1. Add function to request the channel ID for the last message received.
2. Changed the send channel functions to use the self channel ID rather
than the peer's channel ID.
3. Modified client and echoserver to use the channel ID for the agent
to send messages.
4. Modify client to receive the entire message from the agent before
trying to relay it to the peer.
1. Cleanup redundant includes.
2. Add comments to the Read Key function pair.
3. Remove my name as an example user.
4. Change ECC sig build arrays to use macro for size rather than
bare number.
5. Remove empty if state for agent.
6. Added a couple needed NULL checks on allocs for the agent.
7. If unable to create an agent object on connect, disable agent use.
1. Added option to client to load a public key.
2. Added function ReadKey to load a key from a buffer or from a file
and store it. Utility for the client.
1. Example client should check the authType passed into the function,
not the type stored in the authData.
2. Restore the hansel keys to example client.
3. Add user ECC option to the example client for selecting
hansel's RSA or ECC key.
4. Restore the ordering of public key and password in
SendUserAuthRequest().
1. Added the agent support to the configure.ac script.
2. Updated the gitignore file to ignore any stamp-h file.
3. Changed to use the parsing functions and to make the parsing functions
local.
4. Updates to multichannel.
5. Add -lutil only if needed.
6. Add configure checks for some headers that change based on target OS.
7. Bump version.
8. Test doesn't have real account or real key so agent doesn't test well.
1. Add the echoserver shell support as a configure option.
2. Added some header and function checks to configure.
3. Use the new header and function checks to select includes
in the echoserver.
1. Fixed issue with the testsuite failing when the shell is enabled.
2. Added option to echoserver to force the echo behavior instead of
the shell when shell is enabled.
Also includes some bug fixes.
1. Add a function that returns a pointer to a session's username string.
2. Add a function to set a "raw" username copied from an incoming packet.
3. Add tests for 1 and 2.
4. Server saves a copy of the username on successful authentication.
5. Fix bug with GetString() where it would choke on a 0 length string.
6. Clean up the termios macros and mode creation.
7. Add some options for when WOLFSSL_VXWORKS is set.
1. Added some command line options to the wolfSFTP client to show how to
use a hardcoded automatic file transfer rather than using the command
shell. On top of that, added a script to get and put some sample files.
It was built into the wolfSFTP client to allow for using all forms of
authentication as well as using the command line password.
2. Update wolfSSH_SFTP_STAT() with clearing the error register if it is WANT_READ.
1. When printing server worker errors, print out the error string on the
stored error code, not the return value.
2. If the error is a socket error, don't try to send a shutdown message
to the peer.
3. Update the echoserver to close the connection cleanly when the SFTP
peer exits.
4. Added a function to check a WOLFSSL_CHANNEL if it is in eof.
1. Clean up a few compiler warnings.
2. Between Windows, MacOS, and Linux, the %llu printf tag varies
slightly, add a typecast of the word64 to unsigned long long to hush the
compiler warning.
1. Cleanup some debug printouts.
2. Add option to the echoserver and wolfSFTP client to use ECC keys or RSA
keys for user authentication.
3. Add option to the echoserver to use ECC keys for peer authentication.
Note, the user authentication type is still hardcoded in the library as
password. To use public key, need to update the authId in
SendUserAuthFailure().
1. Refactor of the RSA public key and password user auth code.
2. In the userauth code remove some usused variable names or use some orphaned variables.
3. Fix the sizes used for calculating the buffer size for ECC public keys.
4. Add in the length of the ECDSA signature wrapping the set r,s.
5. Return the public key rejected error code from DoUserAuthRequestPublicKey when the callback returns invalid public key.
update client example remote command execute for Windows
add wolfSSH_stream_peek and console translation
improvements to console translation and add client side psuedo terminal
windows client -c fix, clang build, sanity check on side for exec
fix for warnings with VS 2010 build
cast return value of WSTRLEN
update termios guard and fix for scan-build check
advance extended data buffer index on read
fix for error.h after rebase
The public key check callback hook is given a pointer to the public key, the size of the key, and the application-specific context data.
1. Added a callback function hook for checking the public key sent to the client by the server. It defaults to accepting the key.
2. Added accessors for the public key check callback function and context data.
3. Added a dummy callback to all the example tools.
1. Add a wrapper to the key-gen code that checks for wolfCrypt's keygen flag and errors if keygen isn't available.
2. The main loops around wolfSSH_stream_read() for the example client and server needed to check the error register for WANT_READ or WANT_WRITE, not the return code.
64-bit value is an array 2 of 32-bit values. In SFTP, changed up all the
uses (most) of word64 to word32 arrays. Not all systems we support have
64-bit types available.
2. Added a local dynamic memory type in the ports for strings.
3. Removed the includes for winsock2.h. It is included by windows.h.
4. In the example client, switched fin and fout to macros to stdin and
stdout. While they are FILE in POSIX, in Windows they are a function.
