Merge pull request #254 from ejohnstown/release-rollup

Release Rollup
2020-04-28 13:21:26 -06:00 · 2020-04-28 13:21:26 -06:00 · 93be6db2f4
parent 53da5b837b 67620dcf2f
commit 93be6db2f4
8 changed files with 90 additions and 59 deletions
--- a/ChangeLog.md
+++ b/ChangeLog.md
@ -1,4 +1,34 @@
-### wolfSSH v1.4.3 (10/31/2019)
+# wolfSSH v1.4.4 (04/28/2020)
+
+## New Feature Additions
+
+- Added wolfSCP client example
+- Added support for building for VxWorks
+
+## Fixes
+
+- Fixes for some buffer issues discovered with fuzz testing
+- Fixes for some SCP directory issues in Nucleus
+- Fixed an issue where a buffer size went negative, cosmetic
+- Fixed bug in ECDSA when using alt-ecc-size in wolfCrypt
+- Fixed bug with AES-CTR and FIPSv2 build
+- Fixed bug when using single precision
+- Fix for SCP rename action
+
+## Improvements and Optimizations
+
+- Improved interoperability with FireZilla
+- Example tool option clarification
+- Better SFTP support in 32-bit environments
+- SFTP and SCP aren't dependent on ioctl() anymore
+- Add password rejection count
+- Public key vs password authentication chosen by user auth callback
+- MQX maintenance
+
+
+--------------------------------
+
+# wolfSSH v1.4.3 (10/31/2019)

 - wolfSFTP port to MQX 4.2 (MQX/MFS/RTCS)
 - Maintenance and bug fixes
@ -17,7 +47,7 @@
  example client


-### wolfSSH v1.4.2 (08/06/2019)
+# wolfSSH v1.4.2 (08/06/2019)

 - GCC 8 build warning fixes
 - Fix for warning with enums used with SFTP and set socket type
@ -38,7 +68,7 @@
 - Remove void cast on variable not compiled in with single threaded builds


-### wolfSSH v1.4.0 (04/30/2019)
+# wolfSSH v1.4.0 (04/30/2019)

 - SFTP support for time attributes
 - TCP port forwarding feature added (--enable-fwd)
@ -68,7 +98,7 @@
 - Renamed example SFTP to be examples/sftpclient/wolfsftp


-### wolfSSH v1.3.0 (08/15/2018)
+# wolfSSH v1.3.0 (08/15/2018)

 - Accepted code submission from Stephen Casner for SCP support. Thanks Stephen!
 - Added SCP server support.
@ -76,7 +106,7 @@
 - Updated the autoconf scripts.
 - Other bug fixes and enhancements.

-### wolfSSH v1.2.0 (09/26/2017)
+# wolfSSH v1.2.0 (09/26/2017)

 - Added ECDH Group Exchange with SHA2 hashing and curves nistp256,
  nistp384, and nistp521.
@ -89,7 +119,7 @@
 - Added a Visual Studio solution to build the library, examples, and tests.
 - Other bug fixes and enhancements.

-### wolfSSH v1.1.0 (06/16/2017)
+# wolfSSH v1.1.0 (06/16/2017)

 - Added DH Group Exchange with SHA-256 hashing to the key exchange.
 - Removed the canned banner and provided a function to set a banner string.
@ -103,6 +133,6 @@
 - Fixed a bug with the GetString function.
 - Other small bug fixes and enhancements.

-### wolfSSH v1.0.0 (10/24/2016)
+# wolfSSH v1.0.0 (10/24/2016)

 Initial release.
--- a/configure.ac
+++ b/configure.ac
@ -3,7 +3,7 @@
 # All right reserved.

