1. Removed some unused macros in the configure.ac script.
2. Added option for enabling TCP/IP Forwarding.
3. Coalesced the option enable checks to one location in the configure script.
4. Removed redundant compile flags from the wolfSSH automake include.
5. Added a check of the BUILD_SCP option to leave out the wolfcsp file as needed.
6. Removed the redundant debug flags from the ax_harden macro since we add them at the configure level.
7. Modified the ax_harden macro to add the flags to AM_CFLAGS rather than CFLAGS.
8. Removed redundant AM_CFLAGS from the include.am that are adding them to their build's CFLAGS.
9. Replaced the have-wolfssl macro with AC_CHECK_LIB.
10. When adding per-target CPPFLAGS, add the AM_CPPFLAGS back in.
11. remove redundant call to wolfSSH_Init() from echoserver
12. Add runtime configuration of the session window size and max packet size.
13. Parse the TCP/IP direct connect flavor of the Channel Open message.
14. Save and release the host and origin addresses.
15. Added an example forwarding tool.
16. Move and rename the FIND_SELF and FIND_PEER constants.
17. Add planned functions ChannelSend, ChannelRead, ChannelExit, worker.
18. Add new function ChannelNext, which returns the next channel in the list.
19. Changed SendBuffered() from static to local so it could be used by the worker.
20. Separated creating a channel and sending an channel open request.
21. Added status code for pending open channel and for received data.
change from NO_WOLFSSL_DIR to NO_WOLFSSH_DIR
add chmod feature
changes for sftp port
file attributes and SFTP version
no exit on echoserver and revert scp
fix for uninitialised value
fix compile time warnings
scp only build and handle file size of 0
macro guard on sftp build
adjust directory pointer on desktop build
close connection still on fail and update derefrence of dir with nucleus
ssh only build for nucleus
update example on Nucleus
add code sourcery IDE project
fix naming of IDE project files
clean up opendir for fail case
fix for build warnings
add fstat and fixes for nucleus port
update FALL_THROUGH case
add null terminator and more memory free's
fix for scan build warnings
fix warning of no return value
better bounds checking
better path cleaning
fix return values in header file
clean path before access
remove trailing delimiter from clean path
refactor sending SFTP packets
try to make internal function names more clear, add comments, and update sftp example
add parsing names and most of attributes
add SFTP debug tag
add mkdir with SFTP
start of framework for get
add get command and keep track of working directory
base case of put command
basic sftp rename command
basic sftp rm command
initial basic rmdir command added
initial basic reget/reput commands
clean up absolute path to working directory
move location of sftp client app and more testing
add more comments and make code more readable
cast on values and add exit
adjust macro names and test make dist
adjust gitignore and macro names
gcc-7 build
revert nameListIdx increment to find ssh-rsa
more comments
fix for possible use uninitialized warning
initial SFTP accept
send status packet and start of realpath
server side mkdir
initial process of stat and lstat packets
initial processing of rmdir packet
basics for server handling SFTP get command
initial commit for server handling basic put command
initial handling of receiving remove packet
initial server handling of rename packet
initial implementation of handling directory packets
better checking on return values
set correct return value on successful read
additional sanity checks on user inputs
make send and read packet API name more clear
cast for warning building with clang
1. Added new error codes for being unable to match ciphers with peer.
2. Whitespace updates in the error header.
3. Added disable flag to leave out the default log callback so user can supply own custom callback.
1. A bounds check in `KexDhReply()` for fSz could be tricked into using an incorrect value and trigger a crash. Rearranged the inequality so it can't be tricked.
2. A bounds check in `GetUint32()` for the size of the length value being used could cause crashes. Rearranged the inequality so it can't be tricked.
3. Modified other similar bounds checks.
4. In `KexDhReply()` check the sigSz after reading.
1. Add a unit test to check all error codes have strings.
2. Add public function to return the error string for an error code.
3. Fill in the missing error strings.
4. Fix an error string (change a "verify" to "create").
1. Add an automated test suite.
2. Refactor the existing test and example code to be better components for the test suite.
3. Rename some of the internal functions used by the examples and test suite.
4. Echoserver now only handles one connection at a time, has option to exit after single connection.
5. Echoserver can do the port zero trick for the test suite.
6. Some whitespace changes.
7. Added a `(void)` to a variable to hush an unused assignment warning.
1. Added support to the library for clients.
2. Added example client.
3. Added VS solutions for building client example.
4. Added ECC client keys. Renamed existing keys.
5. Since defunct server is copy of echoserver, updated it.
1. Added DLL builds.
2. Cleaned up some of the build configuration.
3. Updated the README files for building.
4. Renamed the function ProcessBuffer() with a prefix due to a conflicting name with wolfSSL.
5. Added test.h to include.am.
6. Moved the user_settings.h for wolfSSL into the wolfcrypt directory.
7. Changed the echoserver so that it binds to INADDR_ANY.
1. Added Windows Visual Studio build solution. Includes projects for:
* wolfSSH static library
* echoserver
* unit-test
* api-test
* 32- and 64-bit debug and release builds for all
2. Made necessary tweaks including adding some wrapper functions so the code compiles for both Linux/macOS and Windows.
3. Fixed a bug in the KDF test where the output buffer wasn't updated when SHA-256 was added.
4. Added the fallthrough attribute for GCC7.
5. Replaced all uses of `uint8_t`, `uint16_t`, and `uint32_t` with the wolfCrypt provided `byte`, `word16`, and `word32`.
6. Split the new channel function into new and init.
7. Added some ECC keys for authentication testing.
8. Moved some functions and includes around.
9. Removed the keying state machine and replaced with a flag.
10. Added rekey trigger if the client sends *CTRL-F* to echoserver.
11. Moved the sequence number increase outside `CreateMac()`. Incremented if the packet was successfully created. This way the sequence number is incremented when using AES-GCM.
12. Removed the redundant function `SendText()`.
13. Renamed the `clientId` related functions and data members to `protoId` to keep things role agnostic.
14. Changed all references of `clientKey` and `serverKey` to `keys` and `peerKeys`.
15. Updated `GenerateKeys()` to generate `keys` and `peerKeys` appropriately based on the endpoint side.
16. Added the wolfSSL style _test.h_ file to group shared example functions in one place.
17. Changed the echoserver to be similar to wolfSSL's where the code may be included without the main function in another executable.
Note:
This commit is a squash of more than a dozen commits. IDE support was added to the client branch, but the client branch is on hold. There were many changes in the client branch that are needed going forward. The code at the head of the client branch was copied over to the IDE branch, and the client code either deleted or removed from the build.
* Renamed the server key files to indicate they are rsa keys.
* Add ecc key files for the server.
* Move ProcessBuffer from ssh.c to internal.c.
* Remove #includes for headers from files that are not used.
* Added support for KEX algorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521
* Updated readme
* Added support for the public key algorithm ecdsa-sha2-nistp256.
* Added support for public key algorithms ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521.
* The Key Algorithm list for the KEX picks a single value to offer based on the private key used.
* Added private keys on curves nistp384 and nistp521. The curve nistp256 is used as the default.
* Added the new ecc keys to include.am
Filled out the message handling for the DH-GEX additional messages. To use
the DH-GEX, one needs to add the flag TEST_GEX. It is still a WIP. The
handshake state machine needs a change and the start of the hash calculation
needs to wait until receiving the client's KEX INIT message and the hash
type for the handshake signature can be resolved.
1. Added support for the wc_Hash wrappers. Need to keep track of the
hash being used.
2. Assumed SHA1 only, and modified everything to use the hash wrappers.
1. Add the banner to the WOLFSSH_CTX.
2. Moved the canned banner to be a debug option.
3. Default the banner to NULL of zero length.
4. Use the banner stored in the WOLFSSH_CTX.
5. Add an accessor to set the banner to a C string.
1. Added parsing of the Global Request message. Will log the request
name string.
2. Send global request failure response if reply is requested.
(This was an issue with a particular SSH client.)
client version string.
2. Shrink the receive buffer after reading the client version
string.
3. Resize the buffer correctly when needed data is already in the input
buffer and grab the remainder as expected.
1. Flushing out the keying state machine, taking it out of the accept
state machine.
2. Changed the HandshakeInfo record to be something that can be
recreated post-initial connection for rekeying.
3. Fixed the name of a previously unused size variable.
4. Moved some constants around.
1. Add stub rekey trigger function.
2. Add new default highwater callback that calls the rekey trigger
function.
3. Rename the highwater level as "mark" rather than "count".
4. Add a flag to call the highwater callback once, cleared when the
txCount is cleared when sending new keys message to peer.
5. Add new state machine for key exchange.
6. Start massaging the accept state machine for new KEX machine.
7. Update some default sizes, and replace magic numbers with named
constants.
8. Scale back the accept state machine to add in the KEX state
machine.
9. Capture the client version string and the server's KEX init message
for rekeying.
10. Add compiler flag to allow "none" as a user auth method.
1. Implemented the RSA key generation wrapper function.
2. Rearrange the unit test code.
3. Added RSA key generation wrapper function to unit test.
4. Removed certificate load from echoserver.
5. Not using certificates, removed the functions and storage.
6. Removed unused certificate files.
7. Renamed certs directory as keys.
8. Removed the example server from the build for now.
9. Created new server key with the RSA key generation function.
10. Add IDs for public keys for keygen use.
11. Whitespace cleanup.
2. Separate sets of keys for client and server.
3. Store generated keys in handshake info record.
4. Copy session keys over when sending and receiving the
New Keys message.
JacobBarthelmeh
John Safranek
Chris Conlon
dgarske