2. Split the error check on the Windows file write into two checks.
3. Check the success of closing the local file in Windows.
4. Rearrange the Get state machine to attempt to close the remote file
first then the local file. The local file close is always attempted.
2. Add option to echoserver for the SFTP path.
3. Fix issues with the Get() and Put() state machines with respect to
file access. Windows builds to use Win32 API. Windows builds do not use
fseek().
4. RecvRealPath() to use the new default path option if available. It
does not call getcwd() for Windows builds.
1. Added a non-blocking socket option to the client.
2. Added a non-blocking socket option to the server.
3. Added support for select to the test header.
4. Updated the usage strings so they are formatted the same.
1. Didn't initialize errFd before calling select() in wolffwd.
2. Wasn't checking the accepted appFd in wolffwd.
3. For the test_KDF() unit test, a call to ConvertHexToBin() could succeed and leave eKey NULL, and pass it to memcmp().
1. Removed the "direction" flag from the wolffwd example. Only works in one direction at this point.
2. Added the GPL header to the wolffwd example source.
3. Removed the stray prints from the wolffwd example.
4. wolfFwd example fails out if any of the sockets report failure.
1. Removed some unused macros in the configure.ac script.
2. Added option for enabling TCP/IP Forwarding.
3. Coalesced the option enable checks to one location in the configure script.
4. Removed redundant compile flags from the wolfSSH automake include.
5. Added a check of the BUILD_SCP option to leave out the wolfcsp file as needed.
6. Removed the redundant debug flags from the ax_harden macro since we add them at the configure level.
7. Modified the ax_harden macro to add the flags to AM_CFLAGS rather than CFLAGS.
8. Removed redundant AM_CFLAGS from the include.am that are adding them to their build's CFLAGS.
9. Replaced the have-wolfssl macro with AC_CHECK_LIB.
10. When adding per-target CPPFLAGS, add the AM_CPPFLAGS back in.
11. remove redundant call to wolfSSH_Init() from echoserver
12. Add runtime configuration of the session window size and max packet size.
13. Parse the TCP/IP direct connect flavor of the Channel Open message.
14. Save and release the host and origin addresses.
15. Added an example forwarding tool.
16. Move and rename the FIND_SELF and FIND_PEER constants.
17. Add planned functions ChannelSend, ChannelRead, ChannelExit, worker.
18. Add new function ChannelNext, which returns the next channel in the list.
19. Changed SendBuffered() from static to local so it could be used by the worker.
20. Separated creating a channel and sending an channel open request.
21. Added status code for pending open channel and for received data.
1. In the echoserver, free the thread context before exiting app on error.
2. In the unit test, when checking the KDF, initialize the sizes to zero
and the pointers to NULL after freeing them.
change from NO_WOLFSSL_DIR to NO_WOLFSSH_DIR
add chmod feature
changes for sftp port
file attributes and SFTP version
no exit on echoserver and revert scp
fix for uninitialised value
fix compile time warnings
scp only build and handle file size of 0
macro guard on sftp build
adjust directory pointer on desktop build
close connection still on fail and update derefrence of dir with nucleus
ssh only build for nucleus
update example on Nucleus
add code sourcery IDE project
fix naming of IDE project files
clean up opendir for fail case
fix for build warnings
add fstat and fixes for nucleus port
update FALL_THROUGH case
add null terminator and more memory free's
fix for scan build warnings
fix warning of no return value
better bounds checking
better path cleaning
fix return values in header file
clean path before access
remove trailing delimiter from clean path
refactor sending SFTP packets
try to make internal function names more clear, add comments, and update sftp example