 AC_COPYRIGHT([Copyright (C) 2014-2020 wolfSSL Inc.])
-AC_INIT([wolfssh],[1.4.3],[support@wolfssl.com],[wolfssh],[https://www.wolfssl.com])
+AC_INIT([wolfssh],[1.4.4],[support@wolfssl.com],[wolfssh],[https://www.wolfssl.com])
 AC_PREREQ([2.63])
 AC_CONFIG_AUX_DIR([build-aux])

@ -20,7 +20,7 @@ AC_ARG_PROGRAM
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([src/config.h])

-WOLFSSH_LIBRARY_VERSION=10:0:1
+WOLFSSH_LIBRARY_VERSION=11:0:2
 #                       | | |
 #                +------+ | +---+
 #                |        |     |
@ -56,6 +56,7 @@ AC_CHECK_SIZEOF([off_t])

 # Check headers/libs
 AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday inet_ntoa memset socket])
+AC_CHECK_HEADERS([sys/time.h])
 AC_CHECK_LIB([network],[socket])
 AC_CHECK_LIB([wolfssl],[wolfCrypt_Init],,[AC_MSG_ERROR([libwolfssl is required for ${PACKAGE}. It can be obtained from https://www.wolfssl.com/download.html/ .])])

@ -77,6 +78,8 @@ AX_PTHREAD([
    AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"])
    AM_CFLAGS="$AM_CFLAGS $PTHREAD_CFLAGS"])

+AX_AM_JOBSERVER([yes])
+
 # Inline Build
 AC_ARG_ENABLE([inline],
    [AS_HELP_STRING([--disable-inline],[Disable inline functions (default: enabled)])],
@ -109,7 +112,7 @@ AC_ARG_ENABLE([fwd],

 # pseudo-terminal
 AC_ARG_ENABLE([term],
-    [AS_HELP_STRING([--enable-term],[Enable pseudo-terminal support (default: enabled)])],
+    [AS_HELP_STRING([--disable-term],[Enable pseudo-terminal support (default: enabled)])],
    [ENABLED_PTERM=$enableval],[ENABLED_PTERM=yes])

 # Enable All
@ -169,32 +172,31 @@ AC_SUBST([AM_LDFLAGS])
 AC_CONFIG_FILES([Makefile wolfssh/version.h])

 AX_CREATE_GENERIC_CONFIG
-AX_AM_JOBSERVER([yes])

 AC_OUTPUT

 # force make clean
-echo "---"
-echo "Running make clean..."
+AS_ECHO(["---"])
+AS_ECHO(["Running make clean..."])
 make clean >/dev/null 2>&1

 # output config summary
-echo "---"
-echo "Configuration summary for $PACKAGE_NAME version $VERSION"
-echo ""
-echo "   * Installation prefix:       $prefix"
-echo "   * System type:               $host_vendor-$host_os"
-echo "   * Host CPU:                  $host_cpu"
-echo "   * C Compiler:                $CC"
-echo "   * C Flags:                   $CFLAGS"
-echo "   * CPP Flags:                 $CPPFLAGS"
-echo "   * Linker Flags:              $LDFLAGS"
-echo
-echo "   Features"
-echo "   * Inline Code:               $ENABLED_INLINE"
-echo "   * keygen:                    $ENABLED_KEYGEN"
-echo "   * psuedo-terminal:           $ENABLED_PTERM"
-echo "   * scp:                       $ENABLED_SCP"
-echo "   * sftp:                      $ENABLED_SFTP"
-echo "   * TCP/IP Forwarding:         $ENABLED_FWD"
-echo "   * Examples:                  $ENABLED_EXAMPLES"
+AS_ECHO(["---"])
+AS_ECHO(["Configuration summary for $PACKAGE_NAME version $VERSION"])
+AS_ECHO
+AS_ECHO(["   * Installation prefix:       $prefix"])
+AS_ECHO(["   * System type:               $host_vendor-$host_os"])
+AS_ECHO(["   * Host CPU:                  $host_cpu"])
+AS_ECHO(["   * C Compiler:                $CC"])
+AS_ECHO(["   * C Flags:                   $CFLAGS"])
+AS_ECHO(["   * CPP Flags:                 $CPPFLAGS"])
+AS_ECHO(["   * Linker Flags:              $LDFLAGS"])
+AS_ECHO
+AS_ECHO(["   Features"])
+AS_ECHO(["   * Inline Code:               $ENABLED_INLINE"])
+AS_ECHO(["   * keygen:                    $ENABLED_KEYGEN"])
+AS_ECHO(["   * psuedo-terminal:           $ENABLED_PTERM"])
+AS_ECHO(["   * scp:                       $ENABLED_SCP"])
+AS_ECHO(["   * sftp:                      $ENABLED_SFTP"])
+AS_ECHO(["   * TCP/IP Forwarding:         $ENABLED_FWD"])
+AS_ECHO(["   * Examples:                  $ENABLED_EXAMPLES"])
--- a/examples/client/client.c
+++ b/examples/client/client.c
@ -30,7 +30,7 @@

