1. Rename one of the new constants.
2. Change a couple new string values to be file-static.
3. Add word32 typecasts to all the sizeof() uses in internal.c where
they are assigned to or used with word32 values. (Some compilers
complain about the implicit typecasting to values of smaller size.)
1. Add logging of the signature type used in both server authentication
and user authentication.
2. Fix issue with the user authentication request message using the key
type rather than the signature type in the message.
1. Started changing LENGTH_SZ to UINT32_SZ. The RFCs define the length
of strings and mpints as uint32 values.
2. Some whitespace changes.
3. The getting data into the input buffer is done based on the goal size.
The pattern is to get the first block, decrypt it if necessary, then read
the size out, then get that much data plus the size of the length and the
MAC.
1. Change LENGTH_SZ to be UINT32_SZ.
2. Change the buffer's length to be the insert point for adding data,
and the idx is where is it removed.
3. Changed the buffer's available size to be the length minus the idx.
4. Updated the copy behavior of GrowBuffer() and ShrinkBuffer().
1. Cleaned up some whitespace.
2. A couple functions were using a couple strings repeatedly. Assigned
to a pointer and used that instead. Also used strlen rather then
sizeof for them.
1. Pick the algorithm based on the server's user auth algo list for
SHA2 signing.
2. When PrepareUserAuthRequest is called based on keySigId, do it
conditionally on error.
1. Add sending and decoding the RFC 8308 extensions, specifically the
server signature algorithms extension.
2. Add function CountNameList() to count items in a name list.
3. Split GetNameList() to make GetNameListRaw() that is given the
pointer to the start of the list and its size.
4. Store the list of server user auth algos in the WOLFSSH object.
1. Increased the number of private keys stored.
2. Increased the number of items processed in the received KexInit
message. Other SSH implementations are sending many more possible
algorithm selections.
3. Split the adding of private keys and certificates to a WOLFSSH_CTX
into two functions. Both share an action to make sure certificates
and keys are married up as appropriate.
4. Removed the function UpdateKeyID() as it was modifying the
WOLFSSH_CTX after having created WOLFSSH objects with it. Its other
behaviors were incorporated into 3 above.
1. In the API test for SFTP, change the amount of the file requested to
the limit WOLFSSH_MAX_SFTP_RW.
2. The check for want read on the exit of the server worker should clear
ret if it is want read.
With the previous change for speed and timing, rekeying started having
trouble in SFTP. Each file block travels as two messages, and the
rekeying starts, but the messages are sent and lost. The client would
terminate the connection.
1. Tweak the timeout in the echoserver's SFTP loop.
2. Better checking for rekeying.
3. Returning that rekeying is happening.
wolfSSH has a reach too deep into the wolfSSH internals. SFTP should
be more like an application running on top of wolfSSH. We prefer to
keep it all in one application, so it will work well in an embedded
environment, but there needs more separation.
1. The sftp_worker loop in the echoserver should prioritize reading
the socket and processing the SSH layer messages. Next it should
ensure the transmit buffer for the SFTP channel is being written.
Last it should check the receive buffer for the SFTP for new
messages from the peer. wolfSSH_worker() will ensure data is read
from the socket, and distributed to the appropriate channel
receieve buffers, and will make sure the SSH bookkeeping is
performed.
2. SendChannelData() should also bound the send data amount by the
local maxPacketSz.
3. wolfSSH_SFTP_buffer_send() should send only one chunk of data, not
looping until everything is gone. Need to send, but cannot flood
the output.
4. Remove the call to wolfSSH_worker() from the buffer send.
5. The wolfSSH_SFTP_read() state machine should check the return
status from the call to buffer send, and if it isn't an error,
don't clear the state, allow for a want-write write again later.
6. Do not limit the file chunk size to send to WOLFSSH_MAX_SFTP_RW.
This limit is provided during SFTP negotiation. If the peer
requests that much data, send it.
6. Modify the select wrapper to have a very small microseconds value
in addition to the requested seconds.
JacobBarthelmeh
David Garske
John Safranek
Daniele Lacamera
Anthony Hu
Lealem Amedie