wolfSSH v1.4.17 (March 25, 2024)

Vulnerabilities

• Fixes a vulnerability where a properly crafted SSH client can bypass user
  authentication in the wolfSSH server code. The added fix filters the
  messages that are allowed during different operational states.

Notes

• When building wolfSSL/wolfCrypt versions before v5.6.6 with CMake,
  wolfSSH may have a problem with RSA keys. This is due to wolfSSH not
  checking on the size of ___uint128_t. wolfSSH sees the RSA structure
  as the wrong size. You will have to define HAVE___UINT128_T if you
  know you have it and are using it in wolfSSL. wolfSSL v5.6.6 exports that
  define in options.h when using CMake.
• The example server in directory examples/server/server.c has been removed.
  It was never kept up to date, the echoserver did its job as an example and
  test server.

New Features

• Added functions to set algorithms lists for KEX at run-time, and some
  functions to inspect which algorithms are set or are available to use.
• In v1.4.15, we had disabled SHA-1 in the build by default. SHA-1 has been
  re-enabled in the build and is now "soft" disabled, where algorithms using
  it can be configured for KEX.
• Add Curve25519 KEX support for server/client key agreement.

Improvements

• Clean up some issues when building for Nucleus.
• Clean up some issues when building for Windows.
• Clean up some issues when building for QNX.
• Added more wolfSSHd testing.
• Added more appropriate build option guard checking.
• General improvements for the ESP32 builds.
• Better terminal support in Windows.
• Better I/O pipes and return codes when running commands or scripts over an
  SSH connection.

Fixes

• Fix shell terminal window resizing and it sets up the environment better.
• Fix some corner cases with the SFTP testing.
• Fix some corner cases with SFTP in general.
• Fix verifying RSA signatures.
• Add masking of file mode bits for Zephyr.
• Fix leak of terminal modes cache.

wolfSSH v1.4.15 (December 22, 2023)

Vulnerabilities

• Fixes a potential vulnerability described in the paper "Passive SSH Key Compromise via Lattices". While the misbehavior described hasn't been observed in wolfSSH, the fix is now implemented. The RSA signature is verified before sending to the peer.
  • Keegan Ryan, Kaiwen He, George Arnold Sullivan, and Nadia Heninger. 2023. Passive SSH Key Compromise via Lattices. Cryptology ePrint Archive, Report 2023/1711. https://eprint.iacr.org/2023/1711.

Notes

• When building wolfSSL/wolfCrypt versions before v5.6.6 with CMake, wolfSSH may have a problem with RSA keys. This is due to wolfSSH not checking on the size of ___uint128_t. wolfSSH sees the RSA structure as the wrong size. You will have to define HAVE___UINT128_T if you know you have it and are using it in wolfSSL. wolfSSL v5.6.6 exports that define in options.h when using CMake.

New Features

• Added wolfSSH client application.
• Added support for OpenSSH-style private keys, like those made by ssh-keygen.
• Added support for the Zephyr RTOS.
• Added support for multiple authentication schemes in the userauth callback with the error response WOLFSSH_USERAUTH_PARTIAL_SUCCESS.

Improvements

• Allow override of default sshd user name at build.
• Do not attempt to copy device files. The client won't ask, and the server won't do it.
• More wolfSSHd testing.
• Portability updates.
• Terminal updates for shell connections to wolfSSHd, including window size updates.
• QNX support updates.
• Windows file support updates for SFTP and SCP.
• Allow for longer command strings in wolfSSHd.
• Tweaked some select timeouts in the echoserver.
• Add some type size checks to configure.
• Update for changes in wolfSSL's threading wrappers.
• Updates for Espressif support and testing.
• Speed improvements for SFTP. (Fixed unnecessary waiting.)
• Windows wolfSSHd improvements.
• The functions wolfSSH_ReadKey_file() and wolfSSH_ReadKey_buffer() handle more encodings.
• Add function to supply new protocol ID string.
• Support larger RSA keys.
• MinGW support updates.
• Update file use W-macro wrappers with a filesystem parameter.