 #ifndef NO_WOLFSSH_CLIENT

-const char testString[] = "Hello, wolfSSH!";
+static const char testString[] = "Hello, wolfSSH!";


 /* type = 2 : shell / execute command settings
@ -144,7 +144,7 @@ static void ShowUsage(void)
 }


-byte userPassword[256];
+static byte userPassword[256];

 static int wsUserAuth(byte authType,
                      WS_UserAuthData* authData,
--- a/examples/sftpclient/sftpclient.c
+++ b/examples/sftpclient/sftpclient.c
@ -104,13 +104,13 @@ static int NonBlockSSH_connect(void)
 /* for command reget and reput to handle saving offset after interrupt during
 * get and put */
 #include <signal.h>
-static byte interupt = 0;
+static byte interrupt = 0;

 static void sig_handler(const int sig)
 {
    (void)sig;

-    interupt = 1;
+    interrupt = 1;
    wolfSSH_SFTP_Interrupt(ssh);
 }
 #endif /* WS_NO_SIGNAL */
@ -189,8 +189,6 @@ static void clean_path(char* path)
    }
 }

-const char sftpTestString[] = "Hello, wolfSSH!";
-
 #define WS_MAX_EXAMPLE_RW 1024

 static int SetEcho(int on)
@ -294,14 +292,14 @@ static void ShowUsage(void)
 }


-byte userPassword[256];
-byte userPublicKeyType[32];
-byte userPublicKey[512];
-word32 userPublicKeySz;
-const byte* userPrivateKey;
-word32 userPrivateKeySz;
+static byte userPassword[256];
+static byte userPublicKeyType[32];
+static byte userPublicKey[512];
+static word32 userPublicKeySz;
+static const byte* userPrivateKey;
+static word32 userPrivateKeySz;

-const char hanselPublicRsa[] =
+static const char hanselPublicRsa[] =
    "AAAAB3NzaC1yc2EAAAADAQABAAABAQC9P3ZFowOsONXHD5MwWiCciXytBRZGho"
    "MNiisWSgUs5HdHcACuHYPi2W6Z1PBFmBWT9odOrGRjoZXJfDDoPi+j8SSfDGsc/hsCmc3G"
    "p2yEhUZUEkDhtOXyqjns1ickC9Gh4u80aSVtwHRnJZh9xPhSq5tLOhId4eP61s+a5pwjTj"
@ -309,7 +307,7 @@ const char hanselPublicRsa[] =
    "NmzI5y/+pzU5afsdeEWdiQDIQc80H6Pz8fsoFPvYSG+s4/wz0duu7yeeV1Ypoho65Zr+pE"
    "nIf7dO0B8EblgWt+ud+JI8wrAhfE4x";

-const byte hanselPrivateRsa[] = {
+static const byte hanselPrivateRsa[] = {
  0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
  0xbd, 0x3f, 0x76, 0x45, 0xa3, 0x03, 0xac, 0x38, 0xd5, 0xc7, 0x0f, 0x93,
  0x30, 0x5a, 0x20, 0x9c, 0x89, 0x7c, 0xad, 0x05, 0x16, 0x46, 0x86, 0x83,
@ -412,14 +410,14 @@ const byte hanselPrivateRsa[] = {
  0xec, 0x18, 0xdb
 };