add parsing names and most of attributes
add SFTP debug tag
add mkdir with SFTP
start of framework for get
add get command and keep track of working directory
base case of put command
basic sftp rename command
basic sftp rm command
initial basic rmdir command added
initial basic reget/reput commands
clean up absolute path to working directory
move location of sftp client app and more testing
add more comments and make code more readable
cast on values and add exit
adjust macro names and test make dist
adjust gitignore and macro names
gcc-7 build
revert nameListIdx increment to find ssh-rsa
more comments
fix for possible use uninitialized warning
initial SFTP accept
send status packet and start of realpath
server side mkdir
initial process of stat and lstat packets
initial processing of rmdir packet
basics for server handling SFTP get command
initial commit for server handling basic put command
initial handling of receiving remove packet
initial server handling of rename packet
initial implementation of handling directory packets
better checking on return values
set correct return value on successful read
additional sanity checks on user inputs
make send and read packet API name more clear
cast for warning building with clang
1. Add an automated test suite.
2. Refactor the existing test and example code to be better components for the test suite.
3. Rename some of the internal functions used by the examples and test suite.
4. Echoserver now only handles one connection at a time, has option to exit after single connection.
5. Echoserver can do the port zero trick for the test suite.
6. Some whitespace changes.
7. Added a `(void)` to a variable to hush an unused assignment warning.
1. Added support to the library for clients.
2. Added example client.
3. Added VS solutions for building client example.
4. Added ECC client keys. Renamed existing keys.
5. Since defunct server is copy of echoserver, updated it.
1. Moved some of the files around.
2. Updated the readme.
3. Added a property file with a set of user macros to point at wolfSSL include and build directories.
4. Updated all the project files to use the new user macros.
5. Add guard around including options.h in the echoserver.
1. Added DLL builds.
2. Cleaned up some of the build configuration.
3. Updated the README files for building.
4. Renamed the function ProcessBuffer() with a prefix due to a conflicting name with wolfSSL.
5. Added test.h to include.am.
6. Moved the user_settings.h for wolfSSL into the wolfcrypt directory.
7. Changed the echoserver so that it binds to INADDR_ANY.
1. Added Windows Visual Studio build solution. Includes projects for:
* wolfSSH static library
* echoserver
* unit-test
* api-test
* 32- and 64-bit debug and release builds for all
2. Made necessary tweaks including adding some wrapper functions so the code compiles for both Linux/macOS and Windows.
3. Fixed a bug in the KDF test where the output buffer wasn't updated when SHA-256 was added.
4. Added the fallthrough attribute for GCC7.
5. Replaced all uses of `uint8_t`, `uint16_t`, and `uint32_t` with the wolfCrypt provided `byte`, `word16`, and `word32`.
6. Split the new channel function into new and init.
7. Added some ECC keys for authentication testing.
8. Moved some functions and includes around.
9. Removed the keying state machine and replaced with a flag.
10. Added rekey trigger if the client sends *CTRL-F* to echoserver.
11. Moved the sequence number increase outside `CreateMac()`. Incremented if the packet was successfully created. This way the sequence number is incremented when using AES-GCM.
12. Removed the redundant function `SendText()`.
13. Renamed the `clientId` related functions and data members to `protoId` to keep things role agnostic.
14. Changed all references of `clientKey` and `serverKey` to `keys` and `peerKeys`.
15. Updated `GenerateKeys()` to generate `keys` and `peerKeys` appropriately based on the endpoint side.
16. Added the wolfSSL style _test.h_ file to group shared example functions in one place.
17. Changed the echoserver to be similar to wolfSSL's where the code may be included without the main function in another executable.
Note:
This commit is a squash of more than a dozen commits. IDE support was added to the client branch, but the client branch is on hold. There were many changes in the client branch that are needed going forward. The code at the head of the client branch was copied over to the IDE branch, and the client code either deleted or removed from the build.
* Renamed the server key files to indicate they are rsa keys.
* Add ecc key files for the server.
* Move ProcessBuffer from ssh.c to internal.c.
* Remove #includes for headers from files that are not used.
* Added support for KEX algorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521
* Updated readme
* Added support for the public key algorithm ecdsa-sha2-nistp256.
* Added support for public key algorithms ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521.
* The Key Algorithm list for the KEX picks a single value to offer based on the private key used.
* Added private keys on curves nistp384 and nistp521. The curve nistp256 is used as the default.
* Added the new ecc keys to include.am
2. Add wolfSSH_GetStats() to return session statistics.
3. Echoserver server_worker threads get a context with their
wolfSSH session, an ID number, and socket fd.
1. Add the banner to the WOLFSSH_CTX.
2. Moved the canned banner to be a debug option.
3. Default the banner to NULL of zero length.
4. Use the banner stored in the WOLFSSH_CTX.
5. Add an accessor to set the banner to a C string.
1. Implemented the RSA key generation wrapper function.
2. Rearrange the unit test code.
3. Added RSA key generation wrapper function to unit test.
4. Removed certificate load from echoserver.
5. Not using certificates, removed the functions and storage.
6. Removed unused certificate files.
7. Renamed certs directory as keys.
8. Removed the example server from the build for now.
9. Created new server key with the RSA key generation function.
10. Add IDs for public keys for keygen use.
11. Whitespace cleanup.
prints that the highwater mark was hit and doubles the
highwater mark value. It is disabled by default. To use,
when configuring add the CPPFLAG "DEFAULT_HIGHWATER_MARK".
For example, `CPPFLAGS=-DDEFAULT_HIGHWATER_MARK=128`
Include wolfSSL's options.h to echoserver.c. When building wolfSSL
with AES-NI and wolfSSH in debug, the ALIGN16 on the SHA-256
structure is lost in wolfSSH, where the wolfCrypt code is expecting
the parameters to be ALIGN16.
John Safranek
Jacob Barthelmeh
Chris Conlon
Takashi Kojo
kaleb-himes
dgarske