Added Unit tests to increase MC/DC coverage#10200
Added Unit tests to increase MC/DC coverage#10200danielinux wants to merge 27 commits intowolfSSL:masterfrom
Conversation
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10200
Scan targets checked: wolfcrypt-port, wolfcrypt-port-bugs
No new issues found in the changed files. ✅
There was a problem hiding this comment.
Pull request overview
This PR expands MC/DC-oriented unit test coverage across wolfCrypt and TLS/DTLS APIs, and makes a small set of previously-internal entry points visible to the test harness to enable deeper branch coverage.
Changes:
- Expose select internal functions via
WOLFSSL_TEST_VISso they can be invoked from external unit tests. - Add a large set of new API/unit tests targeting guardrails and decision branches across crypto, ASN.1, PKCS#7/#12, TLS/DTLS, OCSP/CRL, and OpenSSL-compat layers.
- Improve liboqs integration (configure-time detection via
pkg-configand more complete runtime cleanup).
Reviewed changes
Copilot reviewed 55 out of 57 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| wolfssl/wolfcrypt/wc_encrypt.h | Expose wc_CryptKey for test visibility. |
| wolfssl/wolfcrypt/pkcs12.h | Expose wc_PKCS12_verify_ex for test visibility. |
| wolfssl/wolfcrypt/cryptocb.h | Expose additional CryptoCb helpers for test visibility. |
| wolfssl/wolfcrypt/asn.h | Expose ASN.1 helpers for test visibility. |
| wolfssl/internal.h | Expose TLSX_SupportExtensions for targeted tests. |
| wolfcrypt/src/port/liboqs/liboqs.c | Enhance liboqs close/teardown sequence. |
| tests/api/test_wolfmath.h | Register new wolfmath MC/DC tests. |
| tests/api/test_wolfmath.c | Add wolfmath MC/DC coverage tests. |
| tests/api/test_wc_encrypt.h | Register new wc_encrypt MC/DC tests. |
| tests/api/test_wc_encrypt.c | Add encrypted-keys / wc_CryptKey MC/DC tests. |
| tests/api/test_tls13.h | Register new TLS 1.3 MC/DC test batches. |
| tests/api/test_tls.h | Register new TLS/TLSX MC/DC test batches. |
| tests/api/test_signature.h | Register new signature wrapper MC/DC tests (+ Falcon). |
| tests/api/test_signature.c | Add signature wrapper MC/DC tests (+ Falcon sign/verify). |
| tests/api/test_sha256.h | Register SHA-256 residual-coverage test. |
| tests/api/test_sha256.c | Add SHA-256 residual-coverage test for update path. |
| tests/api/test_sha.h | Register SHA-1 residual-coverage test. |
| tests/api/test_sha.c | Add SHA-1 residual-coverage test for update path. |
| tests/api/test_rsa.h | Register additional RSA MC/DC tests. |
| tests/api/test_random.h | Register RNG guardrails/CryptoCb tests. |
| tests/api/test_random.c | Add RNG guardrails and CryptoCb behavior tests. |
| tests/api/test_poly1305.h | Register Poly1305 MC/DC tests. |
| tests/api/test_poly1305.c | Add Poly1305 guardrails/decision/feature coverage tests. |
| tests/api/test_pkcs7.h | Register PKCS#7 InitWithCert guardrails test. |
| tests/api/test_pkcs7.c | Add PKCS#7 InitWithCert guardrails test. |
| tests/api/test_pkcs12.h | Register PKCS#12 guardrails + MC/DC suites. |
| tests/api/test_pkcs12.c | Add PKCS#12 guardrails + MC/DC suites (create/parse/verify/file paths). |
| tests/api/test_ossl_x509.c | Extend OpenSSL-compat X509 tests for edge cases. |
| tests/api/test_ossl_x509_vp.c | Extend X509_VERIFY_PARAM tests (host length/flags/inherit). |
| tests/api/test_ossl_x509_ext.h | Register new NAME_CONSTRAINTS manual-paths test. |
| tests/api/test_ossl_x509_ext.c | Broaden OpenSSL-compat extension test coverage and build guards. |
| tests/api/test_ocsp.c | Add OCSP/CRL wrapper guardrails + wolfio HTTP helper coverage. |
| tests/api/test_md5.h | Register MD5 residual-coverage test. |
| tests/api/test_md5.c | Add MD5 residual-coverage test for update path. |
| tests/api/test_evp_pkey.h | Register new EVP_PKEY MC/DC/batch tests. |
| tests/api/test_evp_cipher.h | Register new EVP_CIPHER MC/DC/batch tests. |
| tests/api/test_ecc.h | Register additional ECC MC/DC tests. |
| tests/api/test_dtls.c | Extend DTLS wolfio/memio tests for more IO translation branches. |
