WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,745 Commits
1 Branch
29 Tags
37 MiB
Commit Graph

1745 Commits (0e3ec03c2d7b569a44769d7467acf79b299456d5)

Author SHA1 Message Date
JacobBarthelmeh f18f9adf1f fix for check on empty password 2023-05-24 14:53:50 -07:00
John Safranek 92fcefa870
Merge pull request #515 from JacobBarthelmeh/sshd 
add secondary groups as well
 2023-05-24 11:31:00 -07:00
JacobBarthelmeh 796a745a92 fix scan-build warning for check on ret value 2023-05-19 13:49:23 -07:00
JacobBarthelmeh 3da8e2a690 add cr for enter with shell connections to windows server 2023-05-19 12:59:04 -07:00
JacobBarthelmeh ebbf43d2fe catch SCP as exec session 2023-05-19 10:55:07 -07:00
JacobBarthelmeh 26b68c2b1b keep raised permissions for startup 2023-05-19 09:50:23 -07:00
JacobBarthelmeh 94df77ff76 fix empty password support regression 2023-05-19 06:58:23 -07:00
JacobBarthelmeh 3f2aa055ab break between SSH accept and SCP operation 2023-05-19 06:26:18 -07:00
JacobBarthelmeh 7fa4f4a794
Merge pull request #516 from ejohnstown/kex-reply-scope 
Variable Scoping
 2023-05-11 22:09:27 -06:00
John Safranek 851ac5525e
Variable Scope 
1. Tighten up scope on variables in function SendKexDhReply.
2. Fix echoserver not handling the non-blocking would block state for
   SFTP.
 2023-05-11 11:10:44 -07:00
JacobBarthelmeh 7b3563a4b6
Merge pull request #510 from anhu/ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org 
ecc_p256-kyber_level1 interop with OQS OpenSSH
 2023-05-05 16:37:32 -06:00
JacobBarthelmeh b11e87b384 add secondary groups as well 2023-05-05 15:20:27 -07:00
Anthony Hu 9b96f58442 ecc_p256-kyber_level interop with OQS OpenSSH 
The implementation now complies with the following draft:
https://www.ietf.org/id/draft-kampanakis-curdle-ssh-pq-ke-01.html

We implement the method as defined by the following name:
ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org
 2023-05-05 15:01:07 -04:00
David Garske e0b641bafc
Merge pull request #513 from lealem47/packDocs 
Document Cube Pack dependencies
 2023-05-04 11:29:11 -07:00
Lealem Amedie 66e19b74d4 Document Cube Pack dependencies 2023-05-03 14:56:52 -06:00
JacobBarthelmeh 54df2e99b8
Merge pull request #509 from ejohnstown/sftp-update 
Updates for SFTP Support
 2023-04-24 16:27:52 -06:00
John Safranek d00db44b2f
SFTP Update 
1. In the API test for SFTP, change the amount of the file requested to
   the limit WOLFSSH_MAX_SFTP_RW.
2. The check for want read on the exit of the server worker should clear
   ret if it is want read.
 2023-04-19 13:39:35 -07:00
John Safranek 748f085f12
Rekey 
1. Fix an issue found in testing. Some checks for rekeying might happen
   when ssh is NULL.
 2023-04-13 16:43:05 -07:00
John Safranek 35554745bc
Update sftpclient 
1. Update the example SFTP client with changes made for the echoserver.
2. Better handling of rekeying status.
 2023-04-13 16:17:59 -07:00
John Safranek 7e7c5553df
Update wolfSSHd 
1. Update wolfSSHd with changes made for the echoserver.
2. Better indication of when the SFTP channel closes.
 2023-04-13 11:52:22 -07:00
John Safranek c97e8ea319
Rekey 
With the previous change for speed and timing, rekeying started having
trouble in SFTP. Each file block travels as two messages, and the
rekeying starts, but the messages are sent and lost. The client would
terminate the connection.

1. Tweak the timeout in the echoserver's SFTP loop.
2. Better checking for rekeying.
3. Returning that rekeying is happening.
 2023-04-11 19:50:55 -07:00
John Safranek 73946a36c6
Decoupling SFTP from SSH 
wolfSSH has a reach too deep into the wolfSSH internals. SFTP should
be more like an application running on top of wolfSSH. We prefer to
keep it all in one application, so it will work well in an embedded
environment, but there needs more separation.

