Release Rollup

ChangeLog.md

@@ -1,4 +1,34 @@
-### wolfSSH v1.4.3 (10/31/2019)
+# wolfSSH v1.4.4 (04/28/2020)
+
+## New Feature Additions
+
+- Added wolfSCP client example
+- Added support for building for VxWorks
+
+## Fixes
+
+- Fixes for some buffer issues discovered with fuzz testing
+- Fixes for some SCP directory issues in Nucleus
+- Fixed an issue where a buffer size went negative, cosmetic
+- Fixed bug in ECDSA when using alt-ecc-size in wolfCrypt
+- Fixed bug with AES-CTR and FIPSv2 build
+- Fixed bug when using single precision
+- Fix for SCP rename action
+
+## Improvements and Optimizations
+
+- Improved interoperability with FireZilla
+- Example tool option clarification
+- Better SFTP support in 32-bit environments
+- SFTP and SCP aren't dependent on ioctl() anymore
+- Add password rejection count
+- Public key vs password authentication chosen by user auth callback
+- MQX maintenance
+
+
+--------------------------------
+
+# wolfSSH v1.4.3 (10/31/2019)
 
 - wolfSFTP port to MQX 4.2 (MQX/MFS/RTCS)
 - Maintenance and bug fixes
@@ -17,7 +47,7 @@
   example client
 
 
-### wolfSSH v1.4.2 (08/06/2019)
+# wolfSSH v1.4.2 (08/06/2019)
 
 - GCC 8 build warning fixes
 - Fix for warning with enums used with SFTP and set socket type
@@ -38,7 +68,7 @@
 - Remove void cast on variable not compiled in with single threaded builds
 
 
-### wolfSSH v1.4.0 (04/30/2019)
+# wolfSSH v1.4.0 (04/30/2019)
 
 - SFTP support for time attributes
 - TCP port forwarding feature added (--enable-fwd)
@@ -68,15 +98,15 @@
 - Renamed example SFTP to be examples/sftpclient/wolfsftp
 
 
-### wolfSSH v1.3.0 (08/15/2018)
+# wolfSSH v1.3.0 (08/15/2018)
 
 - Accepted code submission from Stephen Casner for SCP support. Thanks Stephen!
 - Added SCP server support.
 - Added SFTP client and server support.
 - Updated the autoconf scripts.
 - Other bug fixes and enhancements.
 
-### wolfSSH v1.2.0 (09/26/2017)
+# wolfSSH v1.2.0 (09/26/2017)
 
 - Added ECDH Group Exchange with SHA2 hashing and curves nistp256,
   nistp384, and nistp521.
@@ -89,7 +119,7 @@
 - Added a Visual Studio solution to build the library, examples, and tests.
 - Other bug fixes and enhancements.
 
-### wolfSSH v1.1.0 (06/16/2017)
+# wolfSSH v1.1.0 (06/16/2017)
 
 - Added DH Group Exchange with SHA-256 hashing to the key exchange.
 - Removed the canned banner and provided a function to set a banner string.
@@ -103,6 +133,6 @@
 - Fixed a bug with the GetString function.
 - Other small bug fixes and enhancements.
 
-### wolfSSH v1.0.0 (10/24/2016)
+# wolfSSH v1.0.0 (10/24/2016)
 
 Initial release.

configure.ac

@@ -3,7 +3,7 @@
 # All right reserved.
 