Fixes

• When setting the file permissions for a file in Zephyr, use the correct permission constants.
• Fix buffer issue in DoReceive() on some edge failure conditions.
• Prevent wolfSSHd zombie processes.
• Fixed a few references to the heap variable for user supplied memory allocation functions.
• Fixed an index update when verifying the server's RSA signature during KEX.
• Fixed some of the guards around optional code.
• Fixed some would-block cases when using non-blocking sockets in the examples.
• Fixed some compile issues with liboqs.
• Fix for interop issue with OpenSSH when using AES-CTR.

wolfSSH v1.4.13 (Apr 3, 2023)

New Feature Additions and Improvements

• Improvement to forking the wolfSSHd daemon.
• Added an STM32Cube Expansion pack. See the file ide/STM32CUBE/README.md for more information. (https://www.wolfssl.com/files/ide/I-CUBE-wolfSSH.pack)
• Improved test coverage for wolfSSHd.
• X.509 style private key support.

Fixes

• Fixed shadow password checking in wolfSSHd.
• Building cleanups: warnings, types, 32-bit.
• SFTP fixes for large files.
• Testing and fixes with SFTP and LwIP.

Vulnerabilities

• wolfSSHd would allow users without passwords to log in with any password. This is fixed as of this version. The return value of crypt() was not correctly checked. This issue was introduced in v1.4.11 and only affects wolfSSHd when using the default authentication callback provided with wolfSSHd. Anyone using wolfSSHd should upgrade to v1.4.13.

wolfSSH v1.4.12 (Dec 28, 2022)

New Feature Additions and Improvements

• Support for Green Hills Software's INTEGRITY
• wolfSSHd Release (#453 rounds off testing and additions)
• Support for RFC 6187, using X.509 Certificates as public keys
• OCSP and CRL checking for X.509 Certificates (uses wolfSSL CertManager)
• Add callback to the server for reporting userauth result
• FPKI profile checking support
• chroot jailing for SFTP in wolfSSHd
• Permission level changes in wolfSSHd
• Add Hybrid ECDH-P256 Kyber-Level1
• Multiple server keys
• Makefile updates
• Remove dependency on wolfSSL being built with public math enabled

Fixes

• Fixes for compiler complaints using GHS compiler
• Fixes for compiler complaints using GCC 4.0.2
• Fixes for the directory path cleanup function for SFTP
• Fixes for SFTP directory listing when on Windows
• Fixes for large file transfers with SFTP
• Fixes for port forwarding
• Fix for building with QNX
• Fix for the wolfSSHd grace time alarm
• Fixes for Yocto builds
• Fixes for issues found with fuzzing

Vulnerabilities

• The vulnerability fixed in wolfSSH v1.4.8 finally issued CVE-2022-32073

wolfSSH v1.4.11 (Aug 22, 2022)

New Feature Additions and Improvements

• Alpha version of SSHD implementation (--enable-sshd)
• ECDSA key generation wrapper
• Espressif port and component install
• Improvements to detection of ECC RNG requirement

Fixes

• Handle receiving extended data type with SCP connections
• Multiple non blocking fixes in SSH and SFTP use cases
• Fix for handling '.' character in file name with SFTP
• Windows build fix for SFTP with log timestamps enabled
• Fix to handle listing large directories with SFTP LS function
• Fix for checking path length when cleaning it (SFTP/SCP)

wolfSSH v1.4.10 (May 13, 2022)

New Feature Additions and Improvements

• Additional small stack optimizations to reduce stack used farther
• Update to Visual Studio paths for looking for wolfSSL library
• SFTP example, reset timeout value with get/put command
• Add support for flushing file IO using WOLFSCP_FLUSH
• Add preprocessor guards for RSA/ECC to agent and the example and test applications
• Initialization of variables to avoid warnings and use with ESP-IDF