-unsigned int hanselPrivateRsaSz = 1191;
+static const unsigned int hanselPrivateRsaSz = 1191;


-const char hanselPublicEcc[] =
+static const char hanselPublicEcc[] =
    "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNkI5JTP6D0lF42tbx"
    "X19cE87hztUS6FSDoGvPfiU0CgeNSbI+aFdKIzTP5CQEJSvm25qUzgDtH7oyaQROUnNvk=";

-const byte hanselPrivateEcc[] = {
+static const byte hanselPrivateEcc[] = {
  0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x03, 0x6e, 0x17, 0xd3, 0xb9,
  0xb8, 0xab, 0xc8, 0xf9, 0x1f, 0xf1, 0x2d, 0x44, 0x4c, 0x3b, 0x12, 0xb1,
  0xa4, 0x77, 0xd8, 0xed, 0x0e, 0x6a, 0xbe, 0x60, 0xc2, 0xf6, 0x8b, 0xe7,
@ -433,7 +431,7 @@ const byte hanselPrivateEcc[] = {
  0xf9
 };

-unsigned int hanselPrivateEccSz = 121;
+static const unsigned int hanselPrivateEccSz = 121;


 static int wsUserAuth(byte authType,
--- a/ide/winvs/user_settings.h
+++ b/ide/winvs/user_settings.h
@ -21,11 +21,10 @@
 #define NO_DSA
 #define NO_MD4
 #define WC_RSA_BLINDING
-#define USE_FAST_MATH
-#define TFM_TIMING_RESISTANT
-#define ECC_TIMING_RESISTANT
 #define WOLFSSL_PUBLIC_MP
 #define SINGLE_THREADED
+#define WC_NO_HARDEN
+
 #define WOLFSSH_TERM

 #endif /* _WIN_USER_SETTINGS_H_ */
--- a/src/wolfsftp.c
+++ b/src/wolfsftp.c
@ -425,7 +425,7 @@ static void wolfSSH_SFTP_ClearState(WOLFSSH* ssh, enum WS_SFTP_STATE_ID state)
    if (ssh) {

        if (state == 0)
-            state = ~state; /* set all bits hot */
+            state = (enum WS_SFTP_STATE_ID)~state; /* set all bits hot */

        if (state & STATE_ID_GET) {
            WFREE(ssh->getState, ssh->ctx->heap, DYNTYPE_SFTP_STATE);
@ -1219,7 +1219,7 @@ int wolfSSH_SFTP_read(WOLFSSH* ssh)

                    if ((int)state->idx < state->sz) {
                        ret = wolfSSH_worker(ssh, NULL);
-                        if (ssh->error == WS_WANT_READ) {
+                        if (ret != WS_SUCCESS && ssh->error == WS_WANT_READ) {
                            /* was something there to read, try again */
                            state->toSend = 2;
                            return WS_FATAL_ERROR;
--- a/wolfssh/version.h
+++ b/wolfssh/version.h
@ -33,8 +33,8 @@
 extern "C" {
 #endif

-#define LIBWOLFSSH_VERSION_STRING "1.4.3"
-#define LIBWOLFSSH_VERSION_HEX 0x01004003
+#define LIBWOLFSSH_VERSION_STRING "1.4.4"
+#define LIBWOLFSSH_VERSION_HEX 0x01004004

 #ifdef __cplusplus
 }
--- a/wolfssh/wolfscp.h
+++ b/wolfssh/wolfscp.h
@ -53,8 +53,10 @@ extern "C" {
 #endif

 #if !defined(WOLFSSH_SCP_USER_CALLBACKS) && !defined(NO_FILESYSTEM)
-    /* for utimes() */
-    #include <sys/time.h>
+    #include <time.h>
+    #ifdef HAVE_SYS_TIME_H
+        #include <sys/time.h>
+    #endif
    #include <errno.h>

    typedef struct ScpSendCtx {