1. The sftp_worker loop in the echoserver should prioritize reading
   the socket and processing the SSH layer messages. Next it should
   ensure the transmit buffer for the SFTP channel is being written.
   Last it should check the receive buffer for the SFTP for new
   messages from the peer. wolfSSH_worker() will ensure data is read
   from the socket, and distributed to the appropriate channel
   receieve buffers, and will make sure the SSH bookkeeping is
   performed.
2. SendChannelData() should also bound the send data amount by the
   local maxPacketSz.
3. wolfSSH_SFTP_buffer_send() should send only one chunk of data, not
   looping until everything is gone. Need to send, but cannot flood
   the output.
4. Remove the call to wolfSSH_worker() from the buffer send.
5. The wolfSSH_SFTP_read() state machine should check the return
   status from the call to buffer send, and if it isn't an error,
   don't clear the state, allow for a want-write write again later.
6. Do not limit the file chunk size to send to WOLFSSH_MAX_SFTP_RW.
   This limit is provided during SFTP negotiation. If the peer
   requests that much data, send it.
6. Modify the select wrapper to have a very small microseconds value
   in addition to the requested seconds.
 2023-04-10 15:57:25 -07:00
John Safranek 3f6c6f6964
Merge pull request #506 from JacobBarthelmeh/scp 
refactor client apps and add X509 to scpclient
 2023-04-05 14:14:17 -07:00
JacobBarthelmeh f4f302ce28 add more SCP debug logs and fix read out of bounds 2023-04-05 09:32:19 -07:00
JacobBarthelmeh 5a674a42d7 fix for ssh->error with SCP and public key use with common client code 2023-04-04 21:57:36 -07:00
JacobBarthelmeh 80f6ebb963 resolve unused function warnings 2023-04-04 14:59:46 -07:00
JacobBarthelmeh 5971e8a4fa warning fixes and windows build 2023-04-04 14:59:46 -07:00
JacobBarthelmeh a9224993fd refactor client apps and add X509 to scpclient 2023-04-04 14:59:46 -07:00
JacobBarthelmeh 326a4bf004
Merge pull request #508 from ejohnstown/release-1.4.13 
Release 1.4.13
 2023-04-04 15:47:54 -06:00
John Safranek 7ccedec9c3
Release v1.4.13 
1. Update the version number in configure.ac.
2. Update the change log.
 2023-04-03 14:21:20 -07:00
John Safranek 95bcc4541c
Release v1.4.13 
1. Update the copyright year in all file header comments.
2. Update the STM32CUBE files to use the correct GPL headers.
 2023-04-03 10:41:10 -07:00
David Garske 5b73e3ade2
Merge pull request #507 from lealem47/improvePack 
CubePack: Better USER_IO support & cleanup warnings
 2023-04-03 08:51:23 -07:00
Lealem Amedie 29ea1af2fb Note how to resolve possible error 2023-04-03 09:37:28 -06:00
Lealem Amedie 682e74fb40 CubePack: Better USER_IO support & cleanup warnings 2023-03-31 15:08:24 -06:00
David Garske d3dfb151d9
Merge pull request #503 from lealem47/stm32cube 
Initial support for STM32Cube
 2023-03-29 15:21:03 -07:00
Lealem Amedie 360abcfa09 Addressing feedback 2023-03-29 14:45:38 -06:00
David Garske 564d43ee4d
Merge pull request #505 from ejohnstown/forking 
Forking
 2023-03-29 11:52:53 -07:00
John Safranek 9c9cb5adbd
Forking 
1. Updated wolfSSHd with the common practices for starting a daemon.
2. Close std I/O and reopen as /dev/null.
 2023-03-29 10:23:32 -07:00
David Garske 07f901d207
Merge pull request #504 from ejohnstown/shadowfix 
wolfSSHd Shadow Fix
 2023-03-24 14:23:12 -07:00
John Safranek f74c2db6eb
wolfSSHd Shadow Fix 
1. Checking the string returned from crypt() to make sure it isn't a
   "*".
2. Checking the lengths of the strings when checking the password.
 2023-03-24 14:06:25 -07:00
Lealem Amedie f5b551c644 Address feedback & add more relevant files 2023-03-24 13:42:03 -06:00
Lealem Amedie d0f45f4a2a Initial support for STM32Cube 2023-03-21 17:20:27 -06:00
John Safranek 17e83731ff
Merge pull request #499 from JacobBarthelmeh/sshd 
add option to use x509v3 private key in connection without x509 auth
 2023-03-16 09:01:10 -07:00
JacobBarthelmeh d5ecaf4452 update sed command with tests 2023-03-15 10:46:47 -07:00
John Safranek 6a3f9d9ad4
Merge pull request #502 from embhorn/gh501 
Fix build error in client_test
 2023-03-15 09:36:39 -07:00
Eric Blankenhorn 85f904dbfe Fix build error in client_test 2023-03-15 09:46:01 -05:00
John Safranek f8651c952b
Merge pull request #498 from JacobBarthelmeh/sshd-forcedcmd 
remove leading tabs in config file while parsing, add force command test
 2023-03-10 15:17:57 -08:00
John Safranek 55f352781e
Merge pull request #489 from JacobBarthelmeh/ip_check 
add runtime option to override IP check with client
 2023-03-10 15:00:46 -08:00
JacobBarthelmeh 1086610fbc add option to use x509v3 private key in connection without x509 auth 2023-02-24 10:20:25 -08:00
JacobBarthelmeh 196b7d7507
Merge pull request #496 from kareem-wolfssl/gh493 
Fix 32-bit builds of the SFTP client.  Only build SFTP client if building examples is enabled.
 2023-02-16 09:24:11 -07:00