| tests/api/test_dh.h | Register DH MC/DC tests. |
| tests/api/test_dh.c | Add DH MC/DC tests (named groups, agree, pubkey validation, etc.). |
| tests/api/test_chacha20_poly1305.h | Register ChaCha20-Poly1305 MC/DC tests. |
| tests/api/test_chacha.h | Register ChaCha MC/DC tests. |
| tests/api/test_chacha.c | Add ChaCha MC/DC tests for bad-args/decision/coverage paths. |
| tests/api/test_certman.c | Extend CertManager tests for verify/CRL buffer edge cases. |
| tests/api/test_asn.h | Register additional ASN MC/DC tests. |
| tests/api/test_aes.h | Register additional AES MC/DC tests. |
| configure.ac | Improve liboqs discovery/linking (pkg-config + flag handling). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 55 out of 57 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 55 out of 57 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 56 out of 58 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
wolfcrypt/src/port/liboqs/liboqs.c:82
- If wc_LockMutex(&liboqsRNGMutex) fails after wc_InitMutex succeeds, wolfSSL_liboqsInit() returns without freeing the initialized mutex and leaves liboqs_mutex_init set. This can leak resources and make subsequent init attempts inconsistent. Consider setting liboqs_mutex_init only after a successful lock, or on lock failure call wc_FreeMutex(&liboqsRNGMutex) and clear liboqs_mutex_init before returning.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 56 out of 58 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 56 out of 58 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10200
Scan targets checked: wolfcrypt-port, wolfcrypt-port-bugs
No new issues found in the changed files. ✅
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 56 out of 58 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 57 out of 59 changed files in this pull request and generated 3 comments.
Comments suppressed due to low confidence (6)
wolfcrypt/src/port/liboqs/liboqs.c:1
- The
liboqs_init/liboqs_mutex_initflags are read/written without synchronization. Two threads can race such that one thread freesliboqsRNGMutex(lines 86-89 / 101-104) while another thread is about to lock or is locking it, which is undefined behavior. Consider using a dedicated one-time init primitive (e.g., wolfSSL/wolfCrypt once/atomic mechanism) or a separate static init lock that is never freed, and avoid freeing a mutex that could be observed by other threads.
wolfssl/wolfcrypt/wc_encrypt.h:1 - Changing
wc_CryptKeyfromWOLFSSL_LOCALtoWOLFSSL_TEST_VISin a public header expands the exposed symbol surface (and potentially the ABI) beyond test builds. If the intent is test-only access, consider gating this declaration/visibility behind a dedicated test-only compile macro (or keep itWOLFSSL_LOCALand provide a test hook wrapper) so production builds do not accidentally export or depend on this internal API.
tests/api/test_signature.c:1 - The DER length written into the OCTET STRING header is
FALCON_LEVEL1_PRV_KEY_SIZE(lines 199-200), butprivDerLenis incremented bysizeof(priv) + sizeof(pub)(lines 201-204). IfFALCON_LEVEL1_PRV_KEY_SIZEdoes not exactly equalsizeof(priv) + sizeof(pub), this risks (1) producing malformed DER with an incorrect length field or (2) overflowingprivDer[](sizedFALCON_LEVEL1_PRV_KEY_SIZE + 4). Consider deriving the encoded length from the exact bytes appended (and sizing the buffer from those exact sizes) rather than assuming the constants match.
tests/api/test_signature.c:1 - The DER length written into the OCTET STRING header is
FALCON_LEVEL1_PRV_KEY_SIZE(lines 199-200), butprivDerLenis incremented bysizeof(priv) + sizeof(pub)(lines 201-204). IfFALCON_LEVEL1_PRV_KEY_SIZEdoes not exactly equalsizeof(priv) + sizeof(pub), this risks (1) producing malformed DER with an incorrect length field or (2) overflowingprivDer[](sizedFALCON_LEVEL1_PRV_KEY_SIZE + 4). Consider deriving the encoded length from the exact bytes appended (and sizing the buffer from those exact sizes) rather than assuming the constants match.
