test: add BuildNameList and AEAD tamper tests#1102
Open
MarkAtwood wants to merge 1 commit into
Open
Conversation
Fenrir static analysis (test_gap): - #3452 src/internal.c BuildNameList: add WOLFSSH_TEST_INTERNAL wrapper wolfSSH_TestBuildNameList and tests/api.c test_wolfSSH_BuildNameList; oracle is a comma-joined IdToName() name-list per RFC 4253 s7.1, covering size mode, write mode, no trailing comma, and undersized- buffer rejection. - #6703 tests/unit.c: add test_DoReceive_AeadTamperFailure for AES-256-GCM; a separate Aes context produces the valid ciphertext/tag (independent oracle), one byte is flipped, and DoReceive must return WS_FATAL_ERROR with ssh->error == AES_GCM_AUTH_E.
Contributor
There was a problem hiding this comment.
Pull request overview
Adds targeted unit tests to close static-analysis-identified coverage gaps around name-list construction and AEAD authentication-failure handling, using the existing WOLFSSH_TEST_INTERNAL wrapper pattern.
Changes:
- Added
wolfSSH_TestBuildNameList()internal-test wrapper forBuildNameList()(header + implementation). - Added API test
test_wolfSSH_BuildNameList()validating size-mode and write-mode output (content, delimiter handling, and undersized-buffer rejection). - Added unit test
test_DoReceive_AeadTamperFailure()ensuring tampered AES-256-GCM packets fail authentication and surfaceAES_GCM_AUTH_EviaDoReceive.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| wolfssh/internal.h | Declares new WOLFSSH_TEST_INTERNAL wrapper wolfSSH_TestBuildNameList(). |
| src/internal.c | Implements wolfSSH_TestBuildNameList() by delegating to BuildNameList(). |
| tests/api.c | Adds a direct test for BuildNameList behavior using a deterministic ID set and expected comma-joined output. |
| tests/unit.c | Adds an AES-256-GCM tamper/auth-failure test for DoReceive (expects WS_FATAL_ERROR + AES_GCM_AUTH_E). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds two unit tests closing gaps found by Fenrir static analysis (test_gap theme). Additive/test-only; follows the existing
WOLFSSH_TEST_INTERNALwrapper idiom. Build-verified on Ubuntu 24.04 against wolfSSL--enable-all --enable-ssh; bothtests/api.testandtests/unit.testpass.#3452
src/internal.cBuildNameListhad no direct coverage. Adds aWOLFSSH_TEST_INTERNALwrapperwolfSSH_TestBuildNameList(internal.h + internal.c) andtests/api.ctest_wolfSSH_BuildNameList. Oracle is a comma-joinedIdToName()name-list built independently per RFC 4253 s7.1, checking size mode, write mode, exact content, no trailing comma, and undersized-buffer rejection (negative error, no overflow).#6703
tests/unit.chad no AEAD authentication-failure test. Addstest_DoReceive_AeadTamperFailurefor AES-256-GCM: a separateAescontext produces the valid ciphertext/tag (independent oracle, neverssh->decryptCipher), one ciphertext byte is flipped, andDoReceivemust returnWS_FATAL_ERRORwithssh->error == AES_GCM_AUTH_E.Reported by Fenrir static analysis.