- 04 May, 2017 1 commit
-
-
Dan Mihai authored
Test case CT1.7.2.1-2 from CTT v1.5.6 fails with "message mac does not match": - After CTT successfully posted the owner credential - While trying to establish a new DTLS session, using the new credential Change-Id: I282632d1071c76afba629081d6853d376c347473 Signed-off-by:
Dan Mihai <Daniel.Mihai@microsoft.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/19515Reviewed-by:
Kevin Kane <kkane@microsoft.com> Reviewed-by:
Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com> Tested-by:
-
- 02 May, 2017 1 commit
-
-
Dmitriy Zhuravlev authored
Server should be able to load PSK suite without discovery Change-Id: I957760b16325ac6b9f01c901f02cf6598e1aeb9e Signed-off-by:
Dmitriy Zhuravlev <d.zhuravlev@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/19369Tested-by:
jenkins-iotivity <jenkins@iotivity.org> Reviewed-by:
Andrii Shtompel <a.shtompel@samsung.com> Reviewed-by:
Oleksii Beketov <ol.beketov@samsung.com> Reviewed-by:
Phil Coval <philippe.coval@osg.samsung.com> Reviewed-by:
Dave Thaler <dthaler@microsoft.com> Reviewed-by:
Greg Zaverucha <gregz@microsoft.com> Reviewed-by:
-
- 26 Apr, 2017 1 commit
-
-
Kevin Kane authored
During OTM, the DOXM resource is accessed while the SSL lock is held. Attempting to assert roles causes this lock to be acquired again, and recursive locking is not supported. Therefore, don't automatically assert roles when accessing DOXM. Since this resource seems to only be accessed either anonymously or with an owner PSK, this shouldn't be needed, anyway. Change-Id: I4b04d24544a5049d3a91827753d565e118cbf9d5 Signed-off-by:
Alex Kelley <alexke@microsoft.com> Reviewed-by:
Way Vadhanasin <wayvad@microsoft.com> Reviewed-by:
-
- 20 Apr, 2017 1 commit
-
-
Dmitriy Zhuravlev authored
Add checking whether secure session exists before creating new Change-Id: Ia4c36f6257b01c1d81baf1082eba6d7fcd0e83f2 Signed-off-by:
-
- 19 Apr, 2017 1 commit
-
-
Dmitriy Zhuravlev authored
OTM should be able to use PSK ciphersuite even if there is no credentials in SVR DB Change-Id: Icfde495b61f5f726cab2604fd5fc0f5e9e88fff9 Signed-off-by:
-
- 14 Apr, 2017 1 commit
-
-
Greg Zaverucha authored
Use MBEDTLS_MD_MAX_SIZE for buffer lengths in pHash. Don't allow wildcard UUID in CSRs Change-Id: Ifad48945250087d8dc92fb346cfc986f68888352 Signed-off-by:
-
- 12 Apr, 2017 1 commit
-
-
Alex Kelley authored
These changes include the following: - Fix W4 warnings under resource/csdk/connectivity. - Fix W4 warnings under resource/csdk/connectivity/test. - Enable /W4 /WX on resource/csdk/connectivity. - Enable /W4 /WX on resource/csdk/connectivity/test. - Update build_common/Windows/SConscript. Change-Id: I98d93f4df6fc938f004ef2f6844ba120bb5e788a Signed-off-by:
Mike Fenelon <mike.fenelon@microsoft.com> (cherry picked from commit 7a811cc5) Reviewed-on: https://gerrit.iotivity.org/gerrit/18749Reviewed-by:
-
- 05 Apr, 2017 1 commit
-
-
Philippe Coval authored
It never was an external library while it was located there, the code is small enough to be part c_common utility library. No functionnal changes were introduced, just reformated source. Note, For Arduino, timer object is built using C++ compiler tricks, that could be removed once support is dropped. Bug: https://jira.iotivity.org/browse/IOT-1889 Change-Id: I776c5273315a7552495974f58a199a38073fb45e Signed-off-by:
-
- 04 Apr, 2017 1 commit
-
-
Andrii Shtompel authored
Checking identity added to avoid including PSK suite if no appropriate PSK in SVR DB. Change-Id: I118c4b5864929cc8fdd0597af855f3c06b9332dc Signed-off-by:
Randeep Singh <randeep.s@samsung.com>
-
- 03 Apr, 2017 1 commit
-
-
Andrii Shtompel authored
Change-Id: I5d71be0f7f0fe2e499bd1940083db6cb84e0df75 Signed-off-by:
-
- 29 Mar, 2017 1 commit
-
-
Greg Zaverucha authored
Add unit test to exercise certificate provisioning and use (previously only provisioning was tested). Fixed bugs in credresource and ca_adapter_net_ssl. Configure mbedtls to use OCF certificate EKUs. Added more logging in many places. Exposed API to remove credentials locally for use by test code. Change-Id: Ia55c7f3a7518f12c99f60280062f156954bdf4ac Signed-off-by:
-
- 23 Mar, 2017 1 commit
-
-
Kevin Kane authored
Change cred resource to always provide own certificate as a PEM string, and no longer require ParseChain to heuristically parse a mixed bag of DER and PEM certs. Also, go back to having ParseChain return an int rather than a size_t which was changed during /W4 warning cleanup; it must be able to return negative values to indicate errors. Change-Id: Id36962ed580eb3bccc110aac0350349b05674ee7 Signed-off-by:
