|
| 1 | +# wolfSSH v1.4.15 (December 22, 2023) |
| 2 | + |
| 3 | +## Vulnerabilities |
| 4 | + |
| 5 | +* Fixes a potential vulnerability described in the paper "Passive SSH Key |
| 6 | + Compromise via Lattices". While the misbehavior described hasn't |
| 7 | + been observed in wolfSSH, the fix is now implemented. The RSA signature |
| 8 | + is verified before sending to the peer. |
| 9 | + - Keegan Ryan, Kaiwen He, George Arnold Sullivan, and Nadia Heninger. 2023. |
| 10 | + Passive SSH Key Compormise via Lattices. Cryptology ePrint Archive, |
| 11 | + Report 2023/1711. https://eprint.iacr.org/2023/1711. |
| 12 | + |
| 13 | +## Notes |
| 14 | + |
| 15 | +* When building wolfSSL/wolfCrypt versions before v5.6.6 with CMake, |
| 16 | + wolfSSH may have a problem with RSA keys. This is due to wolfSSH not |
| 17 | + checking on the size of `___uint128_t`. wolfSSH sees the RSA structure |
| 18 | + as the wrong size. You will have to define `HAVE___UINT128_T` if you |
| 19 | + know you have it and are using it in wolfSSL. wolfSSL v5.6.6 exports that |
| 20 | + define in options.h when using CMake. |
| 21 | + |
| 22 | +## New Features |
| 23 | + |
| 24 | +* Added wolfSSH client application. |
| 25 | +* Added support for OpenSSH-style private keys, like those made by ssh-keygen. |
| 26 | +* Added support for the Zephyr RTOS. |
| 27 | +* Added support for multiple authentication schemes in the userauth callback |
| 28 | + with the error response `WOLFSSH_USERAUTH_PARTIAL_SUCCESS`. |
| 29 | + |
| 30 | +## Improvements |
| 31 | + |
| 32 | +* Allow override of default sshd user name at build. |
| 33 | +* Do not attempt to copy device files. The client won't ask, and the server |
| 34 | + won't do it. |
| 35 | +* More wolfSSHd testing. |
| 36 | +* Portability updates. |
| 37 | +* Terminal updates for shell connections to wolfSSHd, including window size |
| 38 | + updates. |
| 39 | +* QNX support updates. |
| 40 | +* Windows file support updates for SFTP and SCP. |
| 41 | +* Allow for longer command strings in wolfSSHd. |
| 42 | +* Tweaked some select timeouts in the echoserver. |
| 43 | +* Add some type size checks to configure. |
| 44 | +* Update for changes in wolfSSL's threading wrappers. |
| 45 | +* Updates for Espressif support and testing. |
| 46 | +* Speed improvements for SFTP. (Fixed unnecessary waiting.) |
| 47 | +* Windows wolfSSHd improvements. |
| 48 | +* The functions `wolfSSH_ReadKey_file()` and `wolfSSH_ReadKey_buffer()` |
| 49 | + handles more encodings. |
| 50 | +* Add function to supply new protocol ID string. |
| 51 | +* Support larger RSA keys. |
| 52 | +* MinGW support updates. |
| 53 | +* Update file use W-macro wrappers with a filesystem parameter. |
| 54 | + |
| 55 | +## Fixes |
| 56 | + |
| 57 | +* When setting the file permissions for a file in Zephyr, use the correct |
| 58 | + permission constants. |
| 59 | +* Fix buffer issue in `DoReceive()` on some edge failure conditions. |
| 60 | +* Prevent wolfSSHd zombie processes. |
| 61 | +* Fixed a few references to the heap variable for user supplied memory |
| 62 | + allocation functions. |
| 63 | +* Fixed an index update when verifying the server's RSA signature during KEX. |
| 64 | +* Fixed some of the guards around optional code. |
| 65 | +* Fixed some would-block cases when using non-blocking sockets in the |
| 66 | + examples. |
| 67 | +* Fixed some compile issues with liboqs. |
| 68 | +* Fix for interop issue with OpenSSH when using AES-CTR. |
| 69 | + |
| 70 | +--- |
| 71 | + |
1 | 72 | # wolfSSH v1.4.14 (July 7, 2023) |
2 | 73 |
|
3 | 74 | ## New Feature Additions and Improvements |
|
22 | 93 | - Fix for support with secondary groups with wolfSSHd |
23 | 94 | - Fixes for SFTP edge cases when used with LWiP |
24 | 95 |
|
| 96 | +--- |
| 97 | + |
25 | 98 | # wolfSSH v1.4.13 (Apr 3, 2023) |
26 | 99 |
|
27 | 100 | ## New Feature Additions and Improvements |
|
0 commit comments