This adds the `diffie-hellman-group16-sha512` key exchange and
`hmac-sha2-512` mac support.
Echoserver can now take `-x` for key exchange and `-m` for mac setting,
and `-c` for cipher so that this can be used in the test suite.
This implements Keyboard-Interactive authentication.
Adds an additional callback set by `wolfSSH_KeyboarAuthPrompts()` which
will set a callback in the server to ask the application to provide the
prompt details for the client.
1. Fix echoserver's load_file function. Could potentially dereference
null if a file size is passed in, but using a null buf to get the
file's size only.
1. Add the code from wolfsshd that initially sets up the terminal
settings to the echoserver.
2. Add the WOLFSSH_TERM flag to the build of the echoserver.
1. In the echoserver, change the names of the defines for the
static memory values.
2. Modify the client common functions for keys and certs to take a heap
value for their allocations.
3. Update the client's use of the common key and cert function calls to
pass NULL for the heap.
4. Add a static memory description for the sftp client code.
1. Modify the echoserver to use a static memory pool when using the flag
WOLFSSH_STATIC_MEMORY. Uses NULL otherwise. The WOLFSSH_CTX is
created with the pool and subsequent allocations for the WOLFSSH
server use the same pool.
2. Add a configuration for the memory pool. Only works with SFTP
enabled.
3. Add the memory pool use statistics to the echoserver.
1. Remove the continue from the SFTP worker loop when there's a timeout
on the select and when there's a want_read from the wolfSSH_worker.
2. When the select has receive data ready, check it. Don't make it
conditional on want read as well.
The goal is that when there isn't data waiting on the socket, check and
process the data in the SFTP channel's buffer, always.
1. Modified SignalTcpReady() to test.h. Matched its prototype to the
other functions for TcpReady.
2. Add a timeout in WaitTcpReady() specifically for Zephyr builds.
3. Misc few cleanups.
A couple changes to keep the echoserver from spin-locking.
1. The SFTP worker should wait for data if the channel window is full.
If the client isn't sending a window adjust, it might be because of a
human time scale issue. New timeout is 60 seconds.
2. When the echoserver is waiting for something from the user and the
select times out, wait a second instead.
1. In the API test for SFTP, change the amount of the file requested to
the limit WOLFSSH_MAX_SFTP_RW.
2. The check for want read on the exit of the server worker should clear
ret if it is want read.
With the previous change for speed and timing, rekeying started having
trouble in SFTP. Each file block travels as two messages, and the
rekeying starts, but the messages are sent and lost. The client would
terminate the connection.
1. Tweak the timeout in the echoserver's SFTP loop.
2. Better checking for rekeying.
3. Returning that rekeying is happening.
wolfSSH has a reach too deep into the wolfSSH internals. SFTP should
be more like an application running on top of wolfSSH. We prefer to
keep it all in one application, so it will work well in an embedded
environment, but there needs more separation.
1. The sftp_worker loop in the echoserver should prioritize reading
the socket and processing the SSH layer messages. Next it should
ensure the transmit buffer for the SFTP channel is being written.
Last it should check the receive buffer for the SFTP for new
messages from the peer. wolfSSH_worker() will ensure data is read
from the socket, and distributed to the appropriate channel
receieve buffers, and will make sure the SSH bookkeeping is
performed.
2. SendChannelData() should also bound the send data amount by the
local maxPacketSz.
3. wolfSSH_SFTP_buffer_send() should send only one chunk of data, not
looping until everything is gone. Need to send, but cannot flood
the output.
4. Remove the call to wolfSSH_worker() from the buffer send.
5. The wolfSSH_SFTP_read() state machine should check the return
status from the call to buffer send, and if it isn't an error,
don't clear the state, allow for a want-write write again later.
6. Do not limit the file chunk size to send to WOLFSSH_MAX_SFTP_RW.
This limit is provided during SFTP negotiation. If the peer
requests that much data, send it.
6. Modify the select wrapper to have a very small microseconds value
in addition to the requested seconds.
1. Found a few cases where disabling RSA made some things either not
build or run correctly.
2. Hushed a few unused variables in gated-disabled situations.
3. Moved a temp variable closer to where it is used.
1. Leave out the setup of the tcp_ready record when not using threading.
2. Don't change the echoserver directory when building for Integrity.
3. Change WEXIT to be a return(0) when building for Integrity.
4. The echoserver shouldn't call exit directly, it should save the
return_code server args and then return to the caller.
5. When using forwarding, don't exit if the address is IPv6, return an
error.
6. When exiting, close the listen file descriptor.
7. Reset myoptind to 0 before processing the options list.
1. For Integrity builds, err_sys should only printf.
2. For Integrity builds, WEXIT should be a return.
3. In the echoserver, add explicit WEXITs for the err_sys statements.
1. In the echoserver's user authentication function, the summary check was
refactored and the old code wasn't removed. A more strict compiler
noticed the code was never executed.
2. Moved the ret check variable to the section of the function where it
is used.
1. Allow user to add multiple server keys to the CTX up to a limit.
2. Clear the list of server's keys when releasing the CTX.
3. Update the API test case.
4. Server key algo list based on keys loaded.
5. Server uses key requested by client.
6. Change echoserver to load ECC and RSA key, -E option to select order.
7. Added a function to identify keys, and another to identify certs.
8. Added a function to add keys or certs to the list of keys and certs.
9. Fix return value for MAC Algo C2S match fail to the correct value.
1. Update wolfSSH_SFTPNAME_readdir() to have a special case getting
the drive letters at root in Windows.
2. The Win32 APIs can use forward slashes, but cannot have one at the
beginning of the path before the drive letter. Add a trim function
to remove the leading slash in the SFTP paths.
3. Update echoserver to always set the default SFTP path to either the
provided command line option or to the CWD for the echoserver run.
4. Get the RealPath for the default path
5. Tweak wolfSSH_RealPath() to handle some Windows cases.
6. Added more test cases.
1. Fix build error when building without certificates.
2. Add the root CA option to the echoserver usage.
3. Update the readme file to include the new certificate option.
4. Added command line option to load a CA cert into the echoserver.
Andrew Hutchings
Anthony Hu
aidan garske
JacobBarthelmeh
John Safranek
Juliusz Sosinowicz
Fabio Alemagna