Fixes

• When scp receives a string in STDERR, print it out, rather than treating it as an error
• Window adjustment refactor and fix
• fix check on RSA import size
• Fix for building with older GCC versions (tested with 4.0.2)
• SFTP fix handling sent data sz when its size is greater than peer max packet size
• SFTP add error return code for a bad header when sending a packet
• KCAPI build fixes for macro guards needed
• SCP fix for handling small and empty message sizes
• SFTP update to handle WS_CHAN_RXD return values when reading
• Fix for IPv6 with scpclient
• Fixes for cross-compiling (don't force library path references)
• Fix for FIPS 140-3 on ECC private key use

wolfSSH v1.4.8 (Nov 4, 2021)

New Feature Additions and Improvements

• Add remote port forwarding
• Make loading user created keys into the examples easier
• Add --with-wolfssl and use --prefix to look for wolfSSL
• Updated the unsupported GlobalReq response

Fixes

• Fix for RSA public key auth
• When decoding SFTP messages, fix the size checks so they don't wrap
• Fix an issue where the testsuite and echoserver a socket failure
• SFTP fix for getting attribute header
• Fix for possible null dereference in SendKexDhReply
• Remove reference to udp from test.h
• Fixes to local port forwarding

wolfSSH version 1.4.7

wolfSSH v1.4.7 (July 23, 2021)

New Feature Additions and Improvements

• SCP improvements to run on embedded RTOS
• For SFTP messages, check both minimum bound and maximum bound of the length value
• Added option for --enable-small-stack
• Added SFTP support for FatFs
• Added 192 and 256 bit support for AES-CBC, AES-CTR, and AES-GCM
• Added options to disable algorithms. (ie WOLFSSH_NO_ECDSA, WOLFSSH_NO_AES_CBC, etc)
• Improved handling of builds without ECC

Fixes

• When processing public key user auth, initialize the key earlier
• When processing public key user auth, use GetSize() instead of GetUint32()
• Fix for better handling rekey
• Fix for build with NO_WOLFSSH_CLIENT macro and --enable-all
• Fix configuration with WOLFSSH_NO_DH
• To add internal function to purge a packet in case building one fails
• Fix for cleanup in error case with SFTP read packet
• Fix initialization of DH Size values

wolfSSH release version 1.4.6

wolfSSH v1.4.6 (February 3, 2021)

New Feature Additions

• Added optional builds for not using RSA or ECC making the build more modular for resource constrained situations.
• MQX IDE build added
• Command line option added for Agent use with the example client

Fixes

• Increase the ID list size for interop with some OpenSSH servers
• In the case of a network error add a close to any open files with SFTP connection
• Fix for potential memory leak with agent and a case with wolfSHS_SFTP_GetHandle
• Fuzzing fix for potential out of bounds read in the public key user auth messages
• MQX build fixes
• Sanity check that agent was set before setting the agent’s channel
• Fuzzing fix for bounds checking with DoKexDhReply internal function
• Fuzzing fix for clean up of base path with SCP use
• Fuzzing fix for sanity checks on setting the prime group and generator
• Fuzzing fix for return result of high water check
• Fuzzing fix for null terminator in internal ReceiveScpConfirmation function

Improvements and Optimizations

• Example timeout added to SFTP example
• Update wolfSSH_ReadKey_buffer() to handle P-384 and P-521 when reading a key from a buffer
• Use internal version of strdup
• Use strncmp instead of memcmp for comparing session string type

wolfSSH version 1.4.5

wolfSSH v1.4.5 (August 31, 2020)

New Feature Additions

• Added SSH-AGENT support to the echoserver and client
• For testing purposes, add ability to have named users with authentication
  type of "none"
• Added support for building for EWARM
• Echoserver can now spawn a shell and set up a pty with it
• Added example to the SCP callback for file transfers without a filesystem

Fixes

• Fixes for clean connection shutdown in the example.
• Fixes for some issues with DH KEX discovered with fuzz testing
• Fix for an OOB read around the RSA signature
• Fix for building with wolfSSL v4.5.0 with respect to wc_ecc_set_rng();
  configure will detect the function's presence and work around it absence;
  see note in internal.c regarding the flag HAVE_WC_ECC_SET_RNG if not
  using configure

Improvements and Optimizations

• Improved interoperability with winSCP
• Improved interoperability with Dropbear
• Example client can now authenticate with public keys