Add tests and fix issues

Author: LinuxJedi

Makefile.am

@@ -2,6 +2,7 @@
 bin_PROGRAMS =
 noinst_HEADERS =
 lib_LTLIBRARIES =
+noinst_LTLIBRARIES =
 noinst_PROGRAMS =
 nobase_include_HEADERS =
 check_PROGRAMS =

src/include.am

@@ -11,30 +11,42 @@ src_libwolfssh_la_SOURCES = src/ssh.c \
 src_libwolfssh_la_CPPFLAGS = -DBUILDING_WOLFSSH ${AM_CPPFLAGS}
 src_libwolfssh_la_LDFLAGS = -no-undefined -version-info ${WOLFSSH_LIBRARY_VERSION}
 
+noinst_LTLIBRARIES += src/libwolfssh_test.la
+src_libwolfssh_test_la_SOURCES = $(src_libwolfssh_la_SOURCES)
+src_libwolfssh_test_la_CPPFLAGS = -DBUILDING_WOLFSSH -DWOLFSSH_TEST_INTERNAL ${AM_CPPFLAGS}
+src_libwolfssh_test_la_LDFLAGS = -no-undefined
+
 if !BUILD_INLINE
 src_libwolfssh_la_SOURCES += src/misc.c
+src_libwolfssh_test_la_SOURCES += src/misc.c
 endif
 
 if BUILD_KEYGEN
 src_libwolfssh_la_SOURCES += src/keygen.c
+src_libwolfssh_test_la_SOURCES += src/keygen.c
 endif
 
 if BUILD_SCP
 src_libwolfssh_la_SOURCES += src/wolfscp.c
+src_libwolfssh_test_la_SOURCES += src/wolfscp.c
 endif
 
 if BUILD_SFTP
 src_libwolfssh_la_SOURCES += src/wolfsftp.c
+src_libwolfssh_test_la_SOURCES += src/wolfsftp.c
 endif
 
 if BUILD_TERM
 src_libwolfssh_la_SOURCES += src/wolfterm.c
+src_libwolfssh_test_la_SOURCES += src/wolfterm.c
 endif
 
 if BUILD_AGENT
 src_libwolfssh_la_SOURCES += src/agent.c
+src_libwolfssh_test_la_SOURCES += src/agent.c
 endif
 
 if BUILD_CERTS
 src_libwolfssh_la_SOURCES += src/certman.c
+src_libwolfssh_test_la_SOURCES += src/certman.c
 endif

src/internal.c

@@ -595,42 +595,6 @@ static void HandshakeInfoFree(HandshakeInfo* hs, void* heap)
 }
 
 
-#if 0
-/* RFC 4253 section 7.1, Once having sent SSH_MSG_KEXINIT the only messages
-* that can be sent are 1-19 (except SSH_MSG_SERVICE_REQUEST and
-* SSH_MSG_SERVICE_ACCEPT), 20-29 (except SSH_MSG_KEXINIT again), and 30-49
-*/
-INLINE static int IsMessageAllowedKeying(WOLFSSH *ssh, byte msg)
-{
-    if (ssh->isKeying == 0) {
-        return 1;
-    }
-
-    /* case of service request or accept in 1-19 */
-    if (msg == MSGID_SERVICE_REQUEST || msg == MSGID_SERVICE_ACCEPT) {
-        WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by during rekeying", msg);
-        ssh->error = WS_REKEYING;
-        return 0;
-    }
-
-    /* case of peer resending SSH_MSG_KEXINIT */
-    if ((ssh->isKeying & WOLFSSH_PEER_IS_KEYING) && msg == MSGID_KEXINIT) {
-        WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by during rekeying", msg);
-        ssh->error = WS_REKEYING;
-        return 0;
-    }
-
-    /* case where message id greater than 49 */
-    if (msg >= MSGID_USERAUTH_REQUEST) {
-        WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by during rekeying", msg);
-        ssh->error = WS_REKEYING;
-        return 0;
-    }
-    return 1;
-}
-#endif
-
-
 #ifndef NO_WOLFSSH_SERVER
 INLINE static int IsMessageAllowedServer(WOLFSSH *ssh, byte msg)
 {
@@ -694,6 +658,7 @@ INLINE static int IsMessageAllowedClient(WOLFSSH *ssh, byte msg)
     if (msg == MSGID_SERVICE_REQUEST || msg == MSGID_USERAUTH_REQUEST) {
         WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
                 msg, "client", "ever");
+        ssh->error = WS_MSGID_NOT_ALLOWED_E;
         return 0;
     }
 
