Out Of Order Messaging Checking#855
Merged
douzzer merged 7 commits intowolfSSL:masterfrom Dec 15, 2025
Merged
Conversation
Contributor
ejohnstown
commented
Dec 9, 2025
ejohnstown
commented
- Improved the checking the appropriateness of messages depending on the state.
- Added explicit checking for specific messages when appropriate.
- Added a regression test that checks for specific failure cases.
1. Add macro for logging an expected message. 2. Add an expected message ID to the HandshakeInfo. 3. Add a message ID for "none (0)". 4. Add a check in IsMessageAllowedClient() for the expected message ID. Clear it if successful. 5. The KEXDH messages sent to the server have expected responses. Set them if sending the message is successful. 6. Add the set of message ID ranges and macros for testing if a message ID is in a specific range. 7. Add flags for having sent the kexinit message and received it. Tweak the checks for isKeying and these flags. 8. IsMessageAllowedClient() to check for appropriate messages at the appropriate time during the connect.
1. Updated the checking for the server to be more like the client's checking.
1. Exclude the file regress.c from the Zephyr testing sample. The test is covered in many other environments already. The test needs some retooling to fit in with the Zephyr build, as it is a standalone application with a main() function and it depends on a testing build of libwolfssh. 2. Whitespace.
ejohnstown
changed the title
LinuxJedi
previously approved these changes
Dec 10, 2025
JacobBarthelmeh
requested changes
Dec 10, 2025
1. Always set the expected message right before sending. If the send fails, it is either because the socket is closing, or it is wanting to block. If it is wanting to block, we still want to check the next message as expected.
JacobBarthelmeh
approved these changes
Dec 11, 2025
douzzer
approved these changes
Dec 15, 2025
Contributor
douzzer
left a comment
douzzer
left a comment
There was a problem hiding this comment.
make check passed with -DWOLFSSH_TEST_INTERNAL under sanitizers on both libwolfssl and wolfssh.
note, needed --enable-opensslextra on libwolfssl (for public FreeDecodedCert()) and -Wno-stringop-truncation on wolfssh for "examples/client/client.c:575:13: error: ‘strncpy’ specified bound 108 equals destination size", both unrelated to this PR.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.