For Zephyr, we allocate memory for a thread's stack from the heap.
Recently a thread's stack size was changed from 24k to 48k. wolfSSH
needed the size of the libc memory arena to be increased a bit to
account for this change.
1. Add an error code for Ed25519 signing or verify issues.
2. Add Ed25519 key support to ReadKey.
3. Add client side support for Ed25519.
4. Update some key usage log strings to be more descriptive.
1. Add testing key for user barney.
2. Remove some instances of the incorrect macro guard WOLFSSH_NO_ECC. We
deal in ECDSA or ECDHE separately only.
3. Add WIP function for decoding the OpenSSH format Ed25519 key.
1. Remove some redundant (and incorrect) scaffolding for a couple
algorithms.
2. Whitespace fixes and add some braces to if-else blocks.
3. Fix allocating an ed25519 key, instead of using an ecc_key for it.
4. Replace a crypto failure error with an invalid algo error.
1. Added support for Ed25519 private keys.
2. Added more define guards for ED25519
3. The userAuthResultCb must be invoked only in the case the pubkey has
a signature.
4. Define WOLFSSH_NO_ED25519 if the ssh-ed25519 pubkey support must not
be compiled for lack of prerequisites.
1. Add a parameter to the client key agree functions for the hashId.
It's only really used for EcdhKyber1, but it keeps the functions
parallel.
2. Add and update some top-of-function comments for the key agree
functions.
3. Renamed the X25519 key agreement functions to Curve25519 to match the
naming in the RFC.
4. Removed the temporary hashId local in the client EcdhKyber1
function.
5. Messed around with some variable declarations in a few of the
functions.
6. Fix a couple breaks for small stack build.
7. Fix where GEX-SHA2 key exchange wasn't allowed to work.
8. Disable EcdhKyber1 is ECDH-NISTP256 is disabled.
1. In SendKexDhReply(), break down the key agreement actions for the
various supported key types into their own functions. Remove
the redundant variables.
2. In DoKexDhInit(), add flags for the various key agreement types, and
set them as appropriate when checking the selected kexId. The flags
are always present no matter the build options.
3. Simplify some of the flag checks for optional options.
1. In the key signature block, add flag for Ecc, and for the key
allocation.
2. Add FreePubKey() to delete the pub key stored in the key signature
block.
3. In DoKexDhReply(), break down the key agreement actions for the
various supported key types into their own functions. Remove the
redundant variables.
4. Using flags that are always present, reduce some of the complicated
flag checks.
5. Fix a compile guard where the ECDH private key used by the client is
disabled by ECDSA.
1. Fix a couple spots where a flag to use kyber wasn't getting set
correctly.
2. Changed a check to kyber back to the original source, a local
variable.
1. In the echoserver, change the names of the defines for the
static memory values.
2. Modify the client common functions for keys and certs to take a heap
value for their allocations.
3. Update the client's use of the common key and cert function calls to
pass NULL for the heap.
4. Add a static memory description for the sftp client code.
1. Modify the echoserver to use a static memory pool when using the flag
WOLFSSH_STATIC_MEMORY. Uses NULL otherwise. The WOLFSSH_CTX is
created with the pool and subsequent allocations for the WOLFSSH
server use the same pool.
2. Add a configuration for the memory pool. Only works with SFTP
enabled.
3. Add the memory pool use statistics to the echoserver.
1. In the brew install step explicitly install autoconf and add libtool.
2. Skip running autogen.sh for wolfSSH, just use autoreconf directly.
3. Use "--enable-wolfssh" when building wolfSSL.
1. Add an error code and string for the message filtering fail.
2. Add a function to check incoming message IDs for appropriateness
during the client or server handshake.
(ZD 17710)
1. Split ParseAndVerifyCert() into ParseCertChainVerify() and
ParseCert() with a common ParseCertChain() function.
2. When the server is checking the user's certificate, don't do the
verify step. Verify when the user's client sends a signature. The
server needs to tell the client the cert is OK as a cert. Make the
client do a PK sign.
3. If the certificate check fails, we still need to be able to send the
failure message to the peer. Set the `ret` value back to
`WS_SUCCESS`. All other auth actions are gated on the `authFailed`.
4. Whitespace.
(ZD 17555)
1. Add dynamic memory type of string to the allocation of the list of
modes when opening a pty.
2. When freeing a WOLFSSH object, free modes when it is set.
John Safranek
Fabio Alemagna
JacobBarthelmeh
Lealem Amedie
Eric Blankenhorn
Sean Parkinson
Hideki Miyazaki
Juliusz Sosinowicz
Anthony Hu
Daniel Pouzzner
David Garske