string.h is required for memcmp() that is used in session.c and
dtls_debug.c. Therefore, the header file needs to be included
only in these two files.
Change-Id: I11db1c37a7cc13d8fa2826f6d3e38d3765f4a4ec
Use of random() requires that _GNU_SOURCE is defined.
Cannot use variables named rand.
Make sure that dtls_prng.o is rebuilt whenever any of the
platform-specific/dtls_prng_*.c files are updated.
Signed-off-by: Jon Shallow <supjps-libcoap@jpshallow.com>
Every unsupported tls extension is logged using dtls_warn(), and the default
logging level is set to DTLS_LOG_WARN.
Update logging call to dtls_notice(), to reduce logging output noise.
Signed-off-by: Jon Shallow <supjps-libcoap@jpshallow.com>
Use cipher_suite_param_t for cipher-suite specific mac_len and
key_exchange_algorithm. Introduce dtls_cipher_index_t for simplified
cipher-suite parameter lookup. Cleanup old functions.
Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
Replace the "sizeof(buf)" with passed in size.
Drop received messages exceeding the buffer size.
Introduced "buf_ready", true, if last character in "buf" is a newline.
Use "strstr" to detect command.
Add "client:exit" command.
Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
Remove renegotiation also from test applications.
Complies with RFC7925, 17. Renegotiation Attacks.
Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
Allow the application to define a log handler callback to use to provide
consistency in the logging output logic.
Signed-off-by: Jon Shallow <supjps-libcoap@jpshallow.com>
Follow the model of how things are done for Contiki.
Set up a new WITH_LWIP_NO_SOCKET (which happens with NO_SYS = 1)
and use this when setting up addresses.
Add in platform specific for dtls_prng_lwip.c and lwip_platform.h
Update dtls_time.[ch] to handle LWIP version of time.
Code works for NO_SYS = 1 or NO_SYS = 0.
Signed-off-by: Jon Shallow <supjps-libcoap@jpshallow.com>
Dynamically build DoxygenLayout.xml to get the latest layout for the current
version of doxygen.
Update Doxyfile.in to the Ubuntu20 version.
Signed-off-by: Jon Shallow <supjps-libcoap@jpshallow.com>
Exclude cmake options for zephyr builds, if these are set by zephyr.
Exclude file(CONFIGURE ..), if cmake is older than 3.18.
Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
Add new option WARNING_TO_ERROR for CMakeLists.txt and tests/CMakelist.txt
and update github workflows to use it.
Do the cmake in a sub-directory.
Fix warnings generated by mac-os build in dtls.c and sha2.c.
Signed-off-by: Jon Shallow <supjps-libcoap@jpshallow.com>
Do not skip cipher suites and compression methods in dtls_create_cookie,
as documented at the begin of the function.
Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
Add length of field to read next to the checks.
Ensure the msg is long enough to read that field.
Fixes: issue #134
Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
In handle_0_verified_client_hello(), an existing peer is released and
replaced by a new peer object. To ensure that references to this peer
are cleared, dtls_destroy_peer() must be called.
Moreover, when handle_verified_client_hello() fails for the new peer
structure, dtls_destroy_peer() must be called for that peer as well to
ensure removal from the sendqueue. DTLS_DESTROY_PEER is specified to
indicate that the peer should not continue the handshake.
This issue has been reported by Shisong Qin.
Change-Id: I522ba03f93914d0c08aac5b810309c17cf660185
The parameter unlink for dtls_destroy_peer() has been in use for
several years and therefore can be safely removed.
The third argument for dtls_destroy_peer() now is treated as
flags. The only value currently defined is DTLS_DESTROY_CLOSE to
indicate that the connection should be closed (no CloseNotify is sent
when the session is already closed or closing).
Change-Id: I752708b50d4fbe926802a6b1be44a898acb2d485
Reformat lines to fit into range 72-80 characters.
Removes "coding standards" from developer resources, it's not provider
there.
Removes "gerrit", it's not longer in use.
Replaces CLA by the new ECA.
Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
For ASN.1 integers greater than 128 (i.e., with the most significant
bit set) the encoded length might exceed *data_len. The length check
is done upfront to ensure that the specified number of octets does
not exceed the actual *data_len.
This bug was reported by Shisong Qin.
Change-Id: Ica021b4783b718c7f4c2ffc4970e2dd9d9da453a
Currently tinydtls uses EPL-1.0 and mixing with EPl-2.0 is not
recommended. Therefore adjust the EPL-2.0 of new files to
EPL-1.0.
Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