 AC_COPYRIGHT([Copyright (C) 2014-2020 wolfSSL Inc.])
-AC_INIT([wolfssh],[1.4.3],[support@wolfssl.com],[wolfssh],[https://www.wolfssl.com])
+AC_INIT([wolfssh],[1.4.4],[support@wolfssl.com],[wolfssh],[https://www.wolfssl.com])
 AC_PREREQ([2.63])
 AC_CONFIG_AUX_DIR([build-aux])
 
@@ -20,7 +20,7 @@ AC_ARG_PROGRAM
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([src/config.h])
 
-WOLFSSH_LIBRARY_VERSION=10:0:1
+WOLFSSH_LIBRARY_VERSION=11:0:2
 #                       | | |
 #                +------+ | +---+
 #                |        |     |
@@ -56,6 +56,7 @@ AC_CHECK_SIZEOF([off_t])
 
 # Check headers/libs
 AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday inet_ntoa memset socket])
+AC_CHECK_HEADERS([sys/time.h])
 AC_CHECK_LIB([network],[socket])
 AC_CHECK_LIB([wolfssl],[wolfCrypt_Init],,[AC_MSG_ERROR([libwolfssl is required for ${PACKAGE}. It can be obtained from https://www.wolfssl.com/download.html/ .])])
 
@@ -77,6 +78,8 @@ AX_PTHREAD([
     AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"])
     AM_CFLAGS="$AM_CFLAGS $PTHREAD_CFLAGS"])
 
+AX_AM_JOBSERVER([yes])
+
 # Inline Build
 AC_ARG_ENABLE([inline],
     [AS_HELP_STRING([--disable-inline],[Disable inline functions (default: enabled)])],
@@ -109,7 +112,7 @@ AC_ARG_ENABLE([fwd],
 
 # pseudo-terminal
 AC_ARG_ENABLE([term],
-    [AS_HELP_STRING([--enable-term],[Enable pseudo-terminal support (default: enabled)])],
+    [AS_HELP_STRING([--disable-term],[Enable pseudo-terminal support (default: enabled)])],
     [ENABLED_PTERM=$enableval],[ENABLED_PTERM=yes])
 
 # Enable All
@@ -169,32 +172,31 @@ AC_SUBST([AM_LDFLAGS])
 AC_CONFIG_FILES([Makefile wolfssh/version.h])
 
 AX_CREATE_GENERIC_CONFIG
-AX_AM_JOBSERVER([yes])
 
 AC_OUTPUT
 
 # force make clean
-echo "---"
-echo "Running make clean..."
+AS_ECHO(["---"])
+AS_ECHO(["Running make clean..."])
 make clean >/dev/null 2>&1
 
 # output config summary
-echo "---"
-echo "Configuration summary for $PACKAGE_NAME version $VERSION"
-echo ""
-echo "   * Installation prefix:       $prefix"
-echo "   * System type:               $host_vendor-$host_os"
-echo "   * Host CPU:                  $host_cpu"
-echo "   * C Compiler:                $CC"
-echo "   * C Flags:                   $CFLAGS"
-echo "   * CPP Flags:                 $CPPFLAGS"
-echo "   * Linker Flags:              $LDFLAGS"
-echo
-echo "   Features"
-echo "   * Inline Code:               $ENABLED_INLINE"
-echo "   * keygen:                    $ENABLED_KEYGEN"
-echo "   * psuedo-terminal:           $ENABLED_PTERM"
-echo "   * scp:                       $ENABLED_SCP"
-echo "   * sftp:                      $ENABLED_SFTP"
-echo "   * TCP/IP Forwarding:         $ENABLED_FWD"
-echo "   * Examples:                  $ENABLED_EXAMPLES"
+AS_ECHO(["---"])
+AS_ECHO(["Configuration summary for $PACKAGE_NAME version $VERSION"])
+AS_ECHO
+AS_ECHO(["   * Installation prefix:       $prefix"])
+AS_ECHO(["   * System type:               $host_vendor-$host_os"])
+AS_ECHO(["   * Host CPU:                  $host_cpu"])
+AS_ECHO(["   * C Compiler:                $CC"])
+AS_ECHO(["   * C Flags:                   $CFLAGS"])
+AS_ECHO(["   * CPP Flags:                 $CPPFLAGS"])
+AS_ECHO(["   * Linker Flags:              $LDFLAGS"])
+AS_ECHO
+AS_ECHO(["   Features"])
+AS_ECHO(["   * Inline Code:               $ENABLED_INLINE"])
+AS_ECHO(["   * keygen:                    $ENABLED_KEYGEN"])
+AS_ECHO(["   * psuedo-terminal:           $ENABLED_PTERM"])
+AS_ECHO(["   * scp:                       $ENABLED_SCP"])
+AS_ECHO(["   * sftp:                      $ENABLED_SFTP"])
+AS_ECHO(["   * TCP/IP Forwarding:         $ENABLED_FWD"])
+AS_ECHO(["   * Examples:                  $ENABLED_EXAMPLES"])

