diff --git a/ChangeLog.md b/ChangeLog.md index 6c7b940..9a30f5a 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,4 +1,34 @@ -### wolfSSH v1.4.3 (10/31/2019) +# wolfSSH v1.4.4 (04/28/2020) + +## New Feature Additions + +- Added wolfSCP client example +- Added support for building for VxWorks + +## Fixes + +- Fixes for some buffer issues discovered with fuzz testing +- Fixes for some SCP directory issues in Nucleus +- Fixed an issue where a buffer size went negative, cosmetic +- Fixed bug in ECDSA when using alt-ecc-size in wolfCrypt +- Fixed bug with AES-CTR and FIPSv2 build +- Fixed bug when using single precision +- Fix for SCP rename action + +## Improvements and Optimizations + +- Improved interoperability with FireZilla +- Example tool option clarification +- Better SFTP support in 32-bit environments +- SFTP and SCP aren't dependent on ioctl() anymore +- Add password rejection count +- Public key vs password authentication chosen by user auth callback +- MQX maintenance + + +-------------------------------- + +# wolfSSH v1.4.3 (10/31/2019) - wolfSFTP port to MQX 4.2 (MQX/MFS/RTCS) - Maintenance and bug fixes @@ -17,7 +47,7 @@ example client -### wolfSSH v1.4.2 (08/06/2019) +# wolfSSH v1.4.2 (08/06/2019) - GCC 8 build warning fixes - Fix for warning with enums used with SFTP and set socket type @@ -38,7 +68,7 @@ - Remove void cast on variable not compiled in with single threaded builds -### wolfSSH v1.4.0 (04/30/2019) +# wolfSSH v1.4.0 (04/30/2019) - SFTP support for time attributes - TCP port forwarding feature added (--enable-fwd) @@ -68,7 +98,7 @@ - Renamed example SFTP to be examples/sftpclient/wolfsftp -### wolfSSH v1.3.0 (08/15/2018) +# wolfSSH v1.3.0 (08/15/2018) - Accepted code submission from Stephen Casner for SCP support. Thanks Stephen! - Added SCP server support. @@ -76,7 +106,7 @@ - Updated the autoconf scripts. - Other bug fixes and enhancements. -### wolfSSH v1.2.0 (09/26/2017) +# wolfSSH v1.2.0 (09/26/2017) - Added ECDH Group Exchange with SHA2 hashing and curves nistp256, nistp384, and nistp521. @@ -89,7 +119,7 @@ - Added a Visual Studio solution to build the library, examples, and tests. - Other bug fixes and enhancements. -### wolfSSH v1.1.0 (06/16/2017) +# wolfSSH v1.1.0 (06/16/2017) - Added DH Group Exchange with SHA-256 hashing to the key exchange. - Removed the canned banner and provided a function to set a banner string. @@ -103,6 +133,6 @@ - Fixed a bug with the GetString function. - Other small bug fixes and enhancements. -### wolfSSH v1.0.0 (10/24/2016) +# wolfSSH v1.0.0 (10/24/2016) Initial release. diff --git a/configure.ac b/configure.ac index d8fde27..a870a5b 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ # All right reserved. AC_COPYRIGHT([Copyright (C) 2014-2020 wolfSSL Inc.]) -AC_INIT([wolfssh],[1.4.3],[support@wolfssl.com],[wolfssh],[https://www.wolfssl.com]) +AC_INIT([wolfssh],[1.4.4],[support@wolfssl.com],[wolfssh],[https://www.wolfssl.com]) AC_PREREQ([2.63]) AC_CONFIG_AUX_DIR([build-aux]) @@ -20,7 +20,7 @@ AC_ARG_PROGRAM AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([src/config.h]) -WOLFSSH_LIBRARY_VERSION=10:0:1 +WOLFSSH_LIBRARY_VERSION=11:0:2 # | | | # +------+ | +---+ # | | | @@ -56,6 +56,7 @@ AC_CHECK_SIZEOF([off_t]) # Check headers/libs AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday inet_ntoa memset socket]) +AC_CHECK_HEADERS([sys/time.h]) AC_CHECK_LIB([network],[socket]) AC_CHECK_LIB([wolfssl],[wolfCrypt_Init],,[AC_MSG_ERROR([libwolfssl is required for ${PACKAGE}. It can be obtained from https://www.wolfssl.com/download.html/ .])]) @@ -77,6 +78,8 @@ AX_PTHREAD([ AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"]) AM_CFLAGS="$AM_CFLAGS $PTHREAD_CFLAGS"]) +AX_AM_JOBSERVER([yes]) + # Inline Build AC_ARG_ENABLE([inline], [AS_HELP_STRING([--disable-inline],[Disable inline functions (default: enabled)])], @@ -109,7 +112,7 @@ AC_ARG_ENABLE([fwd], # pseudo-terminal AC_ARG_ENABLE([term], - [AS_HELP_STRING([--enable-term],[Enable pseudo-terminal support (default: enabled)])], + [AS_HELP_STRING([--disable-term],[Enable pseudo-terminal support (default: enabled)])], [ENABLED_PTERM=$enableval],[ENABLED_PTERM=yes]) # Enable All @@ -169,32 +172,31 @@ AC_SUBST([AM_LDFLAGS]) AC_CONFIG_FILES([Makefile wolfssh/version.h]) AX_CREATE_GENERIC_CONFIG -AX_AM_JOBSERVER([yes]) AC_OUTPUT # force make clean -echo "---" -echo "Running make clean..." +AS_ECHO(["---"]) +AS_ECHO(["Running make clean..."]) make clean >/dev/null 2>&1 # output config summary -echo "---" -echo "Configuration summary for $PACKAGE_NAME version $VERSION" -echo "" -echo " * Installation prefix: $prefix" -echo " * System type: $host_vendor-$host_os" -echo " * Host CPU: $host_cpu" -echo " * C Compiler: $CC" -echo " * C Flags: $CFLAGS" -echo " * CPP Flags: $CPPFLAGS" -echo " * Linker Flags: $LDFLAGS" -echo -echo " Features" -echo " * Inline Code: $ENABLED_INLINE" -echo " * keygen: $ENABLED_KEYGEN" -echo " * psuedo-terminal: $ENABLED_PTERM" -echo " * scp: $ENABLED_SCP" -echo " * sftp: $ENABLED_SFTP" -echo " * TCP/IP Forwarding: $ENABLED_FWD" -echo " * Examples: $ENABLED_EXAMPLES" +AS_ECHO(["---"]) +AS_ECHO(["Configuration summary for $PACKAGE_NAME version $VERSION"]) +AS_ECHO +AS_ECHO([" * Installation prefix: $prefix"]) +AS_ECHO([" * System type: $host_vendor-$host_os"]) +AS_ECHO([" * Host CPU: $host_cpu"]) +AS_ECHO([" * C Compiler: $CC"]) +AS_ECHO([" * C Flags: $CFLAGS"]) +AS_ECHO([" * CPP Flags: $CPPFLAGS"]) +AS_ECHO([" * Linker Flags: $LDFLAGS"]) +AS_ECHO +AS_ECHO([" Features"]) +AS_ECHO([" * Inline Code: $ENABLED_INLINE"]) +AS_ECHO([" * keygen: $ENABLED_KEYGEN"]) +AS_ECHO([" * psuedo-terminal: $ENABLED_PTERM"]) +AS_ECHO([" * scp: $ENABLED_SCP"]) +AS_ECHO([" * sftp: $ENABLED_SFTP"]) +AS_ECHO([" * TCP/IP Forwarding: $ENABLED_FWD"]) +AS_ECHO([" * Examples: $ENABLED_EXAMPLES"]) diff --git a/examples/client/client.c b/examples/client/client.c index 1f4bcda..79681c4 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -30,7 +30,7 @@ #ifndef NO_WOLFSSH_CLIENT -const char testString[] = "Hello, wolfSSH!"; +static const char testString[] = "Hello, wolfSSH!"; /* type = 2 : shell / execute command settings @@ -144,7 +144,7 @@ static void ShowUsage(void) } -byte userPassword[256]; +static byte userPassword[256]; static int wsUserAuth(byte authType, WS_UserAuthData* authData, diff --git a/examples/sftpclient/sftpclient.c b/examples/sftpclient/sftpclient.c index 7445352..9c90075 100644 --- a/examples/sftpclient/sftpclient.c +++ b/examples/sftpclient/sftpclient.c @@ -104,13 +104,13 @@ static int NonBlockSSH_connect(void) /* for command reget and reput to handle saving offset after interrupt during * get and put */ #include -static byte interupt = 0; +static byte interrupt = 0; static void sig_handler(const int sig) { (void)sig; - interupt = 1; + interrupt = 1; wolfSSH_SFTP_Interrupt(ssh); } #endif /* WS_NO_SIGNAL */ @@ -189,8 +189,6 @@ static void clean_path(char* path) } } -const char sftpTestString[] = "Hello, wolfSSH!"; - #define WS_MAX_EXAMPLE_RW 1024 static int SetEcho(int on) @@ -294,14 +292,14 @@ static void ShowUsage(void) } -byte userPassword[256]; -byte userPublicKeyType[32]; -byte userPublicKey[512]; -word32 userPublicKeySz; -const byte* userPrivateKey; -word32 userPrivateKeySz; +static byte userPassword[256]; +static byte