Skip to content

test: close wolfSSH test_gap coverage holes#1100

Open
MarkAtwood wants to merge 1 commit into
wolfSSL:masterfrom
MarkAtwood:fix/wolfssh-test_gap
Open

test: close wolfSSH test_gap coverage holes#1100
MarkAtwood wants to merge 1 commit into
wolfSSL:masterfrom
MarkAtwood:fix/wolfssh-test_gap

Conversation

@MarkAtwood

Copy link
Copy Markdown

Adds mutation-killing test coverage for three secret-zeroization sites reported by Fenrir static analysis. Test-only additions (plus a WOLFSSHD_UNIT_TEST-guarded export); no production logic changes. Build-verified against wolfSSL --enable-all, and each new assertion was confirmed to fail when its guard is deleted (mutant killed).

  • #3673 tests/unit.ctest_HandshakeInfoFree_zeroesSecrets pins the ForceZero(hs, sizeof(HandshakeInfo)) in HandshakeInfoFree (src/internal.c). Uses the existing wolfSSH_TestFreeHandshake hook and retain-on-free allocator to inspect the freed block; deleting the ForceZero makes it FAIL.
  • #5579 apps/wolfsshd/auth.c, auth.h, test/test_configuration.c — export CheckPasswordUnix under WOLFSSHD_UNIT_TEST and add test_CheckPasswordUnix, which captures the pwStr buffer at free time and asserts it is wiped; deleting the cleanup ForceZero(pwStr, pwSz+1) makes it FAIL.
  • #6702 apps/wolfsshd/test/test_configuration.c — extend test_CheckPasswordHashUnix with empty-input/empty-hash, empty-input/real-hash, non-empty/empty-hash, and locked-account (*) cases; these kill the &&->|| and empty-branch mutants. No auth.c logic change.

Reported by Fenrir static analysis.

Add mutation-killing unit coverage flagged by Fenrir static analysis.
No production logic changes.

#3673 tests/unit.c: test_HandshakeInfoFree_zeroesSecrets pins the
  ForceZero over HandshakeInfo in HandshakeInfoFree (src/internal.c).
#5579 apps/wolfsshd: export CheckPasswordUnix under WOLFSSHD_UNIT_TEST
  and add test_CheckPasswordUnix pinning the pwStr wipe in auth.c.
#6702 test_configuration.c: extend test_CheckPasswordHashUnix with
  empty/locked-password cases pinning the empty-branch and '*' guards.

Build-verified against wolfSSL --enable-all; each added assertion was
confirmed to fail when its guard is removed (mutant killed).
Copilot AI review requested due to automatic review settings July 10, 2026 00:35

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds targeted unit-test coverage to “kill” mutation-testing gaps around secret zeroization in wolfSSH and wolfsshd authentication code paths, including a WOLFSSHD_UNIT_TEST-guarded export to allow direct testing of an otherwise-internal password check routine.

Changes:

  • Add a capturing-allocator unit test to verify HandshakeInfoFree() wipes HandshakeInfo before free (tests/unit.c).
  • Extend wolfsshd auth tests to cover additional CheckPasswordHashUnix() edge cases and add a capturing-allocator test to verify CheckPasswordUnix() wipes pwStr before free (apps/wolfsshd/test/test_configuration.c).
  • Export CheckPasswordUnix() only for unit tests (apps/wolfsshd/auth.c, apps/wolfsshd/auth.h).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
tests/unit.c Adds a new retain-on-free test to assert HandshakeInfoFree() zeroizes sensitive handshake fields before release and wires it into the unit test runner.
apps/wolfsshd/test/test_configuration.c Adds extra CheckPasswordHashUnix() scenarios and a new capturing-allocator test validating CheckPasswordUnix() wipes the plaintext password buffer prior to free.
apps/wolfsshd/auth.h Declares CheckPasswordUnix() for unit-test builds so test code can link against it.
apps/wolfsshd/auth.c Makes CheckPasswordUnix() non-static under WOLFSSHD_UNIT_TEST to support the new unit test.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +1414 to +1422
Log(" Testing scenario: CheckPasswordUnix wipes pwStr before free.");
if (wolfSSL_SetAllocators(pwCapMalloc, pwCapFree, pwCapRealloc) != 0) {
Log(" FAILED (set allocators).\n");
return WS_FATAL_ERROR;
}
(void)CheckPasswordUnix("wolfsshd-no-such-user-xyz",
(const byte*)"secret", 6, NULL);
wolfSSL_SetAllocators(NULL, NULL, NULL);

Comment thread tests/unit.c
Comment on lines +5409 to +5415
out:
if (retainInstalled)
wolfSSL_SetAllocators(prevMf, prevFf, prevRf);
DrainRetained();
if (ctx != NULL)
wolfSSH_CTX_free(ctx);
return result;
@MarkAtwood MarkAtwood requested a review from ejohnstown July 10, 2026 00:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants