1. Pick the algorithm based on the server's user auth algo list for
SHA2 signing.
2. When PrepareUserAuthRequest is called based on keySigId, do it
conditionally on error.
1. Add sending and decoding the RFC 8308 extensions, specifically the
server signature algorithms extension.
2. Add function CountNameList() to count items in a name list.
3. Split GetNameList() to make GetNameListRaw() that is given the
pointer to the start of the list and its size.
4. Store the list of server user auth algos in the WOLFSSH object.
1. Increased the number of private keys stored.
2. Increased the number of items processed in the received KexInit
message. Other SSH implementations are sending many more possible
algorithm selections.
3. Split the adding of private keys and certificates to a WOLFSSH_CTX
into two functions. Both share an action to make sure certificates
and keys are married up as appropriate.
4. Removed the function UpdateKeyID() as it was modifying the
WOLFSSH_CTX after having created WOLFSSH objects with it. Its other
behaviors were incorporated into 3 above.
1. In the API test for SFTP, change the amount of the file requested to
the limit WOLFSSH_MAX_SFTP_RW.
2. The check for want read on the exit of the server worker should clear
ret if it is want read.
With the previous change for speed and timing, rekeying started having
trouble in SFTP. Each file block travels as two messages, and the
rekeying starts, but the messages are sent and lost. The client would
terminate the connection.
1. Tweak the timeout in the echoserver's SFTP loop.
2. Better checking for rekeying.
3. Returning that rekeying is happening.
wolfSSH has a reach too deep into the wolfSSH internals. SFTP should
be more like an application running on top of wolfSSH. We prefer to
keep it all in one application, so it will work well in an embedded
environment, but there needs more separation.
1. The sftp_worker loop in the echoserver should prioritize reading
the socket and processing the SSH layer messages. Next it should
ensure the transmit buffer for the SFTP channel is being written.
Last it should check the receive buffer for the SFTP for new
messages from the peer. wolfSSH_worker() will ensure data is read
from the socket, and distributed to the appropriate channel
receieve buffers, and will make sure the SSH bookkeeping is
performed.
2. SendChannelData() should also bound the send data amount by the
local maxPacketSz.
3. wolfSSH_SFTP_buffer_send() should send only one chunk of data, not
looping until everything is gone. Need to send, but cannot flood
the output.
4. Remove the call to wolfSSH_worker() from the buffer send.
5. The wolfSSH_SFTP_read() state machine should check the return
status from the call to buffer send, and if it isn't an error,
don't clear the state, allow for a want-write write again later.
6. Do not limit the file chunk size to send to WOLFSSH_MAX_SFTP_RW.
This limit is provided during SFTP negotiation. If the peer
requests that much data, send it.
6. Modify the select wrapper to have a very small microseconds value
in addition to the requested seconds.
John Safranek
JacobBarthelmeh
Anthony Hu
David Garske
Lealem Amedie