tests/api/test_sha.c:1 - The local
int i;is never used other than being cast to void. Consider removing the variable entirely (or using it for a real loop/assertion) to keep the test code simpler and avoid carrying placeholder variables.
tests/api/test_sha.c:1 - The local
int i;is never used other than being cast to void. Consider removing the variable entirely (or using it for a real loop/assertion) to keep the test code simpler and avoid carrying placeholder variables.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if command -v pkg-config >/dev/null 2>&1 && \ | ||
| PKG_CONFIG_PATH="$PKG_CONFIG_PATH" pkg-config --exists liboqs; then | ||
| liboqs_pkgconfig_flags=`PKG_CONFIG_PATH="$PKG_CONFIG_PATH" pkg-config --cflags liboqs` | ||
| liboqs_pkgconfig_libs=`PKG_CONFIG_PATH="$PKG_CONFIG_PATH" pkg-config --static --libs liboqs` | ||
| liboqs_link_libs="$liboqs_pkgconfig_libs" | ||
| liboqs_user_cppflags="$liboqs_pkgconfig_flags" | ||
| CPPFLAGS="$CPPFLAGS $liboqs_pkgconfig_flags -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -pthread" | ||
| LIBS="$LIBS $liboqs_pkgconfig_libs" | ||
| else | ||
| LIBS="$LIBS -loqs" | ||
| fi | ||
|
|
||
| AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ]) |
There was a problem hiding this comment.
The link test adds -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -pthread to CPPFLAGS (line 1697), but the values are later restored (lines 1736-1739) and only liboqs_user_cppflags is preserved (which, in the pkg-config path, appears to be just cflags). If the build relies on these defines/flags (as the previous logic did), liboqs-enabled builds may compile without HAVE_LIBOQS/related defines. Consider persisting required compile defines/flags into AM_CPPFLAGS (or an AC_DEFINE for HAVE_LIBOQS) and ensuring -pthread is consistently applied for the final build, not only for the configure-time probe.
| LIB_ADD="$LIB_ADD $liboqs_link_libs" | ||
|
|
||
| PKG_CONFIG_PATH="$liboqs_saved_PKG_CONFIG_PATH" | ||
| CPPFLAGS="$liboqs_saved_CPPFLAGS $liboqs_user_cppflags" | ||
| LDFLAGS="$liboqs_saved_LDFLAGS $liboqs_user_ldflags" | ||
| LIBS="$liboqs_saved_LIBS" |
There was a problem hiding this comment.
The link test adds -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -pthread to CPPFLAGS (line 1697), but the values are later restored (lines 1736-1739) and only liboqs_user_cppflags is preserved (which, in the pkg-config path, appears to be just cflags). If the build relies on these defines/flags (as the previous logic did), liboqs-enabled builds may compile without HAVE_LIBOQS/related defines. Consider persisting required compile defines/flags into AM_CPPFLAGS (or an AC_DEFINE for HAVE_LIBOQS) and ensuring -pthread is consistently applied for the final build, not only for the configure-time probe.
| reqLen = (int)len; | ||
| if (test_memio_wolfio_ctx.recv_max_chunk > 0 && | ||
| reqLen > test_memio_wolfio_ctx.recv_max_chunk) { | ||
| reqLen = test_memio_wolfio_ctx.recv_max_chunk; | ||
| } | ||
| ret = test_memio_read_cb(test_memio_wolfio_ctx.ssl_s, | ||
| (char*)buf, (int)len, test_memio_wolfio_ctx.test_ctx); | ||
| (char*)buf, reqLen, test_memio_wolfio_ctx.test_ctx); |
There was a problem hiding this comment.
Casting size_t len to int can truncate for large reads. Even though this is test code, it’s easy to make this robust by clamping len to INT_MAX (or the callback’s accepted max) before casting, and then applying the recv_max_chunk limit. That avoids undefined behavior if the caller ever requests a large len on platforms where size_t is wider than int.
No description provided.