- 05 Nov, 2018 1 commit
-
-
Aleksey authored
Change-Id: Ia3436b8ea9da299084b770c4cd048f626a5d7d5a Signed-off-by:Aleksey Volkov <a.volkov@samsung.com>
-
- 11 Jul, 2018 1 commit
-
-
Oleksandr Andrieiev authored
Bug: https://jira.iotivity.org/browse/IOT-3108 Change-Id: I1bca35ab9c516f7a0850dd209e043048d9194007 Signed-off-by:
Oleksandr Andrieiev <o.andrieiev@samsung.com>
-
- 14 Jun, 2018 1 commit
-
-
Oleksandr Andrieiev authored
For secure connections that use certificates the SubjectUUID is retrieved from leaf certificate's CN. However, there is no binding mechanism between Root CA and Device Id that it can generate certificates for. Root CAs can issue certificates with arbitrary UUIDs, which can be used to impersonate another Device. The fix adds callback to the certificate chain validation function. This callback collects single-linked list of all UUIDs associated with the certificate in cred entries. When leaf certificate is reached, UUID of Device is retrieved and matched against static list. If no matching UUID is found, connection should be rejected. Bug: https://jira.iotivity.org/browse/IOT-3087 Change-Id: I20333c980226dc6a0c257dc36aab1502202993d9 Signed-off-by:
-
- 04 Apr, 2018 1 commit
-
-
Philippe Coval authored
Declare void functions as strict prototype If built along -Wstrict-prototypes it will raise and error, this is the case on TizenRT. More patches to come to enable this flag by default. Bug: https://jira.iotivity.org/browse/IOT-2539 Change-Id: I71c37805b5fb60b4d8e1c78845194979fb18f9af Origin: https://gerrit.iotivity.org/gerrit/#/c/23969/Signed-off-by:
Philippe Coval <philippe.coval@osg.samsung.com>
-
- 27 Mar, 2018 1 commit
-
-
Oleksandr Dmytrenko authored
Print ca ssl adapter messages Change-Id: I8f044e368caf75dc0212fad4edffd6c8c5c14ca2 Signed-off-by:Oleksandr Dmytrenko <o.dmytrenko@samsung.com>
-
- 02 Mar, 2018 1 commit
-
-
Steven Saunders authored
Change-Id: I3ee0fb005c6c9ce91a0e4c16454b6856c508616f Signed-off-by:Steven Saunders <s.saunders-contractor@cablelabs.com>
-
- 24 Jan, 2018 1 commit
-
-
Philippe Coval authored
Functions in payload_logging.h can be used in examples, so it's installed in "experimental" sub namespace along dependencies. Bug: https://jira.iotivity.org/browse/IOT-1745 Change-Id: If3a9e4309601c356ab9a2faaa9fbe26283408633 Signed-off-by:
jenkins-iotivity <jenkins@iotivity.org> Reviewed-by:
George Nash <george.nash@intel.com>
Reviewed-by: Dan Mihai <Daniel.Mihai@microsoft.com>
-
- 15 Nov, 2017 1 commit
-
-
Nathan Heldt-Sheller authored
This reverts commit 7f9d8c71. 22967 caused a regression in the CTT; we'll fix and re-submit after regression testing. Change-Id: Ie06cf59b6463072c54b23c61d322bdb7f09cc22f Signed-off-by:
Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
-
- 14 Nov, 2017 1 commit
-
-
Oleksii Beketov authored
Allow to parse all CA certificates when SVR DB contains more than one root CA. Change-Id: Ie82632b459a9a064a90ff14e100e4db9ab60492d Signed-off-by:Oleksii Beketov <ol.beketov@samsung.com>
-
- 16 Oct, 2017 1 commit
-
-
George Nash authoredThe -Wformat= warning is given when the conversion specifier in a printf or scanf command does not match the value actually passed in. In this commit all of the issues are found in LOG functions. If type passed in was a variable size parameter like a pointer or size_t. The the PRIuPTR value from the inttypes.h header is used. For ssize_t variables the PRIdPTR was used. Bug: https://jira.iotivity.org/browse/IOT-2539 Change-Id: I4977253ac7ee68d2e80a26a0963b770b2ce87032 Signed-off-by:
George Nash <george.nash@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/21771Tested-by:
-
- 13 Oct, 2017 1 commit
-
-
Oleksii Beketov authored
Added callback to check peer's certificate Common Name field. Change-Id: Idb316438a76d70fcc7a91a2e119aadd0c771bde6 Signed-off-by:
akk0rd <v.riznyk@samsung.com> Signed-off-by:
-
- 14 Sep, 2017 1 commit
-
-
saurabh.s9 authored
Purpose: Errors happens during OCDoResource calls should be returned to app layer Previously, session errors (handshake failed) didn't returned properly to app layer and this cause side effects (CA retransmission works in cases when it should not) Current state: 1. Source code builds ok 2. Secure stack samples (UDP/TCP) works well (both positive/negative cases) 3. Provisioning (OTM, 20th menu item) works well for following: a. justworks positive UDP/TCP, negative UDP case b. mfg positive UDP/TCP, negative UDP case c. mv_justworks positive UDP/TCP, negative UDP case d. randompin positive UDP/TCP, negative UDP case 4. OTM in provisioning via TCP - negative case - should work properly after fix IOT-2454 How to test: 1. Positive case - just test samples (f.e secure stack samples) & provisioning with all servers 2. Negative case - add following code which artificially breaks handshake (to ca_adapter_net_ssl.c) if (peer->ssl.state == MBEDTLS_SSL_CERTIFICATE_REQUEST) { ret = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR; } And again test all samples and provisioning with all servers. As result - you should see an error returned to app immidiately (without timeouts, etc) and there should be no CA retransmission attempts (UDP case) Change-Id: Ia1fe1c7c58f9e40040a0be5e7e83abbc66f80bfe Signed-off-by:Andrii Shtompel <a.shtompel@samsung.com> Signed-off-by:
saurabh.s9 <saurabh.s9@samsung.com>
-
- 14 Aug, 2017 1 commit
-
-
Philippe Coval authored
Functions in payload_logging.h can be used in examples, so it's installed in "experimental" sub namespace along dependencies. Bug: https://jira.iotivity.org/browse/IOT-1745 Change-Id: If3a9e4309601c356ab9a2faaa9fbe26283408633 Signed-off-by:
George Nash <george.nash@intel.com>
Reviewed-by:
-
- 11 Aug, 2017 1 commit
-
-
George Nash authored
The -Wformat= warning is given when the conversion specifier in a printf or scanf command does not match the value actually passed in. In this commit all of the issues are found in LOG functions. If type passed in was a variable size parameter like a pointer or size_t. The the PRIuPTR value from the inttypes.h header is used. For ssize_t variables the PRIdPTR was used. Bug: https://jira.iotivity.org/browse/IOT-2539 Change-Id: I4977253ac7ee68d2e80a26a0963b770b2ce87032 Signed-off-by:
George Nash <george.nash@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/21771Tested-by:
-
- 02 Aug, 2017 1 commit
-
-
Philippe Coval authored
Designate securevirtualresourcetypes.h as a "Public Experimental" header. Those headers are needed for C applications in secured mode (using OCRepPayloadCreate from ocpayload.h) Observed error is: .../resource/stack/ocpayload.h:42:40: \ fatal error: securevirtualresourcetypes.h: \ No such file or directory For C++ app there is no such requierements Bug: https://jira.iotivity.org/browse/IOT-1745 Change-Id: I6a37fa82e3a1065541dba8be541ff4ac90e3294a Signed-off-by:
Ziran Sun <ziran.sun@samsung.com> Reviewed-by:
Mats Wichmann <mats@linux.com> Reviewed-by:
George Nash <george.nash@intel.com>
Reviewed-by: Martin Rösch <martin.roesch@kistler.com> Reviewed-by:
Randeep Singh <randeep.s@samsung.com>
-
- 27 Jun, 2017 1 commit
-
-
Oleksandr Dmytrenko authored
Fix memory leak: cert/key/CRL information returned by cred resource https://jira.iotivity.org/browse/IOT-1917 Change-Id: Ic563b5e5b79ccac8855ebb5b215e475d1b4e57be Signed-off-by:
Kevin Kane <kkane@microsoft.com> Tested-by:
Greg Zaverucha <gregz@microsoft.com> (cherry picked from commit dba44fd8) Reviewed-on: https://gerrit.iotivity.org/gerrit/20933Reviewed-by:
-
- 08 Jun, 2017 2 commits
-
