls_rx function is more complex than it's TLS counterpart due to fact,
that DTLS does not allow blocking operation for this function. A simple
timeout mechanism was implmented basing on the zsock_poll function.
This function also verifies peer address. As currently only a single
DTLS connection is supported on a socket, if a DTLS connection is
established, and we receive datagram from different peer, it is silently
dropped.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