examples/client/client.c

@@ -30,7 +30,7 @@
 
 #ifndef NO_WOLFSSH_CLIENT
 
-const char testString[] = "Hello, wolfSSH!";
+static const char testString[] = "Hello, wolfSSH!";
 
 
 /* type = 2 : shell / execute command settings
@@ -144,7 +144,7 @@ static void ShowUsage(void)
 }
 
 
-byte userPassword[256];
+static byte userPassword[256];
 
 static int wsUserAuth(byte authType,
                       WS_UserAuthData* authData,

examples/sftpclient/sftpclient.c

@@ -104,13 +104,13 @@ static int NonBlockSSH_connect(void)
 /* for command reget and reput to handle saving offset after interrupt during
  * get and put */
 #include <signal.h>
-static byte interupt = 0;
+static byte interrupt = 0;
 
 static void sig_handler(const int sig)
 {
     (void)sig;
 
-    interupt = 1;
+    interrupt = 1;
     wolfSSH_SFTP_Interrupt(ssh);
 }
 #endif /* WS_NO_SIGNAL */
@@ -189,8 +189,6 @@ static void clean_path(char* path)
     }
 }
 
-const char sftpTestString[] = "Hello, wolfSSH!";
-
 #define WS_MAX_EXAMPLE_RW 1024
 
 static int SetEcho(int on)
@@ -294,22 +292,22 @@ static void ShowUsage(void)
 }
 
 
-byte userPassword[256];
-byte userPublicKeyType[32];
-byte userPublicKey[512];
-word32 userPublicKeySz;
-const byte* userPrivateKey;
-word32 userPrivateKeySz;
+static byte userPassword[256];
+static byte userPublicKeyType[32];
+static byte userPublicKey[512];
+static word32 userPublicKeySz;
+static const byte* userPrivateKey;
+static word32 userPrivateKeySz;
 
-const char hanselPublicRsa[] =
+static const char hanselPublicRsa[] =
     "AAAAB3NzaC1yc2EAAAADAQABAAABAQC9P3ZFowOsONXHD5MwWiCciXytBRZGho"
     "MNiisWSgUs5HdHcACuHYPi2W6Z1PBFmBWT9odOrGRjoZXJfDDoPi+j8SSfDGsc/hsCmc3G"
     "p2yEhUZUEkDhtOXyqjns1ickC9Gh4u80aSVtwHRnJZh9xPhSq5tLOhId4eP61s+a5pwjTj"
     "nEhBaIPUJO2C/M0pFnnbZxKgJlX7t1Doy7h5eXxviymOIvaCZKU+x5OopfzM/wFkey0EPW"
     "NmzI5y/+pzU5afsdeEWdiQDIQc80H6Pz8fsoFPvYSG+s4/wz0duu7yeeV1Ypoho65Zr+pE"
     "nIf7dO0B8EblgWt+ud+JI8wrAhfE4x";
 
-const byte hanselPrivateRsa[] = {
+static const byte hanselPrivateRsa[] = {
   0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
   0xbd, 0x3f, 0x76, 0x45, 0xa3, 0x03, 0xac, 0x38, 0xd5, 0xc7, 0x0f, 0x93,
   0x30, 0x5a, 0x20, 0x9c, 0x89, 0x7c, 0xad, 0x05, 0x16, 0x46, 0x86, 0x83,
@@ -412,14 +410,14 @@ const byte hanselPrivateRsa[] = {
   0xec, 0x18, 0xdb
 };
 
-unsigned int hanselPrivateRsaSz = 1191;
+static const unsigned int hanselPrivateRsaSz = 1191;
 
 
-const char hanselPublicEcc[] =
+static const char hanselPublicEcc[] =
     "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNkI5JTP6D0lF42tbx"
     "X19cE87hztUS6FSDoGvPfiU0CgeNSbI+aFdKIzTP5CQEJSvm25qUzgDtH7oyaQROUnNvk=";
 
-const byte hanselPrivateEcc[] = {
+static const byte hanselPrivateEcc[] = {
   0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x03, 0x6e, 0x17, 0xd3, 0xb9,
   0xb8, 0xab, 0xc8, 0xf9, 0x1f, 0xf1, 0x2d, 0x44, 0x4c, 0x3b, 0x12, 0xb1,
   0xa4, 0x77, 0xd8, 0xed, 0x0e, 0x6a, 0xbe, 0x60, 0xc2, 0xf6, 0x8b, 0xe7,
@@ -433,7 +431,7 @@ const byte hanselPrivateEcc[] = {
   0xf9
 };
 
-unsigned int hanselPrivateEccSz = 121;
+static const unsigned int hanselPrivateEccSz = 121;
 
 
 static int wsUserAuth(byte authType,

ide/winvs/user_settings.h

@@ -21,11 +21,10 @@
 #define NO_DSA
 #define NO_MD4
 #define WC_RSA_BLINDING
-#define USE_FAST_MATH
-#define TFM_TIMING_RESISTANT
-#define ECC_TIMING_RESISTANT
 #define WOLFSSL_PUBLIC_MP
 #define SINGLE_THREADED
+#define WC_NO_HARDEN
+
 #define WOLFSSH_TERM
 
 #endif /* _WIN_USER_SETTINGS_H_ */

src/wolfsftp.c

@@ -425,7 +425,7 @@ static void wolfSSH_SFTP_ClearState(WOLFSSH* ssh, enum WS_SFTP_STATE_ID state)
     if (ssh) {
 
         if (state == 0)
-            state = ~state; /* set all bits hot */
+            state = (enum WS_SFTP_STATE_ID)~state; /* set all bits hot */
 
         if (state & STATE_ID_GET) {
             WFREE(ssh->getState, ssh->ctx->heap, DYNTYPE_SFTP_STATE);
@@ -1219,7 +1219,7 @@ int wolfSSH_SFTP_read(WOLFSSH* ssh)
 
                     if ((int)state->idx < state->sz) {
                         ret = wolfSSH_worker(ssh, NULL);
-                        if (ssh->error == WS_WANT_READ) {
+                        if (ret != WS_SUCCESS && ssh->error == WS_WANT_READ) {
                             /* was something there to read, try again */
                             state->toSend = 2;
                             return WS_FATAL_ERROR;

wolfssh/version.h

@@ -33,8 +33,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSH_VERSION_STRING "1.4.3"
-#define LIBWOLFSSH_VERSION_HEX 0x01004003
+#define LIBWOLFSSH_VERSION_STRING "1.4.4"
+#define LIBWOLFSSH_VERSION_HEX 0x01004004
 
 #ifdef __cplusplus
 }

wolfssh/wolfscp.h

@@ -53,8 +53,10 @@ extern "C" {
 #endif
 
 #if !defined(WOLFSSH_SCP_USER_CALLBACKS) && !defined(NO_FILESYSTEM)
-    /* for utimes() */
-    #include <sys/time.h>
+    #include <time.h>
+    #ifdef HAVE_SYS_TIME_H
+        #include <sys/time.h>
+    #endif
     #include <errno.h>
 
     typedef struct ScpSendCtx {