-
Greg Zaverucha authored
Since "f7e8c4ba PSK check before ciphersuite selection" PSK ciphersuites will only be negotiated if the local peer has a credential with the remote peer's UUID. Make sure the UUID is present in the endpoint information used when calling OCDoRequest. In the SSL adapter, when setting up a connection, if no ciphersuites are usable based on the credentials available, fail. Change-Id: I64db80379e8055e35e051dd5b90191625f1d5033 Signed-off-by:
-
Dan Mihai authored
Change-Id: I55802664860aec4a02da209d3597d68ad405a4a9 Signed-off-by:
-
- 26 May, 2017 1 commit
-
-
Dave Thaler authored
This is a pre-requisite for other changes such as multiple devices per process. Change-Id: I8ce459520bb163901d9bccd39d1cbbe03cf1a2b3 Signed-off-by:
Dave Thaler <dthaler@microsoft.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/19763Tested-by:
-
- 22 May, 2017 1 commit
-
-
Dan Mihai authored
Change-Id: Ib5e6df4e02da583e086a07591ef1e35f367ae4f0 Signed-off-by:
Dmitriy Zhuravlev <d.zhuravlev@samsung.com> Reviewed-by:
-
- 20 May, 2017 1 commit
-
-
Jaewook Jung authored
- fix implicit declaration of function - remove unused codes - remove unused parameter warnings Change-Id: I830f9ada169e334a566bb696dee6cf9b46c87459 Signed-off-by:
Jaewook Jung <jw0213.jung@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/20093Reviewed-by:
Uze Choi <uzchoi@samsung.com> Tested-by:
Ashok Babu Channa <ashok.channa@samsung.com>
-
- 19 May, 2017 1 commit
-
-
Dan Mihai authored
Fixing: resource\csdk\connectivity\src\adapter_util\ca_adapter_net_ssl.c(1345): error C2220: warning treated as error - no 'object' file generated resource\csdk\connectivity\src\adapter_util\ca_adapter_net_ssl.c(1345): warning C4389: '!=': signed/unsigned mismatch Change-Id: I42fb71ff8dd39e5db600068daf8ab2b41c6336ce Signed-off-by:
-
- 18 May, 2017 1 commit
-
-
Jaewook Jung authored
Change-Id: Ib22fda47f5e843bc753966c085942014d70d4922 Signed-off-by:
Glen Youngjin Kim <glen.kim@samsung.com> Reviewed-by:
Hyuna Jo <hyuna0213.jo@samsung.com> Tested-by:
Todd Malsbary <todd.malsbary@intel.com> Reviewed-by:
-
- 04 May, 2017 1 commit
-
-
Dan Mihai authored
Test case CT1.7.2.1-2 from CTT v1.5.6 fails with "message mac does not match": - After CTT successfully posted the owner credential - While trying to establish a new DTLS session, using the new credential Change-Id: I282632d1071c76afba629081d6853d376c347473 Signed-off-by:
-
- 02 May, 2017 1 commit
-
-
Dmitriy Zhuravlev authored
Server should be able to load PSK suite without discovery Change-Id: I957760b16325ac6b9f01c901f02cf6598e1aeb9e Signed-off-by:
-
- 26 Apr, 2017 1 commit
-
-
Kevin Kane authored
During OTM, the DOXM resource is accessed while the SSL lock is held. Attempting to assert roles causes this lock to be acquired again, and recursive locking is not supported. Therefore, don't automatically assert roles when accessing DOXM. Since this resource seems to only be accessed either anonymously or with an owner PSK, this shouldn't be needed, anyway. Change-Id: I4b04d24544a5049d3a91827753d565e118cbf9d5 Signed-off-by:
Alex Kelley <alexke@microsoft.com> Reviewed-by:
Way Vadhanasin <wayvad@microsoft.com> Reviewed-by:
-
- 20 Apr, 2017 1 commit
-
-
Dmitriy Zhuravlev authored
Add checking whether secure session exists before creating new Change-Id: Ia4c36f6257b01c1d81baf1082eba6d7fcd0e83f2 Signed-off-by:
-
- 19 Apr, 2017 1 commit
-
-
Dmitriy Zhuravlev authored
OTM should be able to use PSK ciphersuite even if there is no credentials in SVR DB Change-Id: Icfde495b61f5f726cab2604fd5fc0f5e9e88fff9 Signed-off-by:
-
- 17 Apr, 2017 1 commit
-
-
Dmitriy Zhuravlev authored
OTM should be able to use PSK ciphersuite even if there is no credentials in SVR DB Change-Id: Icfde495b61f5f726cab2604fd5fc0f5e9e88fff9 Signed-off-by:
-
- 14 Apr, 2017 1 commit
-
-
Greg Zaverucha authored
Use MBEDTLS_MD_MAX_SIZE for buffer lengths in pHash. Don't allow wildcard UUID in CSRs Change-Id: Ifad48945250087d8dc92fb346cfc986f68888352 Signed-off-by:
-
- 12 Apr, 2017 2 commits
-
-
Alex Kelley authored
These changes include the following: - Fix W4 warnings under resource/csdk/connectivity. - Fix W4 warnings under resource/csdk/connectivity/test. - Enable /W4 /WX on resource/csdk/connectivity. - Enable /W4 /WX on resource/csdk/connectivity/test. - Update build_common/Windows/SConscript. Change-Id: I98d93f4df6fc938f004ef2f6844ba120bb5e788a Signed-off-by:
Mike Fenelon <mike.fenelon@microsoft.com> (cherry picked from commit 7a811cc5) Reviewed-on: https://gerrit.iotivity.org/gerrit/18749Reviewed-by:
-
Oleksandr Dmytrenko authored
Fix memory leak: cert/key/CRL information returned by cred resource https://jira.iotivity.org/browse/IOT-1917 Change-Id: Ic563b5e5b79ccac8855ebb5b215e475d1b4e57be Signed-off-by:
-
- 11 Apr, 2017 1 commit
-
-
Alex Kelley authored
These changes include the following: - Fix W4 warnings under resource/csdk/connectivity. - Fix W4 warnings under resource/csdk/connectivity/test. - Enable /W4 /WX on resource/csdk/connectivity. - Enable /W4 /WX on resource/csdk/connectivity/test. - Update build_common/Windows/SConscript. Change-Id: I98d93f4df6fc938f004ef2f6844ba120bb5e788a Signed-off-by:
-
- 05 Apr, 2017 1 commit
-
-
Philippe Coval authored
It never was an external library while it was located there, the code is small enough to be part c_common utility library. No functionnal changes were introduced, just reformated source. Note, For Arduino, timer object is built using C++ compiler tricks, that could be removed once support is dropped. Bug: https://jira.iotivity.org/browse/IOT-1889 Change-Id: I776c5273315a7552495974f58a199a38073fb45e Signed-off-by:
-
- 04 Apr, 2017 1 commit
-
-
Andrii Shtompel authored
Checking identity added to avoid including PSK suite if no appropriate PSK in SVR DB. Change-Id: I118c4b5864929cc8fdd0597af855f3c06b9332dc Signed-off-by:
-
- 03 Apr, 2017 1 commit
-
-
Andrii Shtompel authored
Change-Id: I5d71be0f7f0fe2e499bd1940083db6cb84e0df75 Signed-off-by:
-
- 29 Mar, 2017 1 commit
-
-
Greg Zaverucha authored
Add unit test to exercise certificate provisioning and use (previously only provisioning was tested). Fixed bugs in credresource and ca_adapter_net_ssl. Configure mbedtls to use OCF certificate EKUs. Added more logging in many places. Exposed API to remove credentials locally for use by test code. Change-Id: Ia55c7f3a7518f12c99f60280062f156954bdf4ac Signed-off-by:
-
- 23 Mar, 2017 1 commit
-
-
Kevin Kane authored
Change cred resource to always provide own certificate as a PEM string, and no longer require ParseChain to heuristically parse a mixed bag of DER and PEM certs. Also, go back to having ParseChain return an int rather than a size_t which was changed during /W4 warning cleanup; it must be able to return negative values to indicate errors. Change-Id: Id36962ed580eb3bccc110aac0350349b05674ee7 Signed-off-by:
-
- 10 Mar, 2017 1 commit
-
-
Kevin Kane authored
Also change "ret == 0" to "0 == ret" for IOT-1870; opened from a previous code review. Change-Id: I829192698b9a8fed920e865f9cd4c2b968f8c951 Signed-off-by:
-
- 09 Mar, 2017 1 commit
-
-
Greg Zaverucha authored
- Shell script to create IoTivity identity certificates using OpenSSL command line tools. - Partial unit test for providing credentails to the CA adapter layer. Tests loading of PEM cert and key. - Misc changes and fixes to the cred resource - updated provisioning client to provision certs - helper code to create certs from CSRs Change-Id: I7d3ab4810c7f7d6247ed90420cb97cbdb5f829a4 Signed-off-by:
-