-
- 10 Mar, 2017 1 commit
-
-
Kevin Kane authored
Also change "ret == 0" to "0 == ret" for IOT-1870; opened from a previous code review. Change-Id: I829192698b9a8fed920e865f9cd4c2b968f8c951 Signed-off-by:
-
- 09 Mar, 2017 1 commit
-
-
Greg Zaverucha authored
- Shell script to create IoTivity identity certificates using OpenSSL command line tools. - Partial unit test for providing credentails to the CA adapter layer. Tests loading of PEM cert and key. - Misc changes and fixes to the cred resource - updated provisioning client to provision certs - helper code to create certs from CSRs Change-Id: I7d3ab4810c7f7d6247ed90420cb97cbdb5f829a4 Signed-off-by:
-
- 08 Mar, 2017 1 commit
-
-
Pawel Winogrodzki authored
Making sure any version changes of timer don't introduce level 4 warnings. I'm also changing the return value of StartRetransmit() inside ca_adapter_net_ssl.c, since it's being used as a timer callback, which doesn't return any values. Nowhere in the code was the returned value of that function read. Change-Id: Ic401ae27c5af46b05a21868dfa0c020ee6429f20 Signed-off-by:
Pawel Winogrodzki <pawelwi@microsoft.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/17513Reviewed-by:
-
- 04 Mar, 2017 2 commits
-
-
Pawel Winogrodzki authored
Removing the /W3 warnings in order to add the /WX option to prevent new ones from being added inside the resource/csdk/connectivity/ directory. Change-Id: Ibd53ad378b5d960ea59f2e2c61254a9257d03a3e Signed-off-by:
-
Dan Mihai authored
Avoid acquiring g_sslContextMutex recursively during Ownership Transfer. Instead, make it a requirement that the caller must own this lock. Finding a better solution for this old problem is now tracked by IOT-1876. Change-Id: I25ce19a5c48c5adab70e2287288833e40c4db213 Signed-off-by:
-
- 03 Mar, 2017 1 commit
-
-
Joonghwan Lee authored
This patch moves DTLS cookie context under SslContext struct and updates relavant cookie setup operation in order to fix the dtls reconnect. Also it might be happened a crash when one among sessions is removed and some client try to reconnect because SslEndPoint has cookie context. Patch 1: Initial upload Patch 2: Added __WITH_DTLS__ preprocess define Change-Id: I271047d458fd1fb5f5477f362c140f1764ae1f2e Signed-off-by:
Joonghwan Lee <jh05.lee@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/17283Tested-by:
Chul Lee <chuls.lee@samsung.com> Reviewed-by:
dongik Lee <dongik.lee@samsung.com> Reviewed-by:
-
- 02 Mar, 2017 1 commit
-
-
Jongmin Choi authored
SetupCipher() modified to support multiple ciphersuites rather than using a fixed one Patch #1: initial upload Patch #2: Rebased and SetupCipher() related changes applied Patch #3: Rebased Change-Id: I6cb57605984c273bcdb98c5130da9a9995ae50db Signed-off-by:
Jongmin Choi <jminl.choi@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/16251Tested-by:
-
- 28 Feb, 2017 1 commit
-
-
Kevin Kane authored
Changed the SSL adapter to use the MBEDTLS_OID_SIZE macro. Corrected a couple signed/unsigned issues in provisioningclient to fix warnings. Change-Id: I45e9723e57513a5281073e76b960622dae0cc15b Signed-off-by:
-
- 23 Feb, 2017 1 commit
-
-
Kevin Kane authored
Change-Id: I04a98127e2414c2e3c35f00c4d702bb228fb7dec Signed-off-by:
-
- 21 Feb, 2017 1 commit
-
-
Dan Mihai authored
1. Use the initial Ownership Transfer session even after setting-up the Owner Credential, when onboarding Servers based on OCF 1.0 - rather than closing that session and establishing a new one. 2. Posting the Owner Credential ACL might fail for older Servers. In that case, close the initial Ownership Transfer session and establish a new session, for compatibility with those older Servers. Change-Id: If242c0af4ec05ad9ca144c274ee5385bc7738d92 Signed-off-by:
-
- 20 Feb, 2017 1 commit
-
-
saurabh.s9 authored
Change-Id: I5b613534ab19344a5d261f0773df52c4d9bb2176 Signed-off-by:
saurabh.s9 <saurabh.s9@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/17111Tested-by:
-
- 16 Feb, 2017 2 commits
-
-
Joonghwan Lee authored
Adapter(Transport) type parameter is added to CAcloseSslConnectionAll function in order to enable sessions related to the only specified transport type to be closed. Patch 1: Initial upload Patch 2: Fixed print format Change-Id: I3bb658cf4c90e0e283a0b052f69f1fa8b593e748 Signed-off-by:
-
Chul Lee authored
[Philippe Coval] Ported from 1.2-rel to master branch Conflicts: resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c Change-Id: If2f43c0150afcb344c290f8bcb21f7647b0daa01 Signed-off-by:
-
- 15 Feb, 2017 1 commit
-
-
Hauke Mehrtens authored
The function mbedtls_debug_set_threshold() is only available when MBEDTLS_DEBUG_C is set. make the call depend on this condition. Change-Id: I8158bc4c55b428167e36084e7a46359c269c5fc7 Signed-off-by:
Hauke Mehrtens <hauke@hauke-m.de> Reviewed-on: https://gerrit.iotivity.org/gerrit/15119Tested-by:
-
- 14 Feb, 2017 2 commits
-
-
Dan Mihai authored
Remove workaround, now that change 82c4c656 is releasing the mutex, from the error code path. Change-Id: Ibfb5fad559d9351e3279d7af3346b49de8570738 Signed-off-by:
-
Dmitriy Zhuravlev authored
Remove carriage return from debug message added by default in mbedtls Change-Id: Ie6077a5eb294f1790b87472b4baa69fc283016c0 Signed-off-by:
Oleksandr Dmytrenko <o.dmytrenko@samsung.com> Signed-off-by:
-
- 13 Feb, 2017 1 commit
-
-
Chul Lee authored
Change-Id: I317e63d192af372844e672650c261578508e9331 Signed-off-by:
Jongsung Lee <js126.lee@samsung.com> Reviewed-by:
-
- 09 Feb, 2017 2 commits
-
-
Joonghwan Lee authored
It is possible to happen segmentation fault if retransmission thread lock a mutex during CAdeinitSslAdapter function is called Patch 1: Initial upload Change-Id: I446aeb2cc9d6cd07d2683984ba2783ab72020c58 Signed-off-by:
-
Joonghwan Lee authored
Fixed selected ciphersuite infomation to get from the session object when session established. This patch will be needed in case of multiple (D)TLS session are initiating. Patch 1:Initial upload Change-Id: I245443f9e1216da72c742fe7eafaf24445050dfa Signed-off-by:
-
- 30 Jan, 2017 1 commit
-
-
George Nash authoredThe compilar was warning that the variables macKeyLen, ivSize, and keySize could be used uninitialized. Very unlikely but really easy to fix. Change-Id: Ie3a8872194c3ffe3a43576cdc399f8a1e99e3387 Signed-off-by:
George Nash <george.nash@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/16799Tested-by:
-
- 25 Jan, 2017 2 commits
-
-
Chul Lee authored
Change-Id: I482f3d56dc1528c1287691d168b5272878065bbe Signed-off-by:
-
Jongmin Choi authored
Fix issues related to ownership transfer - Port change after failed ownership transfer Patch #1: initial upload Patch #2: build error fix Change-Id: Ia6df0e7b862f73fab166ccb2c8ceee6c348b8189 Signed-off-by:
jenkins-iotivity <jenkins-iotivity@opendaylight.org> Reviewed-by:
-
- 23 Jan, 2017 1 commit
-
-
Oleksii Beketov authored
1. ParseChain modified to get rid of 0x0 termination restriction. Upon now the certificate chain may contain mix of PEM or DER certificates with or without any separating symbols. 2. Add unit test for ParseChain Change-Id: I6a2d6664c323e415e79fbddf63842b29fe15e338 Signed-off-by:
-
- 21 Jan, 2017 1 commit
-
-
Dan Mihai authored
Fix an apparent incorrect merge from commit efb16a3d. Provisioningclient wasn't working anymore. Change-Id: I990f854bdd96127286d97d1ed00dca10ca9632bd Signed-off-by:
-
- 20 Jan, 2017 3 commits
-
-
Dmitriy Zhuravlev authored
Fixed OTM error caused by patchset 15853. Added close notify alert sending to DeletePeerList() Change-Id: Ib5363f8d16358a388df0f003e9111f1d56ccca62 Signed-off-by:
-
Joonghwan Lee authored
Patch 1: Initial upload Patch 2: Build retrigger Change-Id: I50bfe828a7522d245b7382f0252e465ca31eaff1 Signed-off-by:
-
Joonghwan Lee authored
Fix the following situation: 1. client tries OTM to server 2. OTM completed 3. network of server goes down and up => DTLS session has been removed 4. client tries to send a request to secure resource(e.g., /oic/sec/acl) 5. server prints bad client error(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO), and then ignore this 6. client never gets a response of it even if re-tries to sent same message Change-Id: Ie2cd3eaa49fc8782522126799994a5cd47cfaf4e Signed-off-by:
Mats Wichmann <mats@linux.com>
-
- 19 Jan, 2017 1 commit
-
-
Oleksii Beketov authored
1. Suites added: TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_256 0xC027 2. Removed: TLS_RSA_WITH_AES_256_CBC_SHA 0x35 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 3. SSL code refactored 4. Added unit tests for new cipher suites 5. CAsslGenerateOwnerPsk modified to support all suites Change-Id: If22925d175751a08121c66b90cc2907dd27ebee5 Signed-off-by:
-