@@ -720,6 +685,7 @@ INLINE static int IsMessageAllowedClient(WOLFSSH *ssh, byte msg)
             if (msg == MSGID_KEXINIT) {
                 WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
                         msg, "client", "when keying");
+                ssh->error = WS_REKEYING;
                 return 0;
             }
 
@@ -729,6 +695,7 @@ INLINE static int IsMessageAllowedClient(WOLFSSH *ssh, byte msg)
                     WLOG(WS_LOG_DEBUG,
                             "Message ID %u not the expected message %u",
                             msg, ssh->handshake->expectMsgId);
+                    ssh->error = WS_REKEYING;
                     return 0;
                 }
                 else {
@@ -748,6 +715,7 @@ INLINE static int IsMessageAllowedClient(WOLFSSH *ssh, byte msg)
              * when not keying. */
             WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
                     msg, "client", "when not keying");
+            ssh->error = WS_MSGID_NOT_ALLOWED_E;
             return 0;
         }
     }
@@ -761,9 +729,17 @@ INLINE static int IsMessageAllowedClient(WOLFSSH *ssh, byte msg)
         if (MSGIDLIMIT_POST_USERAUTH(msg)) {
             WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
                     msg, "client", "before user authentication is complete");
+            ssh->error = WS_MSGID_NOT_ALLOWED_E;
             return 0;
         }
         else if (MSGIDLIMIT_AUTH(msg)) {
+            /* Do not accept any userauth messages until we've asked for auth. */
+            if (ssh->connectState < CONNECT_CLIENT_USERAUTH_REQUEST_SENT) {
+                WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
+                        msg, "client", "before sending userauth request");
+                ssh->error = WS_MSGID_NOT_ALLOWED_E;
+                return 0;
+            }
             return 1;
         }
     }
@@ -774,6 +750,7 @@ INLINE static int IsMessageAllowedClient(WOLFSSH *ssh, byte msg)
         else if (MSGIDLIMIT_AUTH(msg)) {
             WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
                     msg, "client", "after user authentication");
+            ssh->error = WS_MSGID_NOT_ALLOWED_E;
             return 0;
         }
     }
@@ -787,12 +764,6 @@ INLINE static int IsMessageAllowedClient(WOLFSSH *ssh, byte msg)
  * Returns 1 if allowed 0 if not allowed. */
 INLINE static int IsMessageAllowed(WOLFSSH *ssh, byte msg, byte state)
 {
-#if 0
-    if (!IsMessageAllowedKeying(ssh, msg)) {
-        return 0;
-    }
-#endif
-
 #ifndef NO_WOLFSSH_SERVER
     if (ssh->ctx->side == WOLFSSH_ENDPOINT_SERVER) {
         return IsMessageAllowedServer(ssh, msg);
@@ -807,6 +778,13 @@ INLINE static int IsMessageAllowed(WOLFSSH *ssh, byte msg, byte state)
     return 0;
 }
 
+#ifdef WOLFSSH_TEST_INTERNAL
+int wolfSSH_TestIsMessageAllowed(WOLFSSH* ssh, byte msg, byte state)
+{
+    return IsMessageAllowed(ssh, msg, state);
+}
+#endif
+
 
 static const char cannedKexAlgoNames[] =
 #if !defined(WOLFSSH_NO_NISTP256_MLKEM768_SHA256)

tests/include.am

@@ -3,7 +3,8 @@
 # All paths should be given relative to the root
 
 check_PROGRAMS  += tests/unit.test tests/api.test \
-                   tests/testsuite.test tests/kex.test
+                   tests/testsuite.test tests/kex.test \
+                   tests/regress.test
 
 tests_unit_test_SOURCES      = tests/unit.c tests/unit.h
 tests_unit_test_CPPFLAGS     = -DNO_MAIN_DRIVER $(AM_CPPFLAGS)
@@ -43,3 +44,8 @@ tests_kex_test_SOURCES = tests/kex.c tests/kex.h \
 tests_kex_test_CPPFLAGS = -DNO_MAIN_DRIVER $(AM_CPPFLAGS)
 tests_kex_test_LDADD   = src/libwolfssh.la
 tests_kex_test_DEPENDENCIES = src/libwolfssh.la
+
+tests_regress_test_SOURCES = tests/regress.c
+tests_regress_test_CPPFLAGS = -DNO_MAIN_DRIVER -DWOLFSSH_TEST_INTERNAL $(AM_CPPFLAGS)
+tests_regress_test_LDADD   = src/libwolfssh_test.la
+tests_regress_test_DEPENDENCIES = src/libwolfssh_test.la