userPublicKeyType[32]; +static byte userPublicKey[512]; +static word32 userPublicKeySz; +static const byte* userPrivateKey; +static word32 userPrivateKeySz; -const char hanselPublicRsa[] = +static const char hanselPublicRsa[] = "AAAAB3NzaC1yc2EAAAADAQABAAABAQC9P3ZFowOsONXHD5MwWiCciXytBRZGho" "MNiisWSgUs5HdHcACuHYPi2W6Z1PBFmBWT9odOrGRjoZXJfDDoPi+j8SSfDGsc/hsCmc3G" "p2yEhUZUEkDhtOXyqjns1ickC9Gh4u80aSVtwHRnJZh9xPhSq5tLOhId4eP61s+a5pwjTj" @@ -309,7 +307,7 @@ const char hanselPublicRsa[] = "NmzI5y/+pzU5afsdeEWdiQDIQc80H6Pz8fsoFPvYSG+s4/wz0duu7yeeV1Ypoho65Zr+pE" "nIf7dO0B8EblgWt+ud+JI8wrAhfE4x"; -const byte hanselPrivateRsa[] = { +static const byte hanselPrivateRsa[] = { 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbd, 0x3f, 0x76, 0x45, 0xa3, 0x03, 0xac, 0x38, 0xd5, 0xc7, 0x0f, 0x93, 0x30, 0x5a, 0x20, 0x9c, 0x89, 0x7c, 0xad, 0x05, 0x16, 0x46, 0x86, 0x83, @@ -412,14 +410,14 @@ const byte hanselPrivateRsa[] = { 0xec, 0x18, 0xdb }; -unsigned int hanselPrivateRsaSz = 1191; +static const unsigned int hanselPrivateRsaSz = 1191; -const char hanselPublicEcc[] = +static const char hanselPublicEcc[] = "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNkI5JTP6D0lF42tbx" "X19cE87hztUS6FSDoGvPfiU0CgeNSbI+aFdKIzTP5CQEJSvm25qUzgDtH7oyaQROUnNvk="; -const byte hanselPrivateEcc[] = { +static const byte hanselPrivateEcc[] = { 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x03, 0x6e, 0x17, 0xd3, 0xb9, 0xb8, 0xab, 0xc8, 0xf9, 0x1f, 0xf1, 0x2d, 0x44, 0x4c, 0x3b, 0x12, 0xb1, 0xa4, 0x77, 0xd8, 0xed, 0x0e, 0x6a, 0xbe, 0x60, 0xc2, 0xf6, 0x8b, 0xe7, @@ -433,7 +431,7 @@ const byte hanselPrivateEcc[] = { 0xf9 }; -unsigned int hanselPrivateEccSz = 121; +static const unsigned int hanselPrivateEccSz = 121; static int wsUserAuth(byte authType, diff --git a/ide/winvs/user_settings.h b/ide/winvs/user_settings.h index fee1c00..1e45a82 100644 --- a/ide/winvs/user_settings.h +++ b/ide/winvs/user_settings.h @@ -21,11 +21,10 @@ #define NO_DSA #define NO_MD4 #define WC_RSA_BLINDING -#define USE_FAST_MATH -#define TFM_TIMING_RESISTANT -#define ECC_TIMING_RESISTANT #define WOLFSSL_PUBLIC_MP #define SINGLE_THREADED +#define WC_NO_HARDEN + #define WOLFSSH_TERM #endif /* _WIN_USER_SETTINGS_H_ */ diff --git a/src/wolfsftp.c b/src/wolfsftp.c index c876a9b..2e87015 100644 --- a/src/wolfsftp.c +++ b/src/wolfsftp.c @@ -425,7 +425,7 @@ static void wolfSSH_SFTP_ClearState(WOLFSSH* ssh, enum WS_SFTP_STATE_ID state) if (ssh) { if (state == 0) - state = ~state; /* set all bits hot */ + state = (enum WS_SFTP_STATE_ID)~state; /* set all bits hot */ if (state & STATE_ID_GET) { WFREE(ssh->getState, ssh->ctx->heap, DYNTYPE_SFTP_STATE); @@ -1219,7 +1219,7 @@ int wolfSSH_SFTP_read(WOLFSSH* ssh) if ((int)state->idx < state->sz) { ret = wolfSSH_worker(ssh, NULL); - if (ssh->error == WS_WANT_READ) { + if (ret != WS_SUCCESS && ssh->error == WS_WANT_READ) { /* was something there to read, try again */ state->toSend = 2; return WS_FATAL_ERROR; diff --git a/wolfssh/version.h b/wolfssh/version.h index 4411cb6..04dceff 100644 --- a/wolfssh/version.h +++ b/wolfssh/version.h @@ -33,8 +33,8 @@ extern "C" { #endif -#define LIBWOLFSSH_VERSION_STRING "1.4.3" -#define LIBWOLFSSH_VERSION_HEX 0x01004003 +#define LIBWOLFSSH_VERSION_STRING "1.4.4" +#define LIBWOLFSSH_VERSION_HEX 0x01004004 #ifdef __cplusplus } diff --git a/wolfssh/wolfscp.h b/wolfssh/wolfscp.h index b67e613..6592f20 100644 --- a/wolfssh/wolfscp.h +++ b/wolfssh/wolfscp.h @@ -53,8 +53,10 @@ extern "C" { #endif #if !defined(WOLFSSH_SCP_USER_CALLBACKS) && !defined(NO_FILESYSTEM) - /* for utimes() */ - #include + #include + #ifdef HAVE_SYS_TIME_H + #include + #endif #include typedef struct ScpSendCtx {