1. Add an error code and string for the message filtering fail.
2. Add a function to check incoming message IDs for appropriateness
during the client or server handshake.
(ZD 17710)
1. Split ParseAndVerifyCert() into ParseCertChainVerify() and
ParseCert() with a common ParseCertChain() function.
2. When the server is checking the user's certificate, don't do the
verify step. Verify when the user's client sends a signature. The
server needs to tell the client the cert is OK as a cert. Make the
client do a PK sign.
3. If the certificate check fails, we still need to be able to send the
failure message to the peer. Set the `ret` value back to
`WS_SUCCESS`. All other auth actions are gated on the `authFailed`.
4. Whitespace.
(ZD 17555)
1. Add dynamic memory type of string to the allocation of the list of
modes when opening a pty.
2. When freeing a WOLFSSH object, free modes when it is set.
1. Remove the continue from the SFTP worker loop when there's a timeout
on the select and when there's a want_read from the wolfSSH_worker.
2. When the select has receive data ready, check it. Don't make it
conditional on want read as well.
The goal is that when there isn't data waiting on the socket, check and
process the data in the SFTP channel's buffer, always.
1. The wrapper for the pragma PRAGMA_GCC_DIAG_PUSH and its friends are
not set up to be used like a function. Remove the semicolons after
their usage. (Clang doesn't care, but MSVC does.)
1. Add new list for the public key algorithms the server can verify
from the client for user authentication.
2. Add accessors for the key allowed list.
1. Change SendKexInit() to send the configured Key algorithm list or the
default list if a client or server with a list set. If the server
doesn't have a list set, use the list from adding the keys.
2. Add the soft disable macro around setting ssh-rsa to the list of public
key types in the server.
3. Change DoKexInit() to use the appropriate key algorithm list for decoding
and matching the peer's list.
4. Whitespace.
5. Rearrange the new functions and prototypes in a different order.
1. Fix using the MAC algorithm list from the WOLFSSH object when matching
the peer's algorithm.
2. Fix polarity checking WOLFSSH_NO_SHA1_SOFT_DISABLE.
3. Remove some redundant size constants. Use strlen().
4. Rearrange the canned key algorithm names, add the missing items, and
add guards.
5. Whitespace.
1. Using the configurable list from the WOLFSSH for setting the KEX
algorithm list.
2. Removed the ID lists for the KEX algorithm list used in
DoKexInit().
3. Changing DoKexInit() to use the configurable KEX list.
1. Using the configurable list from the WOLFSSH for setting the cipher
list and the MAC list.
2. Removed the ID lists for the cipher list and MAC list used in
DoKextInit().
3. Changing DoKexInit() to use the configurable cipher and MAC lists.
1. Add APIs for setting the algorithm lists used in the KEX initization
messages.
2. Add API to check if a specified algorithm name is available.
3. Add APIs to list available algorithms.
4. Add algorithm lists to the WOLFSSH_CTX and WOLFSSH structures.
5. Added a local function to fetch algorithm strings based on their type and
an index.
6. Added starter tests for the algorithm functions.
7. Move the canned algorithm list strings before CtxInit() so they may be
used for default lists in the WOLFSSH_CTX.
8. Carry over the algorithm name lists from WOLFSSH_CTX to WOLFSSH.
9. Remove dead code.
10. Add parameter names to a few function prototypes.
1. Restore SHA-1 as enabled by default.
2. Introduce a "soft disable" for SHA-1 algorithms. SHA-1 is allowed to
be used, but the default configuration will not advertise it as
available in the KEX.
John Safranek
David Garske
JacobBarthelmeh
Anthony Hu
Daniel Pouzzner
Hideki Miyazaki